12-19-2019
Sometimes when I am working on these kinds of "gotacha" files, I temporarily change the permissions to read:write for all users or change the owner of the file to an "other than root" user, or both. Then, when all is testing and working OK, I change back to how it was (root ownership, only root can modify, etc.)
I have a funny story to tell (someday) about this, regarding temporarily disabling google_authentication on a server, because of problems with an iPhone lightening connector (battery would not charge, port did not work at all) and the many hours of headaches a small mistake caused me (blocked my own root access on a remote server); all of this started with dust in the iPhone charge port and me spraying some contact cleaner into the port, gumming it up ever worse.
Always have one more more backup plans when doing these kinds of "gotcha" file changes. In the case cited above, because I had to restart sshd, even having two other open ssh connections as root into the server did not help!
Of course, all these editorial comments do not help "after the fact" and so it if makes you feel any better, most of us have made similar mistakes at one time or another.
Remember, you can temporarily change permissions and ownership on files when working on these kinds of "whoops, it got me" changes.
This User Gave Thanks to Neo For This Post:
10 More Discussions You Might Find Interesting
1. HP-UX
Good Day
Our HP box was hacked and the passwd file has been altered,there are only 2 user accounts active,and these dont have any administrative rights.I need to edit the passwd file to correct the su and root entries.
Does any body have any suggestions as to how i can do this with out the root... (10 Replies)
Discussion started by: cantona7
10 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I am new to UNIX, and have recently installed Suse 9.3. I have been experimenting with all of the commands and have somehow managed to modify the default shell of the root user to an invalid file. Consequently I cannot su to the root user as I receive the 'no such file or directory' error... (2 Replies)
Discussion started by: Tony Montana
2 Replies
3. Shell Programming and Scripting
Hi All
I have written one shell script for GPRS route add is given below named GPRSRouteSet.sh
URL="www.google.com"
VBURL="10.5.2.211"
echo "Setting route for $URL for GPRS"
URL_Address=`nslookup $URL|grep Address:|grep -v "#"|awk -F " " '{print $2}'|head -1`
echo "Executing ... (3 Replies)
Discussion started by: mnmonu
3 Replies
4. Red Hat
I accidentally changed root shell from /bin/bash to bash in /etc/password, then logged out from root. Now I can't login as root and got "No shell" error, although I have root password. "su -f -s /bin/bash" command does NOT work. There is no GUI interface for this system.
My question: Do I have... (7 Replies)
Discussion started by: aixlover
7 Replies
5. Programming
This is the source code:
#include <pwd.h>
#include <iostream>
#include <string.h>
using namespace std;
int main()
{
struct passwd *user;
char login="alex", password="qwertyuiop";
if ((user= getpwnam(login)) == NULL)
cout << "No such user\n";
else if... (24 Replies)
Discussion started by: hakermania
24 Replies
6. Solaris
Hi Folks,
I have Solaris 10, latest release.
We have passwd aging set in /etc/defalut/passwd.
I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging.
When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies
7. Shell Programming and Scripting
Hi Every body,
I would need a shell script program to login as different user and perform some copy commands in the script.
example: Supppose ora_toms is the active user
ora_toms should be able to run a script where user: ftptomsp pass: XXX should login through and run the commands
... (9 Replies)
Discussion started by: ujjwal27
9 Replies
8. UNIX for Dummies Questions & Answers
I have a legacy Solaris 8 machine. Someone has overwitten the passwd utility so I now can't change passwords.
Is there somwhere I can download a copy? I do have the installation CDs as well.
