Re: Locked out of Root
APseudoUtopia [EMAIL PROTECTED] writes: I have one user (other than root and the other system users) on my box, and that user is _NOT_ in the wheel group. I also have root logins disabled via SSH. This is a remote server and all I have is SSH access. Is there any way that I can gain root? I know the root password and everything, but I just can't get to it. The user is not in the wheel group, and root login is disabled in SSH. Thanks for any help/advice. You'll need to reboot in single-user mode. E.g., http://be-well.ilk.org/FreeBSD/doc/en_US.ISO8859-1/books/faq/admin.html#SU-WHEEL-GROUP -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
group, and root login is disabled in SSH. Thanks for any help/advice. You'll need to reboot in single-user mode. E.g., http://be-well.ilk.org/FreeBSD/doc/en_US.ISO8859-1/books/faq/admin.html#SU-WHEEL-GROUP -- and next time - do enable root login through ssh/rlogin/telnetd there is no security gain by disabling it, as you have to know password too. if course it's not bright to login as root over telnet through public network, but too - it's not security hole in system, just in administrator's brain if he/she do it this way. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
Hi, Another option would be if that umprivileged user is in sudoers with permission to run the root shell (sudo -s). It doesn't need to be in wheel to do that. On Wed, 22 Oct 2008, mdh wrote: |He said his unprivileged user isn't in the wheel group. | |To answer the initial question, you'll need to login to the system on the local console. You cannot get root access via the network unless you're running another remote access service besides ssh which will allow you to login as root directly. | |- mdh | |--- On Wed, 10/22/08, Benjamin Lee [EMAIL PROTECTED] wrote: | From: Benjamin Lee [EMAIL PROTECTED] | Subject: Re: Locked out of Root | To: APseudoUtopia [EMAIL PROTECTED] | Cc: freebsd-questions@freebsd.org | Date: Wednesday, October 22, 2008, 11:25 PM | | Login as the unprivileged user and run: | | $ su | | See su(1). | | | | |___ |freebsd-questions@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-questions |To unsubscribe, send any mail to [EMAIL PROTECTED] | - Marcelo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
Hi, Another option would be if that umprivileged user is in sudoers with permission to run the root shell (sudo -s). It doesn't need to be in wheel to do that. On Wed, 22 Oct 2008, mdh wrote: |He said his unprivileged user isn't in the wheel group. | |To answer the initial question, you'll need to login to the system on the local console. You cannot get root access via the network unless you're running another remote access service besides ssh which will allow you to login as root directly. | |- mdh | |--- On Wed, 10/22/08, Benjamin Lee [EMAIL PROTECTED] wrote: | From: Benjamin Lee [EMAIL PROTECTED] | Subject: Re: Locked out of Root | To: APseudoUtopia [EMAIL PROTECTED] | Cc: freebsd-questions@freebsd.org | Date: Wednesday, October 22, 2008, 11:25 PM | | Login as the unprivileged user and run: | | $ su | | See su(1). | | | | |___ |freebsd-questions@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-questions |To unsubscribe, send any mail to [EMAIL PROTECTED] | - Marcelo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
--- On Thu, 10/23/08, Lowell Gilbert [EMAIL PROTECTED] wrote: From: Lowell Gilbert [EMAIL PROTECTED] Subject: Re: Locked out of Root To: APseudoUtopia [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Date: Thursday, October 23, 2008, 7:44 AM APseudoUtopia [EMAIL PROTECTED] writes: I have one user (other than root and the other system users) on my box, and that user is _NOT_ in the wheel group. I also have root logins disabled via SSH. This is a remote server and all I have is SSH access. Is there any way that I can gain root? I know the root password and everything, but I just can't get to it. The user is not in the wheel group, and root login is disabled in SSH. Thanks for any help/advice. You'll need to reboot in single-user mode. E.g., http://be-well.ilk.org/FreeBSD/doc/en_US.ISO8859-1/books/faq/admin.html#SU-WHEEL-GROUP If he can get to the system console, why would he need to bother booting to single user mode? He said he has the root password. He should just be able to login normally, if he can get to the system console. - mdh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
On Wed, Oct 22, 2008 at 08:25:30PM -0700, Benjamin Lee wrote: On 10/22/08 19:55, APseudoUtopia wrote: Hey, I have one user (other than root and the other system users) on my box, and that user is _NOT_ in the wheel group. I also have root logins disabled via SSH. This is a remote server and all I have is SSH access. Is there any way that I can gain root? I know the root password and everything, but I just can't get to it. The user is not in the wheel group, and root login is disabled in SSH. Thanks for any help/advice. Login as the unprivileged user and run: $ su See su(1). On FreeBSD, unless it is reconfigured differently, the non-root user must be in the wheel group to su to root. Changing that configuration requires root as does putting the user in the wheel group. jerry -- Benjamin Lee ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
On Thu, Oct 23, 2008 at 02:43:47PM +0200, Wojciech Puchar wrote: group, and root login is disabled in SSH. Thanks for any help/advice. You'll need to reboot in single-user mode. E.g., http://be-well.ilk.org/FreeBSD/doc/en_US.ISO8859-1/books/faq/admin.html#SU-WHEEL-GROUP -- and next time - do enable root login through ssh/rlogin/telnetd there is no security gain by disabling it, as you have to know password too. It guarantees that the root password is passed encrypted. So, next time do NOT enable root loging via ssh. Instead, put the non-root user in the wheel group. jerry if course it's not bright to login as root over telnet through public network, but too - it's not security hole in system, just in administrator's brain if he/she do it this way. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
On Thu, Oct 23, 2008 at 10:50:29AM -0200, [EMAIL PROTECTED] wrote: Hi, Another option would be if that umprivileged user is in sudoers with permission to run the root shell (sudo -s). It doesn't need to be in wheel to do that. Of course, it would take root to be put in. jerry On Wed, 22 Oct 2008, mdh wrote: |He said his unprivileged user isn't in the wheel group. | |To answer the initial question, you'll need to login to the system on the local console. You cannot get root access via the network unless you're running another remote access service besides ssh which will allow you to login as root directly. | |- mdh | |--- On Wed, 10/22/08, Benjamin Lee [EMAIL PROTECTED] wrote: | From: Benjamin Lee [EMAIL PROTECTED] | Subject: Re: Locked out of Root | To: APseudoUtopia [EMAIL PROTECTED] | Cc: freebsd-questions@freebsd.org | Date: Wednesday, October 22, 2008, 11:25 PM | | Login as the unprivileged user and run: | | $ su | | See su(1). | | | | |___ |freebsd-questions@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-questions |To unsubscribe, send any mail to [EMAIL PROTECTED] | - Marcelo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
On Wed, Oct 22, 2008 at 10:55:19PM -0400, APseudoUtopia wrote: Hey, I have one user (other than root and the other system users) on my box, and that user is _NOT_ in the wheel group. I also have root logins disabled via SSH. This is a remote server and all I have is SSH access. Is there any way that I can gain root? I know the root password and everything, but I just can't get to it. The user is not in the wheel group, and root login is disabled in SSH. You will need to gain console access or get someone there to gain console access. Then login as root and add that non-root account to the wheel group (or have the _trusted_ local person do it). Have the local person log out and you can then immediately log in as the non-root, su to root, check if anyone else is connected and then change the root password. jerry Thanks for any help/advice. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
mdh [EMAIL PROTECTED] writes: If he can get to the system console, why would he need to bother booting to single user mode? He said he has the root password. He should just be able to login normally, if he can get to the system console. To be honest, I was just guessing that there was more going on than we were told. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
It guarantees that the root password is passed encrypted. So, next time do NOT enable root loging via ssh. Instead, put the non-root user in the wheel group. funny :) jerry if course it's not bright to login as root over telnet through public network, but too - it's not security hole in system, just in administrator's brain if he/she do it this way. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Locked out of Root
Hey, I have one user (other than root and the other system users) on my box, and that user is _NOT_ in the wheel group. I also have root logins disabled via SSH. This is a remote server and all I have is SSH access. Is there any way that I can gain root? I know the root password and everything, but I just can't get to it. The user is not in the wheel group, and root login is disabled in SSH. Thanks for any help/advice. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Locked out of Root
On 10/22/08 19:55, APseudoUtopia wrote: Hey, I have one user (other than root and the other system users) on my box, and that user is _NOT_ in the wheel group. I also have root logins disabled via SSH. This is a remote server and all I have is SSH access. Is there any way that I can gain root? I know the root password and everything, but I just can't get to it. The user is not in the wheel group, and root login is disabled in SSH. Thanks for any help/advice. Login as the unprivileged user and run: $ su See su(1). -- Benjamin Lee signature.asc Description: OpenPGP digital signature
Re: Locked out of Root
Benjamin Lee wrote: On 10/22/08 19:55, APseudoUtopia wrote: Hey, I have one user (other than root and the other system users) on my box, and that user is _NOT_ in the wheel group. I also have root logins disabled via SSH. This is a remote server and all I have is SSH access. Is there any way that I can gain root? I know the root password and everything, but I just can't get to it. The user is not in the wheel group, and root login is disabled in SSH. Thanks for any help/advice. Login as the unprivileged user and run: $ su See su(1). Noting with care the following paragraph: PAM is used to set the policy su(1) will use. In particular, by default only users in the ``wheel'' group can switch to UID 0 (``root''). This group requirement may be changed by modifying the ``pam_group'' section of /etc/pam.d/su. See pam_group(8) for details on how to modify this setting. which may well be why the OP keeps stressing that his unprivileged user is not in the wheel group. ;-) --Jon Radel [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: Locked out of Root
He said his unprivileged user isn't in the wheel group. To answer the initial question, you'll need to login to the system on the local console. You cannot get root access via the network unless you're running another remote access service besides ssh which will allow you to login as root directly. - mdh --- On Wed, 10/22/08, Benjamin Lee [EMAIL PROTECTED] wrote: From: Benjamin Lee [EMAIL PROTECTED] Subject: Re: Locked out of Root To: APseudoUtopia [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Date: Wednesday, October 22, 2008, 11:25 PM Login as the unprivileged user and run: $ su See su(1). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
