Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 27 Sep 2012 06:18:55 +0200
From:      Polytropon <freebsd@edvax.de>
To:        freebsd@dreamchaser.org
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: bad root shell in /etc/passwd
Message-ID:  <20120927061855.dce89280.freebsd@edvax.de>
In-Reply-To: <5063D0FE.1080102@dreamchaser.org>
References:  <5063A68A.8090107@dreamchaser.org> <20120927031849.f3496a43.freebsd@edvax.de> <5063D0FE.1080102@dreamchaser.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Sep 2012 22:07:26 -0600, Gary Aitken wrote:
> Thanks, all.
> 
> On 09/26/12 19:18, Polytropon wrote:
> > That's why you should be using the "toor" account and leave "root"
> > unchanged.
> 
> I realized that about the time I learned I had given root to a bad shell path;
> at which time I also realized I hadn't given toor a pw.

The toor account will be locked until put into use, so no
security risk.



> > Maybe without rebooting you can do this: Enter "su -m" (if your
> > non-root user is allowed to su root, then enter "chsh" and set
> > the root shell back to the default.
> 
> su -m won't work because of the bad shell
>    "As a security precaution, if the target user's shell is a non-standard
>     shell (as defined by getusershell(3)) and the caller's real uid is non-
>     zero, su will fail."

Ah okay, I didn't check that security feature in particular.
As "su -m" usually "continues" the current user shell, as
described for the -m option:

	Leave the environment unmodified.  The invoked shell is your
	login shell, and no directory changes are made.

Immediately followed by the restriction you quoted. :-)



> > When you can successfully boot into SUM, you will be prompted for
> > the shell to start. /bin/sh is the default shell (even though it
> > is a quite ugly dialog shell -- still it's considered a "maintenance
> > and emergency use only shell" at this point. It will be powerful
> > enough to call the "chsh" command to get root back into normal
> > condition.
> 
> chsh and vipw won't work from SUM until you mount /usr,
> which fortunately was all intact.

That's correct, those are located in /usr/bin (which _may_ be
on a separate partition that requires mounting before use).
Depending on how $EDITOR is set (_if_ it should be set somehow),
the availability of this editor (default: /usr/bin/vi) will
decide about the functionality of the vipw or chsh commands.






-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120927061855.dce89280.freebsd>