Shell Problem

oss · September 29, 2005, 6:24am

Dear Members;
I changed ,by mistake ,the root shell in /etc/passwd and logged out. Thereafter, I can no more have a prompt when trynig to log in as root.
How to solve this pb ?
Regards

blowtorch · September 29, 2005, 10:28am

What OS are you using? If you are using Solaris or Linux, you can boot from the CD and change the shell back to what it should be.

oss · September 29, 2005, 11:26am

Hi blowtorch ;
I want to restore the shell to what it was without booting from a CD . I have Solaris8 insatalled on my sever .
Thanks

jim_mcnamara · September 29, 2005, 12:06pm

If you have another account that has SU privs, log in to that account. Otherwise, follow blowtorch's advice.

blowtorch · September 30, 2005, 12:48am

There is one more way to go about this: If you have any setuid root binaries that internally call a shell script, you can change the script to just execute an interactive shell. This will throw you to a root shell prompt and you can modify the /etc/passwd file from there.

oss · October 4, 2005, 5:47am

hi bmowtorch ;
Can u please give me an exemple of how to proceed ?
Thanks for help

blowtorch · October 4, 2005, 2:26pm

A setuid binary that runs a shell script is a way to give users extra privileges that may be required to carry out a particular task... The main function will look similar to this:

main(argc,argv)
int argc;
char *argv[];
{
   setuid(0);       /*I am not gonna be doing any error checking here*/
   system("/full_path/some_shell_script");
}

In the some_shell_script, you do whatever it is that you require root privs for... Now, if you have permissions to write to this script, all you have to do is replace the code in the script with the below:

/usr/bin/sh -i

When some_shell_script executes that line of code, you will be in an interactive shell that has root privileges. From here you can edit the /etc/passwd file and restore the shell.

Perderabo · October 4, 2005, 2:52pm

Yeah, but that is the operative word here... "if". On the other hand, if you don't have a setuid binary that invokes a writatble shell script already in existence, this is not going to be possible. And blowtorch is describing a situation that is a nasty security problem. Most of us would hope that we have no such thing.

blowtorch · October 4, 2005, 3:00pm

That is true.. we do have scripts like that, but they have write rights only to root.. so you would have to be root to modify them in the first place.

I feel that the best way to go about this would be booting the system from the cd and editing the /etc/passwd file.