Recover system root password
- Thread starter eadz
- Start date
DirectAdmin doesn't have this function, and it's working as nobody user (UID!=0), and password change requires UID=0 (root user). Sometimes DirectAdmin uses root to do something (as jlasman said ~2 posts after mine). There is no such function for now, so it's impossible to do that.
Last edited:
do not provide any one the steps to re-produce this.
Report it as security issues to DirectAdmin.
[email protected]
Report it as security issues to DirectAdmin.
[email protected]
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Martynas,
DirectAdmin does do a lot of things as root. Including adding users, changing passwords, etc.
So it's possible.
That said, maybe it is a security issue and maybe it isn't. If it's available from the control panel, and if the control panel can be accessed insecurely, then I'd call it a security issue.
I've tried to reset the password for root from within DirectAdmin, and couldn't find a way to do it either with an old version or the latest version of DirectAdmin.
Jeff
DirectAdmin does do a lot of things as root. Including adding users, changing passwords, etc.
So it's possible.
That said, maybe it is a security issue and maybe it isn't. If it's available from the control panel, and if the control panel can be accessed insecurely, then I'd call it a security issue.
I've tried to reset the password for root from within DirectAdmin, and couldn't find a way to do it either with an old version or the latest version of DirectAdmin.
Jeff
donkeyKICK
Verified User
- Joined
- Jul 24, 2007
- Messages
- 387
I'd be interested to know how this was done.
If it is a security issue then the hole would need to be fixed. Simply not posting the security issue wouldn't mean a breach couldn't happen.
If it isn't a security issue, then there would be no problem is posting it either. I suppose before it is posted DA staff should look at it and decide if they are going to change anything as a result.
If it is a security issue then the hole would need to be fixed. Simply not posting the security issue wouldn't mean a breach couldn't happen.
If it isn't a security issue, then there would be no problem is posting it either. I suppose before it is posted DA staff should look at it and decide if they are going to change anything as a result.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
donkeyKICK
Verified User
- Joined
- Jul 24, 2007
- Messages
- 387
tanfwc said to send it to DA, but it sounded to me like he ment that as a final thing. What I am saying is I agree it needs to be sent to DA for evaluation, but AFTER DA decides what they are going to do (and does it), I'd like to see how this was done. If one person found it, it is certainly possible for others to also. If it is posted, a discussion will probably ensue as to how to change its behavior (security issue or not).
Yes, it's true that it does it using root, but DirectAdmin isn't started as root, DirectAdmin runs as nobody user (and it uses root when it's needed). And it's impossible to change the root password for now, there is no such feature (and I don't think it's needed). And, thanks for the addition, just edited my post 
Last edited:
As a business with multiple DA servers the last thing I want on a public forum is an unpatched security hole. Yes I want to know how this was accomplished. It may not even be a DA issue, it may be an OS issue. It has been assumed that the 'change' was done through the web interface, you can ssh using da admin to the box which exposes potential OS problems. I have one such issue in my mind as a possibility.
- Joined
- Feb 27, 2003
- Messages
- 8,139
Hello,
I'm not sure if it's the same person, we did get one email about a claimed "security issue". I don't see how his report could accomplish what he says, so I'm waiting to hear back from him with more information, an example etc.
If you have not yet emailed us your "find", then please do, as we cannot address something we don't know about.
John
I'm not sure if it's the same person, we did get one email about a claimed "security issue". I don't see how his report could accomplish what he says, so I'm waiting to hear back from him with more information, an example etc.
If you have not yet emailed us your "find", then please do, as we cannot address something we don't know about.
John
- Joined
- Feb 27, 2003
- Messages
- 8,139
Hello,
1.31.0 is release. This one change addresses the issue that was emailed to us.
http://www.directadmin.com/features.php?id=827
Basically, it only applies if you don't want your admin to have root access.
I won't go into the details as to how, but it relates to the sshd_config file.
So either upgrade, or remove the sshd_config file from your /usr/local/directadmin/data/admin/edit_files.txt file until you upgrade.
If you're not concerned about your Admins getting root access (on most boxes the already have root access anyway) then it's not something to be very concerned with, as only an Admin can do it.
I've added an authentication field that requires the root password if you want to be able edit the more sensitive files. It saves your clearance in your session so you only have to do it once per login, and only if you want to edit those types of files.
I've labled 3 files at "secure", the sshd_config, the directadmin.conf, and the edit_files.txt which is newly added to the edit_files.txt (since it requires root accsess anyway, it's safe to add).
John
1.31.0 is release. This one change addresses the issue that was emailed to us.
http://www.directadmin.com/features.php?id=827
Basically, it only applies if you don't want your admin to have root access.
I won't go into the details as to how, but it relates to the sshd_config file.
So either upgrade, or remove the sshd_config file from your /usr/local/directadmin/data/admin/edit_files.txt file until you upgrade.
If you're not concerned about your Admins getting root access (on most boxes the already have root access anyway) then it's not something to be very concerned with, as only an Admin can do it.
I've added an authentication field that requires the root password if you want to be able edit the more sensitive files. It saves your clearance in your session so you only have to do it once per login, and only if you want to edit those types of files.
I've labled 3 files at "secure", the sshd_config, the directadmin.conf, and the edit_files.txt which is newly added to the edit_files.txt (since it requires root accsess anyway, it's safe to add).
John