Thanks (1 Reply)
Discussion started by: hawess
1 Replies
9. Shell Programming and Scripting
Hi,
i have one shell script which transfers files from one server to other server through FTP, but i can see login id and password is not mentioned.
kindly help to understand the script.then how below script is working if login and password is not mentioned in script
#!/bin/sh... (1 Reply)
Discussion started by: ni3b007
1 Replies
10. HP-UX
Hi All
I had installed sudo in HP UX 11.3 and it is working fine but not able to make entry required to set permission similar to ROOT without using password (PASSWD) change option for define user in /etc/sudoers file
Please help if some know the syntex? :confused::wall: (2 Replies)
Discussion started by: deviltech
2 Replies
LEARN ABOUT DEBIAN
st_snapshot
ST_SNAPSHOT(1) systraq ST_SNAPSHOT(1)
NAME
st_snapshot - calculate checksum and stat ownership and permissions of files
SYNOPSIS
ST_SUM=sha256sum st_snapshot patterns homepatterns
DESCRIPTION
st_snapshot calculates checksums and stats ownership and permissions of critical system files.
This script is typically run in either root-mode or public-mode. Running this script in root-mode requires root priviliges. One is
adviced to set up a dedicated user account for running this script in public mode.
In root-mode, the files snapshot_root.list and snapshot_root.homelist are typically passed as arguments. These pattern files are read by
the script and contain names of files and directories; listing a directory in such a pattern file is equivalent to listing all files which
live in the directorytree with this directory as root.
snapshot_root.list could e.g. read
# snapshot_root.list - files and directories we wanna get
# monitored: we wanna get a note once these files, or any file
# under these directories, gets created, gets rm-ed, gets
# permissions or contents changed. these notices will not
# include the possibly secret contents of these files
#
# this file gets read by st_systraq
/etc/group
/etc/gshadow
/etc/hosts.allow
/etc/hosts.deny
/etc/hosts.equiv
/etc/lilo.conf
/etc/passwd
/etc/postfix/server.pem
/etc/shadow
/etc/skel
/etc/ssh
Equivalent files snapshot_pub.list and snapshot_pub.homelist should be on the system. These files should contain all worldreadable to be
monitored files. This allows for running this script as root only in those cases where it's needed: when reading files, readable for root
only.
The homelist files contain files and directories which should get monitored for every homedirectory on the system. snapshot_pub.homelist
could e.g. contain:
.profile
.cshrc
.tcshrc
.login
.logout
.bash_profile
.bashrc
.exrc
.nexrc
As a special case, when the environment variable ST_OPHOMES is set to a non-empty string (typically when running in public mode), we stat
the permissions on all homedirectories themselves.
The produced snapshot is printed to stdout. The output when running in public mode could look like:
# ownership and permissions of homedirs
drwxr-xr-x root root /bin
drwxr-xr-x root root /dev
drwxr-sr-x root staff /home
drwxr-sr-x joostvb joostvb /home/joostvb
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var
# sha256sum of critical pub files
4d3cd13d6dbc10e2e3ccb9477cbc9eb9b76302454c276d5771ae0b10a5fbb4d2 /home/joostvb/.ssh/id_rsa.pub
eb8d83e0246f761a21bdfb13a03fac634ed7c3b7dde4c2efddd7b2838d32596f /var/qmail/alias/.bashrc
4e371f9a11f5a2464d3d5c952e58e24f73b377d33767ed93b2082fcb59a647fe /etc/zlogin
# ownership and permissions of critical pub files
-rw-rw-r-- joostvb joostvb /home/joostvb/.ssh/id_rsa.pub
-rw-r--r-- joostvb joostvb /home/joostvb/.ssh/authorized_keys
ENVIRONMENT
ST_OPHOMES - non-empty in case permissions on all homedirectories should be printed
ST_SUM - command for calculating file checksums. E.g. sha256sum, sha512sum, sha384sum, sha224sum or sha1sum.
SEE ALSO
The systraq manual.
VERSION
This manpage: $Id: st_snapshot.pod 374 2008-12-14 08:47:32Z joostvb $
COPYRIGHT
Copyright (C) 2001, 2002, 2003, 2004, 2008 Joost van Baal
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
http://www.gnu.org/copyleft/gpl.html or write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
AUTHOR
Joost van Baal <joostvb-systraq-20041015@mdcc.cx>
20081217 2008-12-15 ST_SNAPSHOT(1)