Biggish goof

Nicholas Bodley nbodley at speakeasy.net
Wed Apr 12 21:45:34 EDT 2006 

In short, I've disabled my access to root, except when I get a  
command-line prompt after single-user boot is close to complete; that  
seems like rescue. (I rarely use single-user boot mode, btw.)

While BLU folk are generous-spirited, I'm not seeking sympathy {big grin}.  
I was staying up too late, and had a somewhat foggy wit.

Distro. is Libranet 3.0, essentially Debian (and a nice one). It's  
becoming outdated, but not seriously, yet, I'd say.

Could give more detail, but, as root, I mistakenly changed owner and group  
of the whole installation to my username.

Ouch.

Was using a twin-pane file manager, "wrong" active pane! I had intended to  
change only /home/enby, where [enby] will serve for my user name.  
(Probably paranoid, but I'm being cautious, not using the real username.)  
IIrc, only /proc "complained".

Once I got over the horror, I then changed owner and group of all the  
distro, except /home, back to root again, with little doubt failing to  
restore some critical "non-root non-enby" owner/group configurations.

Of course, this was effectively major sabotage (it also took a while, but  
I thought it might be even worse to try to abort the process...).

I Googled on likely phrases, and (realizing it might be inappropriate) did
chmod 4111 /usr/bin/sudo
That didn't seem to help much, if at all, and I was aware that "4111"  
might have been inappropriate for Libranet.

I rebooted as single user, logged in as root, and had a look at  
/etc/sudoers:
Uncommented lines included
enby ALL=(ALL) ALL
Another line looked OK, also.

My semi-experienced guess is that I've probably munged an unknown number  
of permissions/owner/group fields for various critical files and  
subdirectories, and those fields in critical places are "not typical".

If I try [sudo] or [su], the root password is rejected as incorrect. I  
have booted as single user, logged in as root, used passwd to change my  
password (made new the same as the old), but that didn't help.

I've read of shadow passwords, which I think Libranet uses. Have not tried  
to delete the passwd file or equivalent, yet, but I suspect that even  
deleting and restoring might not restore root access.

The button-initiated w.m. menu offers X-terminal as root (says GKSu), but,  
of course, it asks for the root password, which it rejects.

Initial login as root is also rejected, of course.

I should be able to work from a command-line prompt; my knowledge doesn't  
extend to more-sophisticated commands, scripting, awk, sed, PERL, or  
Python, although Python looks very worth learning.

I'm gaining even more respect for Linux security!

Almost forgot: Ran Bastille, a while ago, and accepted most of its  
recommendations.

Although I really doubt it, I might be owned; doesn't seem likely.

If it's too difficult to undo the sabotage, I'm not in deep trouble, for  
one, because I plan (sooner!) to install my Wintergreen Linspire machine  
(but with a bigger HD, 1 GB of RAM, and multi-boot) as a for-now-permanent  
machine. For another, I ought to be able to back up the whole installation  
to part of a 60-GB HD I have, wipe the partition, and reinstall. The  
present machine also boots The Delicate Flower (easily damaged), 98 SE. I  
use GRUB. As well, for an ordinary user, the distro. still works fine, so  
far.

I have the Libranet CDs and boot floppies.

(I've settled, for nom, on emelfm as the twin-pane file manager of choice.  
However, I have to start it as root, "detaching" with a trailing [&]. I  
promptly ^D once it starts. Have not tried to add it to the "button" menu,  
yet. I also use sudo to mount and get access to my Win partitions (on the  
same drive).

Reserved for some future time: Salvaging data from a FAT32 archive  
partition (~18 GB) on which I did a mkfs.ext3. (In brief: Wrong assumption  
about [re]numbering scheme for /dev/hda[n], after creating a small  
partition in unused space between other partitions. The newest partition  
has the highest [n], right? Not so, as I recall. Partition numbers  
"beyond" the new one are "bumped up" iirc. :( )

Help would be welcomed, but I'm not desperate nor upset, by far. I tend to  
be calm. Thanks much for considering! TIA, in short.

Best regards!

-- 
Nicholas Bodley /\ @ /\  Waltham, Mass.
kdirstat: Squarified treemaps and Much Else

More information about the Discuss mailing list