UNIX for Dummies Questions & Answers

I'm teaching myself UNIX, so bear with me!

I created two user accounts on my box. One day I shut down the system using "shutdown -h 1". The system shut down cleanly.

A few days I rebooted the box, no problem.

But root is the only account that can log in. The other 2 user accounts can't.

CapsLock is off. Both accounts appear where they belong, with encrypted passwords. Fingering both accounts says they never logged in. If I SU to the first account it says it isn't there (grek sez it is), but I can SU to the 2nd account. And when I exit, it exits to the FIRST account that it said ain't there! From there I can exit back to root.

::shrug::

I also created two new accounts, and neither of them could log in, either. :/

And reassigning passwords doesn't work.

Help?

>>>>>>>Chris

A couple of questions...

1- what "flavor" of unix/linux are you using?
2- how did you create the new user accounts (i.e. useradd, vi
password file, etc.)?

Flavor = TurboLinux 6.0 Server Lite (comes up in env as "Linux-Gnu")

Created the accounts by "useradd", then passwd <uid>.

They used to work!

Oh, and I forgot: When I try to log those accounts in, it gets a message that says the system is going down last September 30th.

>>>>>>>>>>Chris

Has your system ever been attached to the internet
prior to that first shutdown you mention?
Was ftp or telent active?

What I'm driving at here is that you may have been cracked
since you mention you get the powerdown message when you
try to login with the other users. You also mention that
these logins had worked previously. You may also want
to check what your system is doing with ps and who as well as
taking a look in /var/log/messages and /var/log/secure for any
abnormalities (i.e. large block of garbage).

If none of this is true, I don't know what else may be the
cause. You seem to have added new users properly...
useradd then passwd
...however, my recommendation would be the same...
save all your important data and configuration files then
wipe the disk clean and reinstall Linux. Before you connect
to the internet, be sure to secure (if not turn off) ftp and telnet.

Nope, never been on the 'net. No FTP, TFTP, or Telnet. It's not on a network at all in fact; it's a standalone box I built for me to learn UNIX on.

When I "who", I only get root. "ps" only gives me information on tty1 (root) and lists only login, bash, and ps under CMD. Obvious I guess, root's the only account logged in, right?

(remember, I'm still learning this!)

The powerdown message, I've been getting even when I had X-Window running and unsuccessfully tried to log into Linux (although the date has since changed).

/var/log/messages list multiple listings of:

... localhost syslogd 1.3-3: restart
(and)
... localhost --MARK--

/var/log/secure lists all of the account authentication errors.

Thankfully, this is only a learning computer, so if I DID need to blow away Linux and reinstall, no problem. I may just replace it with Redhat 6 instead; I've got that, too. (if I do, do I have to reformat, or can Redhat 6 overwrite TurboLinux and use the same partitions I have set up?

Makes perfect sense to secure (if not turn off) ftp and telnet. Is it hard to do?

BTW, thank you for having the patience to deal with a newbie like me!

Best,

>>>>>>>>>>Chris
Author: "Sabrina Online: The Story"
www.furnation.com/chrisfoxx

No problem Chris. I and all the other folks
participating on this forum are glad to be
of any help we can

I'm sorry I haven't been much help on your
problem. If your machine has never been
connected to the "outside", It would be safe
to say that your system has not been compromised.
I would say... remove the users (userdel) and
re-add them (useradd) but you have already tried
that. If you don't mind re-installing or going
to RedHat, I would say... do so and go ahead
and reformat the disk (it may come up with bad
blocks or something). On securing telnet and ftp,
you can simply edit your /etc/inetd.conf file
and you should see two lines like...
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
...simply insert a "#" (no quotes) in the very
beginning of the line. Once this is done, you
will need to "tell" inetd to re-read the file.
run the "ps" command to find the PID do...
# ps -ef | grep inetd
root 569 1 0 Jul10 ? 00:00:00 inetd
# kill -HUP 569

...the above shows my inetd PID as 569. You would
substitute whatever PID your system shows.
This will turn off those services. When you get
more adventurous, check out the man page
for hosts_access(5) use: man 5 hosts_access
and you can set up the /etc/hosts.allow and
/etc/hosts.deny files to allow ftp and telnet
access to very specific systems or ranges of
IP addresses only. Don't forget to uncomment
the lines in /etc/inetd.conf and HUP inetd
again.

I know it's alot of stuff to assimilate so
I hope I haven't created more confusion

Security! Yay!

http://www.linuxnewbie.org/nhf/intel...ity/index.html

I recommend the "Securing you Home Maching" section first. It won't cover you 100%, but it's a good start for new-comers to the Unix world. Check out the rest of the site as well, and when you get a little more comfortable with your newfound Unix skills, don't be afraid to check out www.linuxdoc.org.