From owner-freebsd-questions@FreeBSD.ORG Mon May 28 02:22:16 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A896016A421 for ; Mon, 28 May 2007 02:22:16 +0000 (UTC) (envelope-from schiz0phrenic21@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.224]) by mx1.freebsd.org (Postfix) with ESMTP id 6664C13C455 for ; Mon, 28 May 2007 02:22:16 +0000 (UTC) (envelope-from schiz0phrenic21@gmail.com) Received: by nz-out-0506.google.com with SMTP id 14so234498nzn for ; Sun, 27 May 2007 19:22:15 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=srS9qZ4nrt1O8aTVunrQjMuZGeLq9q5bq8nKaj3Bv6aftsY5eO3v/vMYbALxGi/Ztpo+FCQUVLHmWakBjqQaQlpwUIsBpVQyAyT95+o+vyVoS0tu9Sti/rVaGLbx+2nj/6cYbnPFLbHRKZbefEdUJ9wBZTp4EIs0LcmOVKuzZeo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=no56eqFiYjUJwjeVH0kqitkEBCAV+mdmOPrhx1Yt3CRdHWdOd6ow9brQoWNMTvKO9jWZDBj1yJcMBvIXmepC7QX/5TE9kx1S4EnUZ0kIz52//KcvVBjP/g0xkfZ+VsDgrxAHk2zYKyasMnNQpIfsZr8vnnSNrC98+9R/QWKPI0g= Received: by 10.114.103.1 with SMTP id a1mr2683316wac.1180318935591; Sun, 27 May 2007 19:22:15 -0700 (PDT) Received: by 10.114.37.10 with HTTP; Sun, 27 May 2007 19:22:15 -0700 (PDT) Message-ID: <8d23ec860705271922i1ec2760cvb15d015c97fbdabd@mail.gmail.com> Date: Sun, 27 May 2007 22:22:15 -0400 From: Schiz0 To: "Conrad J. Sabatier" In-Reply-To: <200705280115.l4S1FirT088605@serene.no-ip.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <8d23ec860705271617v60fab47fo264e8aa43120338a@mail.gmail.com> <200705280115.l4S1FirT088605@serene.no-ip.org> Cc: freebsd-questions@freebsd.org Subject: Re: Locked Myself Out - Cannot "su" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2007 02:22:16 -0000 On 5/27/07, Conrad J. Sabatier wrote: > On Sun, 27 May 2007 19:17:20 -0400 > Schiz0 wrote: > > > This is one of those things where after you realize what you've done, > > you just want to smack yourself. > > > > I've been working on hardening my FreeBSD 6.2-Stable box. I disabled > > root login from everywhere, including the console (The box isn't > > physically secure, so I didn't want anyone screwing around). Now, me > > being stupid, didn't reboot after making all these changes to harden > > it. So I finally rebooted (With the secure level set to 2) and I found > > that I can't run "su." I get the following error: > > > > $ su - > > su: not running setuid > > > > I can't shutdown since I can't become root, so I pulled the plug and > > rebooted into single-user mode. I edited /etc/rc.conf and set > > kern_securelevel_enable="NO" > > > > I rebooted again, but for some reason I still get the same error for > > "su." > > > > So basically, I locked myself out of my box completely. I fail :-( > > > > su has the following permissions: > > -r-sr-xr-x 1 root wheel schg 12240 May 13 13:15 su > > > > And sudo isn't installed, unfortunately. Any ideas of how to get root > > back? > > > > Thanks! > > First, you need to make sure that ttyv0 is *not* set to "insecure" > in /etc/ttys, so no login/password will be needed in single-user mode: > > ttyv0 "/usr/libexec/getty Pc" cons25l1 on secure > > This *should* allow you to use single-user mode once again as root. > > Then, make sure that any user you want to have su capability is listed > in /etc/group under the "wheel" entry: > > wheel:*:0:root,foouser > > After that, any other problems you may encounter will have to be dealt > with as they arise. Post a followup if you still have trouble. > > HTH > > -- > Conrad J. Sabatier > > Well I do know the root password, so I can get into single user mode even though the console is marked insecure. So that's not a problem. I just checked /etc/group and my username is NOT in the wheel group. I'm not in front the system right now to reboot it into single user mode and change /etc/group, but hopefully when I do, it will solve the problem. It's weird though, because I've been using this box fine for the past two months. I was able to su to root during that time. It's very strange that my username's group was changed automatically out of the wheel group. Thank you for your help!