fedora-list digest, Vol 1 #734 - 23 msgs

fedora-test fedora at geeknet.nl
Fri Jan 9 11:23:22 UTC 2004 

Hi guys, This looks like a problem with user administration for group 
wheel .... indeed the sudoers file probably has a line uncommented that 
it shouldn't.. the man pages are indeed a good place to look but check 
the user group wheel settings.. If all else fails, for X sake put a 
passwd on your system and check again... On the other hand, if you are 
remotely loggin in to the system with SSH keys then it could simply be 
logical that you have enabled the authorized keys... disallow root 
logins via the sshd configuration... Message: 10 Date: Thu, 08 Jan 2004 
23:23:09 -0600 From: Frank Turscak <ftokcfed at sbcglobal.net> To: 
fedora-list at redhat.com Subject: Re: Blank password works for root 
Reply-To: fedora-list at redhat.com Bill Beeman wrote:

>>"Bevan C. Bennett" <bevan at fulcrummicro.com> wrote in message
>>news:3FFE03D5.5030505 at fulcrummicro.com...
>>  
>>
>  
>
>>>>Bill Beeman wrote:
>>>>    
>>>>
>>    
>>
>>>>>>I just discovered that I can log into my FC1 box as root with either the
>>>>>>root password, or by simply leaving the password blank!
>>>>>>
>>>>>>Functions this way from a command line, or in a terminal within either
>>>>>>KDE or Gnome.
>>>>>>      
>>>>>>
>>>      
>>>
>>>>What exactly are you doing to 'log in'?
>>>>Is this with 'su' from an existing command line, from the system
>>>>console, or with a remote access program like ssh, telnet or rlogin?
>>>>
>>>>If possible, see if the behavior is consistant between using su after
>>>>logging in as a non-root user, logging in on console, or connecting with
>>>>ssh?
>>>>
>>>>The first place I'd look in this case is in /etc/pam.d/
>>>>See if there are any files named *.rpmnew and if so check out the
>>>>differences between them and the originals. Look especially to see if
>>>>anything has pam_rootok.so listed, and where.
>>>>    
>>>>
>>    
>>
>>
>>This is consistent, whether from console, existing command line, or ssh from
>>elsewhere,
>>and works whether logging in as root, or by su from another user.  In
>>essence, no
>>root security.
>>
>>I've run chkrootkit-0.43, which comes up clean.
>>
>>However, comparing /etc/pam.d/system-auth with system-auth.rpmnew, I noticed
>>the line
>>
>>auth       sufficient     /lib/security/$ISA/pam_unix.so   likeauth nullok
>>
>>in both. removing "likeauth nullok" seems to solve the problem, but leaves
>>the question of how it got that way.  System-auth notes that it will be
>>regenerated and user changes discarded when authconfig is run.  I'll play
>>with that a bit, but don't recall running that before. Anyone have any ideas
>>what may have generated this?
>>
>>Bill
>>
>>
>>Run "man sudoers".  Seems to me something in the file "/etc/sudoers" might have gone awry.
>>  
>>
>  
>
Frank

More information about the users mailing list