I think I really locked myself out good this time. I tried everything to gain root access back. Here's my problem...

I was adding new email accounts as root. To prevent them from having login access I would use chsh to change their shell to /bin/false. Unfortunately, it seems that I forgot to type the part once, because root now has a shell of /bin/false.

I can now not log into my root account. I still have a normal account I can ssh into, but I've found no way to su to root. When I try su I get this:

su: using restricted shell /bin/false

I've tried all variation of su, all to know avail. (su -m, su -s /bin/bash, su -c pico /etc/passwd)

I also looked for any cron jobs that had root priviledges which I could edit as my normal user, but there are none. I suppose in most cases that is a good thing though

So am I stuck? It seems the only way to get root access back is to get a RS admin to go into single user mode and then edit the passwd file to give root a valid shell again.

Anyone know any work around?

EDIT: I have a plain redhat box

Thanks,
Ken

Suggest submitting TT for RS to rset root to its proper shell.. Mouse

Well... if the following works, you may want to set up an account with sudo priviliges after.

But su should work just fine:

su -s /bin/bash

or maybe:

su -c editor /etc/passwd

Edit: never mind - I'm an idiot who can't read.

Hmm, have you tried using combinations of those options? Like setting your shell, and passing a command? Also, you *may* need to quote the command as well. It's kind of wierd that it complains about your shell after you explicitly set it...

well..this won't get you back in to root...but it will help you avoid this problem in the future...instead of changing the newly created user's shell to /bin/false...why not just add this to your useradd command: -s /bin/false ....that way..they will be created with a shell of /bin/false....and if you leave out the username by accident..it won't work..(since root already exists)..

wohoo! Rackshack fixed it. It was a mighty speedy fix too. I don't know why I hear some people talk about bad support.

Good Deal...and I agree support at RS Rocks!

I managed to screw up my server today with this same problem and it seems that RS support seem to want the money to do a restore rather then sort it out as they did for you.

The thing is I don't mind paying even if they charge the same for a restore but save me having to do the work of a restore by just modifying the passwd file but I guess I am out of luck.

I agree its my fault but I'd have to say its a bit unfair, I guess you got lucky or something !

Franto, I'd just ask again and reference this thread. A restore is an overkill to fix this.

I did that and I have been told again no, I offered to pay for someone's time since I too think a restore is a bit of overkill and I totally agree its my fault and I got this reply :


There is unfortunately no extra pay option for remote hands technical support


Great pricing but @#!@#!@#!@#!ty support seems to be the ethos of late.

Either accept this or e-mail Mario and see if there is anything he can do for you. It is really a 30 second fix, you can even give them the commands they need to run.

I'm sorry to hear they won't fix this for you as they did for me. Especially if you have already spent a lot of time setting up your box. I just hope that this isn't a trend of ev1 support getting more and more thin. Let's hope you find someone at ev1 to help you remedy this rather simple situation.

One tip though. Once you get your box back, I recommend adding a second way into your box as root in case this happens again. I installed webmin on my box (webmin.com). If you use it, be sure to use the ssl secure option.

Well, if you are really in trouble and rack shack refuses to do it, you can always hack yourself using todays root-level kernel exploit :-D then set yourself back up with the proper shell - and update the kernel before someone else tries the same trick :-D

Hi guys,

It seems that after this matter was wrapped up and the TT closed after being escalated to supervisor one of the EV1 chaps resolved this matter for me, I am not sure who it was but thank you very much !!

After reading this thread.. I decided to add this portection.
Added this shell script in my hourly cron



run the above code with FIX as a parameter after you test run it without any parameter.. change the email-address to your email address