Date: Sun, 27 May 2007 20:15:44 -0500 From: "Conrad J. Sabatier" <conrads@cox.net> To: Schiz0 <schiz0phrenic21@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Locked Myself Out - Cannot "su" Message-ID: <200705280115.l4S1FirT088605@serene.no-ip.org> In-Reply-To: <8d23ec860705271617v60fab47fo264e8aa43120338a@mail.gmail.com> References: <8d23ec860705271617v60fab47fo264e8aa43120338a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 27 May 2007 19:17:20 -0400 Schiz0 <schiz0phrenic21@gmail.com> wrote: > This is one of those things where after you realize what you've done, > you just want to smack yourself. > > I've been working on hardening my FreeBSD 6.2-Stable box. I disabled > root login from everywhere, including the console (The box isn't > physically secure, so I didn't want anyone screwing around). Now, me > being stupid, didn't reboot after making all these changes to harden > it. So I finally rebooted (With the secure level set to 2) and I found > that I can't run "su." I get the following error: > > $ su - > su: not running setuid > > I can't shutdown since I can't become root, so I pulled the plug and > rebooted into single-user mode. I edited /etc/rc.conf and set > kern_securelevel_enable="NO" > > I rebooted again, but for some reason I still get the same error for > "su." > > So basically, I locked myself out of my box completely. I fail :-( > > su has the following permissions: > -r-sr-xr-x 1 root wheel schg 12240 May 13 13:15 su > > And sudo isn't installed, unfortunately. Any ideas of how to get root > back? > > Thanks! First, you need to make sure that ttyv0 is *not* set to "insecure" in /etc/ttys, so no login/password will be needed in single-user mode: ttyv0 "/usr/libexec/getty Pc" cons25l1 on secure This *should* allow you to use single-user mode once again as root. Then, make sure that any user you want to have su capability is listed in /etc/group under the "wheel" entry: wheel:*:0:root,foouser After that, any other problems you may encounter will have to be dealt with as they arise. Post a followup if you still have trouble. HTH -- Conrad J. Sabatier <conrads@cox.net>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705280115.l4S1FirT088605>