Date: Sun, 27 May 2007 22:22:15 -0400 From: Schiz0 <schiz0phrenic21@gmail.com> To: "Conrad J. Sabatier" <conrads@cox.net> Cc: freebsd-questions@freebsd.org Subject: Re: Locked Myself Out - Cannot "su" Message-ID: <8d23ec860705271922i1ec2760cvb15d015c97fbdabd@mail.gmail.com> In-Reply-To: <200705280115.l4S1FirT088605@serene.no-ip.org> References: <8d23ec860705271617v60fab47fo264e8aa43120338a@mail.gmail.com> <200705280115.l4S1FirT088605@serene.no-ip.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/27/07, Conrad J. Sabatier <conrads@cox.net> wrote: > On Sun, 27 May 2007 19:17:20 -0400 > Schiz0 <schiz0phrenic21@gmail.com> wrote: > > > This is one of those things where after you realize what you've done, > > you just want to smack yourself. > > > > I've been working on hardening my FreeBSD 6.2-Stable box. I disabled > > root login from everywhere, including the console (The box isn't > > physically secure, so I didn't want anyone screwing around). Now, me > > being stupid, didn't reboot after making all these changes to harden > > it. So I finally rebooted (With the secure level set to 2) and I found > > that I can't run "su." I get the following error: > > > > $ su - > > su: not running setuid > > > > I can't shutdown since I can't become root, so I pulled the plug and > > rebooted into single-user mode. I edited /etc/rc.conf and set > > kern_securelevel_enable="NO" > > > > I rebooted again, but for some reason I still get the same error for > > "su." > > > > So basically, I locked myself out of my box completely. I fail :-( > > > > su has the following permissions: > > -r-sr-xr-x 1 root wheel schg 12240 May 13 13:15 su > > > > And sudo isn't installed, unfortunately. Any ideas of how to get root > > back? > > > > Thanks! > > First, you need to make sure that ttyv0 is *not* set to "insecure" > in /etc/ttys, so no login/password will be needed in single-user mode: > > ttyv0 "/usr/libexec/getty Pc" cons25l1 on secure > > This *should* allow you to use single-user mode once again as root. > > Then, make sure that any user you want to have su capability is listed > in /etc/group under the "wheel" entry: > > wheel:*:0:root,foouser > > After that, any other problems you may encounter will have to be dealt > with as they arise. Post a followup if you still have trouble. > > HTH > > -- > Conrad J. Sabatier <conrads@cox.net> > > Well I do know the root password, so I can get into single user mode even though the console is marked insecure. So that's not a problem. I just checked /etc/group and my username is NOT in the wheel group. I'm not in front the system right now to reboot it into single user mode and change /etc/group, but hopefully when I do, it will solve the problem. It's weird though, because I've been using this box fine for the past two months. I was able to su to root during that time. It's very strange that my username's group was changed automatically out of the wheel group. Thank you for your help!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8d23ec860705271922i1ec2760cvb15d015c97fbdabd>