I made a mistake setting my shell and have set the root users shell to /bin/bash instead of /bin/sh. I am curiuos if anyone knows how to fix this. The machines is FreeBSD 4.8-RELEASE-p4 and does not have sudo only su.
For some reason su -c relates to "class" not "command" as in linux. I know about the booting into single user mode also. This happends to be the primary dns server and our secondary doesn't have the capacity to handle all the queries. Any other suggestions? Thanks in advance.
On 2004.07.08 10:29:58 -0500, Brandon Grace wrote:> I made a mistake setting my shell and have set the root users shell to > /bin/bash instead of /bin/sh. I am curiuos if anyone knows how to fix this. > The machines is FreeBSD 4.8-RELEASE-p4 and does not have sudo only su.Just go to single user mode [1] and correct it. [1] http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/boot-init.html#BOOT-SINGLEUSER -- Simon L. Nielsen FreeBSD Documentation Team -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040708/1778d7e3/attachment.bin
On Thu, Jul 08, 2004 at 10:29:58AM -0500, Brandon Grace wrote:> I made a mistake setting my shell and have set the root users shell to > /bin/bash instead of /bin/sh. I am curiuos if anyone knows how to fix this. > The machines is FreeBSD 4.8-RELEASE-p4 and does not have sudo only su.Two ways. su -m root will su to root but keep you currect shell etc. boot into single user mode, and then change it. -- Avleen Vig Systems Administrator Personal: www.silverwraith.com EFnet: irc.mindspring.com (Earthlink user access only)
On Thu, Jul 08, 2004 at 10:29:58AM -0500, Brandon Grace wrote:> I made a mistake setting my shell and have set the root users shell to > /bin/bash instead of /bin/sh. I am curiuos if anyone knows how to fix this. > The machines is FreeBSD 4.8-RELEASE-p4 and does not have sudo only su.Reboot the machine in single-user mode - press Space or anything but Enter at the spinning loader prompt, then type 'boot -s'. After that, mount the rest of the filesystems (if necessary) by 'mount -a', run 'vipw' (or 'chsh -s /bin/sh root' directly) and fix your mistake. I think this was documented somewhere in the FAQ or the Handbook, but right now I can't find it. G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If wishes were fishes, the antecedent of this conditional would be true. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040708/2e579e75/attachment.bin
On Thu, 8 Jul 2004, Brandon Grace wrote:> I made a mistake setting my shell and have set the root users shell to > /bin/bash instead of /bin/sh. I am curiuos if anyone knows how to fix this. > The machines is FreeBSD 4.8-RELEASE-p4 and does not have sudo only su.How about 'su -m' ? -- Best regards, Taras Y. NIZHNIK, AKA Taren, XN7211-XTF, TYN-UANIC, TYN1-RIPE
torsdagen den 8 juli 2004 17.29 skrev Brandon Grace:> I made a mistake setting my shell and have set the root users shell to > /bin/bash instead of /bin/sh. I am curiuos if anyone knows how to fix this. > The machines is FreeBSD 4.8-RELEASE-p4 and does not have sudo only su. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"...and I gather that "su - toor" doesn't work either for some reason or other?
"Peter C. Lai" wrote:> as a rule of thumb, you're probably superuser way too much if you > develop an urge to change it shell anyway.Where do people come up with these folk "rules"? I spend all day working in various root shells as part of my job. Couldn't do it otherwise.> toor has a disabled (*) password by default. What Brannon should have done was > set a password for toor in the beginning, without mucking around with root's > shell.In 8 years of BSD administration I've never seen the toor account used. IMO, as a matter of security, KIS, and for improved cross-platform compatibility it should be removed from the distribution. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
i'm relatively new to freebsd, having moved from linux, and as soon as i found the toor account i deleted it after research deciding that having two uid 0 accounts on my system was a really really bad idea. I guess there are times when its good to have a backup, but then you have to weigh up the costs of auditing that second account with its usefulness. In most compile steps, only one phase of the compile requires root (make install), which cuts down greatly the amount of time you spend as a superuser, and the amount of damage you can do (accidentally or otherwise). Thanks, Craig>Wrote Peter C. Lai: > >> On Fri, Jul 09, 2004 at 11:58:35AM +0200, Anders Dahlqvist wrote: >> > torsdagen den 8 juli 2004 17.29 skrev Brandon Grace: >> > > I made a mistake setting my shell and have set the root users shell to >> > > /bin/bash instead of /bin/sh. I am curiuos if anyone knows how to fix this. >> > > The machines is FreeBSD 4.8-RELEASE-p4 and does not have sudo only su. >> > >> > ...and I gather that "su - toor" doesn't work either for some reason or other? >> >> toor has a disabled (*) password by default. What Brannon should have done was >> set a password for toor in the beginning, without mucking around with root's >> shell. But as a rule of thumb, you're probably superuser way too much if you >> develop an urge to change it shell anyway. > >Some of us either have to do extensive work as root (I myself >extensively use shell programming on the command line -- which is not >easy nor sensible in either csh or tcsh), or find it extremely >annoying to use the least favorite shell during an emergency. > >On the other hand, I've run across a sysadmin who always enables his >toor accounts -- and changes its shell to bash. As a result, not only >is there an alternate root account (good in case 'root' trampled on by >accident or purpose), but you can get root bash as a login shell while >leaving the real root to its normal shell. > >Since then I've adopted this tip on the BSD system I run. > > -Daniel >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >