From owner-freebsd-questions@FreeBSD.ORG Thu Sep 27 04:18:59 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6BE8F106564A for ; Thu, 27 Sep 2012 04:18:59 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id D46518FC08 for ; Thu, 27 Sep 2012 04:18:57 +0000 (UTC) Received: from r56.edvax.de (port-92-195-214-70.dynamic.qsc.de [92.195.214.70]) by mx01.qsc.de (Postfix) with ESMTP id B88E43CFDB; Thu, 27 Sep 2012 06:18:55 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id q8R4ItM8003891; Thu, 27 Sep 2012 06:18:55 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Thu, 27 Sep 2012 06:18:55 +0200 From: Polytropon To: freebsd@dreamchaser.org Message-Id: <20120927061855.dce89280.freebsd@edvax.de> In-Reply-To: <5063D0FE.1080102@dreamchaser.org> References: <5063A68A.8090107@dreamchaser.org> <20120927031849.f3496a43.freebsd@edvax.de> <5063D0FE.1080102@dreamchaser.org> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD Mailing List Subject: Re: bad root shell in /etc/passwd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Sep 2012 04:18:59 -0000 On Wed, 26 Sep 2012 22:07:26 -0600, Gary Aitken wrote: > Thanks, all. > > On 09/26/12 19:18, Polytropon wrote: > > That's why you should be using the "toor" account and leave "root" > > unchanged. > > I realized that about the time I learned I had given root to a bad shell path; > at which time I also realized I hadn't given toor a pw. The toor account will be locked until put into use, so no security risk. > > Maybe without rebooting you can do this: Enter "su -m" (if your > > non-root user is allowed to su root, then enter "chsh" and set > > the root shell back to the default. > > su -m won't work because of the bad shell > "As a security precaution, if the target user's shell is a non-standard > shell (as defined by getusershell(3)) and the caller's real uid is non- > zero, su will fail." Ah okay, I didn't check that security feature in particular. As "su -m" usually "continues" the current user shell, as described for the -m option: Leave the environment unmodified. The invoked shell is your login shell, and no directory changes are made. Immediately followed by the restriction you quoted. :-) > > When you can successfully boot into SUM, you will be prompted for > > the shell to start. /bin/sh is the default shell (even though it > > is a quite ugly dialog shell -- still it's considered a "maintenance > > and emergency use only shell" at this point. It will be powerful > > enough to call the "chsh" command to get root back into normal > > condition. > > chsh and vipw won't work from SUM until you mount /usr, > which fortunately was all intact. That's correct, those are located in /usr/bin (which _may_ be on a separate partition that requires mounting before use). Depending on how $EDITOR is set (_if_ it should be set somehow), the availability of this editor (default: /usr/bin/vi) will decide about the functionality of the vipw or chsh commands. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...