[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Root
- Subject: Re: [cobalt-security] Root
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Fri, 14 Jul 2000 17:54:57 +0100 (BST)
Anybody can su to root as long as they are in the 'wheel' group - you can
add yourself into the group by editing the '/etc/groups' file, or through
the web interface (I think).
On Fri, 14 Jul 2000, Frank Smith wrote:
> On the RAQ2 at least it seems you can only su to root if you are
> logged in as admin. Are you always trying to su from the same
> user?
> If you don't have . in your path you are much less likely to
> execute an unexpected program.
>
> Frank
>
>
> Frank
>
> --On 07/14/00 08:46:44 -0600 David Love <dlove@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
> >> How is it that once in a while, i lost root access (when i su to root, it
> >> gives wrong password). But, when I reboot the server, and su again it
> >> works. Then, after a while (a couple of days) it gives the same problem
> >> again. Was our server hacked, was it a bug?
> >
> >
> > First thing that comes to mind: When you su, do you specify the full
> > path (/bin/su) or just the command? If the latter, it's possible you're
> > picking up some other su command (e.g., a shell-script some user created
> > that tries to capture an unsuspecting admin's password). Always specify
> > the full path for su .
> >
> > I can't think of any other reason, other than bad typing, that su would
> > randomly fail.
> >
> > - Dave
> >
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
>
> Frank Smith fsmith@xxxxxxxxxxx
> Systems Administrator Voice: 512-374-4673
> Hoover's Online Fax: 512-374-4501
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
--
gossi the dog
email: gossi@xxxxxxxxxxxxxx
irc: gossi in #markthomas (efnet / irc.ins.net.uk)