recovering root access (mistakenly changed shell)

L

Lem0nHead

Verified User
Joined
Nov 28, 2004
Messages
265
hi there

I was working with one of my servers that has directadmin and I mistakenly typed "chsh" instead "chsh [user]" as root... since my intention was to disable shell, I set the "users" shell to /sbin/nologin, which actually setted the root's shell to it
so now I can't login as root anymore

I can, though, login on directadmin, or to shell as "admin" or as another use that has the same group as root

This is a freebsd 7.3 server, which doesn't have sudo/sudoexec

I noticed that I can kill process through directadmin somehow if I give root's password... so I guess there might be some kind of "backdoor" that can allow me to run command as root?

any ideas?

Code: 
$ su -l root
Password:
This account is currently not available.
$ su root
Password:
This account is currently not available.
$ suexec
suexec policy violation: see suexec log for more details
$ find / -perm -u+s -print 2>/dev/null
/bin/rcp
/sbin/mksnap_ffs
/sbin/ping
/sbin/ping6
/sbin/shutdown
/usr/bin/at
/usr/bin/atq
/usr/bin/atrm
/usr/bin/batch
/usr/bin/chpass
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/ypchpass
/usr/bin/ypchfn
/usr/bin/ypchsh
/usr/bin/lock
/usr/bin/login
/usr/bin/opieinfo
/usr/bin/opiepasswd
/usr/bin/passwd
/usr/bin/yppasswd
/usr/bin/rlogin
/usr/bin/rsh
/usr/bin/su
/usr/bin/crontab
/usr/bin/lpq
/usr/bin/lpr
/usr/bin/lprm
/usr/libexec/pt_chown
/usr/local/bin/Xorg
/usr/local/bin/xterm
/usr/local/bin/pkexec
/usr/local/bin/procmail
/usr/local/libexec/dbus-daemon-launch-helper
/usr/local/libexec/polkit-resolve-exe-helper
/usr/local/libexec/polkit-set-default-helper
/usr/local/libexec/polkit-grant-helper-pam
/usr/local/libexec/nagios/check_dhcp
/usr/local/libexec/nagios/check_icmp
/usr/local/libexec/utempter/utempter
/usr/local/libexec/polkit-agent-helper-1
/usr/local/sbin/exim-4.71-0
/usr/local/sbin/exim
/usr/local/directadmin/plugins/installatron/admin/index.raw
/usr/local/directadmin/plugins/installatron/reseller/index.raw
/usr/local/directadmin/plugins/installatron/user/index.raw
/usr/sbin/authpf
/usr/sbin/ppp
/usr/sbin/pppd
/usr/sbin/sliplogin
/usr/sbin/timedc
/usr/sbin/traceroute
/usr/sbin/traceroute6
/usr/sbin/suexec
 
Hello,

I could help you with the issue in terms of a commerce service, since you've got root password and access into directadmin, you can execute commands as root.
 
sorry, but being a sysadmin myself I don't feel very comfortable paying for this information

anyway, in case anyone can help, I just found out how to edit any file in the server with root privilege
so I can edit /etc/passwd and change the shell
the problem is that it doesn't get "reloaded" in the system because it wasn't done using something like vipw

so I logged in as an user I have access to and did "chsh" for this user, only to force this reload
the problem is that, when it reloads, it gets back to the old shell information, so it's not very helpful

I also tried restart SSH, which didn't solve the problem
 
hm, I guess I know a script that run by root on cron, so I can probably edit this script to add a shell command that would reload it (don't know which one yet)

this is getting too hackish, but still seems a better option than rebooting the server
 
ok, after some comings and goings I found a script that was run by root every 10 minutes and included
Code: 
/usr/sbin/pw usermod root -s /bin/sh
to it
:)
 
You must log in or register to reply here.
Back
Top