You are not logged in.

#1 2010-11-10 01:21:51

anon27
Member
Registered: 2010-11-10
Posts: 18

[SOLVED] Locked myself out of root

What I'm trying to do is to disable the root login but use the root password for sudo. This is what I did:

- Installed sudo
- Created user with wheel group enabled
- Visudo --> uncommented "%wheel ALL=(ALL) ALL" and added "Defaults timestamp_timeout=0,rootpw"
- psswd -l root
- Owned myself

I don't need help recovering root access, I already reinstalled since it was a clean install anyway. I just want to know what I did wrong and how to achieve what I wanted to do.

Thanks in advance, any help is appreciated.

Last edited by anon27 (2010-11-10 12:59:16)

Offline

#2 2010-11-10 02:57:01

Stebalien
Member
Registered: 2010-04-27
Posts: 1,237
Website

Re: [SOLVED] Locked myself out of root

`rootpw` and passwd -l root

From the passwd man page:

-l, --lock
           Lock the password of the named account. This option disables a
           password by changing it to a value which matches no possible
           encrypted value (it adds a '!' at the beginning of the password).

Steven [ web : git ]
GPG:  327B 20CE 21EA 68CF A7748675 7C92 3221 5899 410C
Do not email: honeypot@stebalien.com

Offline

#3 2010-11-10 02:57:14

sand_man
Member
From: Australia
Registered: 2008-06-10
Posts: 2,164

Re: [SOLVED] Locked myself out of root

...and what exactly is it that you wanted to do? I assume you want to lock the root account out right?
By the way, you could have logged into single user mode to fix it.

Last edited by sand_man (2010-11-10 02:58:13)


neutral

Offline

#4 2010-11-10 11:33:56

anon27
Member
Registered: 2010-11-10
Posts: 18

Re: [SOLVED] Locked myself out of root

Stebalien wrote:

`rootpw` and passwd -l root

From the passwd man page:

-l, --lock
           Lock the password of the named account. This option disables a
           password by changing it to a value which matches no possible
           encrypted value (it adds a '!' at the beginning of the password).

Guess I misunderstood what the sudo wiki was saying about disabling the root login.

sand_man wrote:

...and what exactly is it that you wanted to do? I assume you want to lock the root account out right?

I want to disable being able to login as root but not disable the root password along with it, so that a remote attacker would need to get both the user and root passwords in order to get root access. Just thought it was a cool paranoid thing to do.

sand_man wrote:

By the way, you could have logged into single user mode to fix it.

I'm a total newb, how do I do this?

Offline

#5 2010-11-10 11:50:34

kowalski
Member
Registered: 2009-05-07
Posts: 82

Re: [SOLVED] Locked myself out of root

Well, you could go to single user mode directly at boottime by appending " 1" to the grub kernel line or typing "init 1" as root, which of course would not have worked in your situation.
To achieve the cool paranoid thing you might change root's login shell to /bin/false

usermod -s /bin/false root

as root, which makes it impossible to login as root (yet still use the password, I guess, haven't tried that).

I don't know if that is a clean way to do it.

Cheers


He who says A doesn't have to say B. He can also recognize that A was false.

Offline

#6 2010-11-10 12:58:19

anon27
Member
Registered: 2010-11-10
Posts: 18

Re: [SOLVED] Locked myself out of root

kowalski wrote:

To achieve the cool paranoid thing you might change root's login shell to /bin/false

usermod -s /bin/false root

as root, which makes it impossible to login as root (yet still use the password, I guess, haven't tried that).

I don't know if that is a clean way to do it.

Cheers

That did work. Thank you kindly sir.

Offline

Board footer

Powered by FluxBB