On Sun, 27 May 2007 19:17:20 -0400 Schiz0 <[EMAIL PROTECTED]> wrote: > This is one of those things where after you realize what you've done, > you just want to smack yourself. > > I've been working on hardening my FreeBSD 6.2-Stable box. I disabled > root login from everywhere, including the console (The box isn't > physically secure, so I didn't want anyone screwing around). Now, me > being stupid, didn't reboot after making all these changes to harden > it. So I finally rebooted (With the secure level set to 2) and I found > that I can't run "su." I get the following error: > > $ su - > su: not running setuid > > I can't shutdown since I can't become root, so I pulled the plug and > rebooted into single-user mode. I edited /etc/rc.conf and set > kern_securelevel_enable="NO" > > I rebooted again, but for some reason I still get the same error for > "su." > > So basically, I locked myself out of my box completely. I fail :-( > > su has the following permissions: > -r-sr-xr-x 1 root wheel schg 12240 May 13 13:15 su > > And sudo isn't installed, unfortunately. Any ideas of how to get root > back? > > Thanks!
First, you need to make sure that ttyv0 is *not* set to "insecure" in /etc/ttys, so no login/password will be needed in single-user mode: ttyv0 "/usr/libexec/getty Pc" cons25l1 on secure This *should* allow you to use single-user mode once again as root. Then, make sure that any user you want to have su capability is listed in /etc/group under the "wheel" entry: wheel:*:0:root,foouser After that, any other problems you may encounter will have to be dealt with as they arise. Post a followup if you still have trouble. HTH -- Conrad J. Sabatier <[EMAIL PROTECTED]> _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"