Date: Thu, 27 Sep 2012 06:18:55 +0200 From: Polytropon <freebsd@edvax.de> To: freebsd@dreamchaser.org Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: bad root shell in /etc/passwd Message-ID: <20120927061855.dce89280.freebsd@edvax.de> In-Reply-To: <5063D0FE.1080102@dreamchaser.org> References: <5063A68A.8090107@dreamchaser.org> <20120927031849.f3496a43.freebsd@edvax.de> <5063D0FE.1080102@dreamchaser.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Sep 2012 22:07:26 -0600, Gary Aitken wrote: > Thanks, all. > > On 09/26/12 19:18, Polytropon wrote: > > That's why you should be using the "toor" account and leave "root" > > unchanged. > > I realized that about the time I learned I had given root to a bad shell path; > at which time I also realized I hadn't given toor a pw. The toor account will be locked until put into use, so no security risk. > > Maybe without rebooting you can do this: Enter "su -m" (if your > > non-root user is allowed to su root, then enter "chsh" and set > > the root shell back to the default. > > su -m won't work because of the bad shell > "As a security precaution, if the target user's shell is a non-standard > shell (as defined by getusershell(3)) and the caller's real uid is non- > zero, su will fail." Ah okay, I didn't check that security feature in particular. As "su -m" usually "continues" the current user shell, as described for the -m option: Leave the environment unmodified. The invoked shell is your login shell, and no directory changes are made. Immediately followed by the restriction you quoted. :-) > > When you can successfully boot into SUM, you will be prompted for > > the shell to start. /bin/sh is the default shell (even though it > > is a quite ugly dialog shell -- still it's considered a "maintenance > > and emergency use only shell" at this point. It will be powerful > > enough to call the "chsh" command to get root back into normal > > condition. > > chsh and vipw won't work from SUM until you mount /usr, > which fortunately was all intact. That's correct, those are located in /usr/bin (which _may_ be on a separate partition that requires mounting before use). Depending on how $EDITOR is set (_if_ it should be set somehow), the availability of this editor (default: /usr/bin/vi) will decide about the functionality of the vipw or chsh commands. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120927061855.dce89280.freebsd>