Mandrake 8.2: Root Login busted!
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Mandrake 8.2: Root Login busted!

  1. #1
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007

    Mandrake 8.2: Root Login busted!

    Okay, I have something weird happening. Just installed Mandrake 8.2, and started with two users. No matter what I do, I cannot log in as root from the login screen! I checked the password carefully many times, and it says it is an incorrect password. (Shadowed passwords on.)... The TRULY strange this is that if I log in as the normal user, and then use su, I CAN become root by typing in the EXACT SAME PASSWORD.

    Has anyone else ever had this problem? I didn't have it with the same user/pass combot in Mandrake 8.1. It doesn't seem to matter what the root password is, after su-ing, I used passwd to change it, and the same weird inability to directly log in as root occured. Any ideas?
    [HvC]Terr: L33T Technical Proficiency

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Wish I could help. i'm still using Mandrake 8.1. Let us know what happens or what you find out. I was going to upgrade. Now I'll wait to see what happens with this.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    108
    I'm not sure about Mandrake, but FreeBSD comes with a user named "toor" for a backup.
    Have you checked to see if the root user has a valid shell?
    Speak softly and carry a big stick; you will go far. - Theodore Roosevelt

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    I haven't yet had a chance to try out Mandrake 8.2. From what I've heard, there's still some bugs to be ironed out. Here's a related bug I know of.

    Apparently, when you use 'adduser' to create a user (from the root account), it creates the user, but sets the file ownerships/groups of all the new user's files wrong. This means that the new user doesn't have permissions to access his own files! I had to manually log back in as root and reset the file permissions back to the user's name and group before the user started to work right. I don't know if this same problem exists from the 'create user' part of the install.
    So it would seem that all is not right with the user/pass logins. Key an eye on the Mandrake Forum. The issue you're having will probably come up soon .
    OpenBSD - The proactively secure operating system.

  5. #5
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Just as a note, the default shell is /bin/bash, so it has a valid shell.
    [HvC]Terr: L33T Technical Proficiency

  6. #6
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Mandrake sucks, but thats beside the point.

    I can't remember the name of the file now, it is one of the files in /etc ( /etc/securtty or something). It allows you to define what terminals root can log into. Its normally a big long list of every terminal possible. It has been a while, so I am not sure if this is still valid. One of the things I used to do to secure a box, was eliminate every terminal except tty1. That way, you could not telnet into the machine and log in as root. You had to su. Well, if that file is missing (or empty), then it is possible that root login is disabled. Like I said, it has been a while, and I don't know if this is still valid.

    Actually, the real question is, is this a bug, or a security feature? You can still su, so it isn't like root is gone...
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  7. #7
    Junior Member
    Join Date
    Nov 2001
    Posts
    11
    (I dont know if it would make sense but I had trouble awhile back trying to login to my machine, except remotely.....I found out that there is a file called securetty or something like that i'm not to sure. And it was not allowing remote root logins SO what i'm trying to get to is that maybe) <- I was gonna say that but then i looked at soulemans post.. so ditto on that!
    A+ Cert. Computer Technician

  8. #8
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    I agree with souleman. It is a preventative measure to lock out all options but tty1 for root. soule: /etc/securetty :P check that terr.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  9. #9
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    430
    I also use the /etc/securetty file but you know whats so fun.....comment every thing but say tty6 and even if they have root or a username and password they cant login unless they know the terminal!
    Terr have you tried killing the password and logging on with no password. Are you loging in on runlevel5 or 3?

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    This is definitely a result of /etc/securetty

    I have everything but tty1 setup to do that, and I always log in on TTY1, so it's in use. It's only for when I'm too lazy to do an su - that I actually bother to log in on that TTY.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides