File: 23.html

package info (click to toggle)
lg-issue48 2-1
links: PTS
area: main
in suites: sarge
size: 2,284 kB
ctags: 139
sloc: xml: 324; makefile: 34; sh: 34
file content (392 lines) | stat: -rw-r--r-- 15,944 bytes
<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.3A.e">
<TITLE>The Answer Guy 48: login, su, and passwd dies: Everybody dies!</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
	LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
	<img src="../../gx/dennis/qbubble.gif" alt="(?)" 
		border="0" align="middle">
	<font color="#B03060">The Answer Guy</font>
	<img src="../../gx/dennis/bbubble.gif" alt="(!)" 
		border="0" align="middle">
</A></H1> 
<BR>
<H4>By James T. Dennis,
	<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
	LinuxCare,
	<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A> 
</H4>
</center>

<p><hr><p>
<!--  endcut ======================================================= -->
<!-- begin 23 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif" 
	height="50" width="60" alt="(?) " border="0"
	>login, su, and passwd dies: Everybody dies!</H3>


<p><strong>From Tim Kientzle  on Mon, 11 Oct 1999  
</strong></p>
<!-- ::
login, su, and passwd dies: Everybody dies!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
I'm having a hard time finding good technical archives for Linux.
I've been searching 'linux login' trying to find someone else
who's had this problem; I stumbled across a couple of your columns
in the process.
</STRONG></P>
<P><STRONG>
In any case, I have a useful factlet for you regarding login
problems: The <A HREF="http://www.kde.org/">KDE</A> 'add user' program by default does not assign a
login shell.  Thus, accounts that cannot be logged into.
</STRONG></P>
<P><STRONG>
For myself, I have a RedHat 6.0 machine that does not accept any
logins, not even root.  It never gets to a password prompt.  This
is true of getty, telnet, ftp, and KDM logins.  I brought the
machine up in single-user mode, and found that 'su' and 'passwd'
both crash, also.  It looks as though any program that needs to
touch the password file simply dies at that point.  (Note that
'su' does not crash if you use it to go from root to a non-root
user.)
</STRONG></P>
<P><STRONG>
Oddly enough, this problem arose spontaneously; the machine has
worked fine (about 8 functioning accounts) for a week.  I came in
this morning, and tried to telnet into that machine; the
connection dropped at the telnet prompt.  I rebooted the machine
(which required hitting the big red button, since I can't login as
root to safely shut down) and then KDM won't come up; it seems to
crash the X server.  No useful messages to <TT>/var/log/messages</TT>, just
a machine that can't even be reasonably debugged.
</STRONG></P>
<P><STRONG>
I'm almost ready to drop RedHat and go with <A HREF="http://www.freebsd.org/">FreeBSD</A>
instead. &lt;sigh&gt;
</STRONG></P>
<P><STRONG>
- Tim Kientzle
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
It sounds like massive corruption to your libraries
or to your <TT>/etc/passwd</TT> file.  I'd start by booting from
a rescue diskette (as you've already done once) and
editing the <TT>/etc/passwd</TT> and <TT>/etc/group</TT> files.
</BLOCKQUOTE>
<BLOCKQUOTE>
If those look alright (compare their formatting to the ones
on your rescue floppy) then check the <TT>/etc/shadow</TT> file.  You
could just rename the etc/shadow file and try the 'passwd'
command again.
</BLOCKQUOTE>
<BLOCKQUOTE>
(The libraries use the existence of an <TT>/etc/shadow</TT> file as a
hint to use shadow passwords).
</BLOCKQUOTE>
<BLOCKQUOTE>
Another thing to try is the following commands:
</BLOCKQUOTE>
<BLOCKQUOTE><BlockQuote>
cd <TT>/mnt/</TT> &amp;&amp; usr/sbin/chroot . <TT>/bin/sh</TT>
rpm -Va
</BlockQuote></BLOCKQUOTE>
<BLOCKQUOTE>
(or, if you have a copy of the 'rpm' command on your resuce
diskette you can use: 'rpm --root <TT>/mnt</TT> -Va')
</BLOCKQUOTE>
<BLOCKQUOTE>
This rpm command will check the integrity of the system
files, libraries and binaries, and the ownership, modes, and
other particulars for every file that included in any
package you installed.
</BLOCKQUOTE>
<BLOCKQUOTE>
You can use the 'rpm -qf' command to match the filenames
that the verification reports to the package names that you
might need to re-install.
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course you could re-install from scratch.  However,
it would be very unsettling to me to do that with no
understanding of what went wrong.  I suspect that
you feel the same; how can you trust a system that
"did that" all of a sudden.
</BLOCKQUOTE>
<BLOCKQUOTE>
One possibility is that your system was cracked
(incompetantly).  The programs you mention are some of
the same ones that are replace by most "rootkits." If
some script kiddie broke into your system and tried to
install a rootkit that was pre-compiled for libc5 then
I could see it give symptoms just like those you've
described.
</BLOCKQUOTE>
<BLOCKQUOTE>
The 'rpm -Va' command might uncover this.  Script
kiddies and their canned cracker tools don't seem to have
added "rpm dbm patchers" YET.  However, it's only a
matter of time before they do.
</BLOCKQUOTE>
<BLOCKQUOTE>
In a past issue(*) I've described more robust techniques for
using write-protected boot floppies, you original CD, the
rpm command and some shell utilities to perform a system
integrity audit on a <A HREF="http://www.redhat.com/">Red Hat</A> or other RPM based system.
That article was long-winded since I explained the method in
some detail.
</BLOCKQUOTE>
<BLOCKQUOTE><ul><li>
(<A HREF="http://www.linuxgazette.com/issue37/tag/44.html"
	>http://www.linuxgazette.com/issue37/tag/44.html</A>
search the page for "pkg.inst")


As for running FreeBSD:  It's a nice system.  It's a bit
more carefully integrated then most Linux distributions
and it can run most Linux binaries.  I've suggested that
intermediate and advanced Linux users give it a try some
time (next time you're about to install an OS on a new
machine and you have a couple of days to "tinker" with
it).
</UL></BLOCKQUOTE>
<BLOCKQUOTE>
You might also try <A HREF="http://www.debian.org/">Debian</A>.  I'm slowly switching my home
systems and laptop over to it.  I just got my new
personal workstation up and running this weekend, got
my home directory tree (700Mb, mostly of e-mail archives)
transferred and have spent all day answer e-mail on it.
</BLOCKQUOTE>
<BLOCKQUOTE>
Let me give an example of what I like about Debian.
</BLOCKQUOTE>
<BLOCKQUOTE>
I chose a minimal installallation to start with (about
100Mb total. I upgraded it from the CD version to the
latest version of everything in "unstable" by editing
one file (<TT>/etc/apt/sources.list</TT>) and issuing one command
(apt-get update &amp;&amp; apt-get dist-upgrade -f).  It sucked
down 120 packages from the 'net and put them all in place.
</BLOCKQUOTE>
<BLOCKQUOTE>
Then I installed a curses package selection tool
(console-apt) and used that to select a few other programs
that I wanted (things like xemacs).  apt-get and console-apt
use the same selection database, and use the dpkg command
under the hood. They automatically get any libraries and
ancillary packages to resolve dependencies.
</BLOCKQUOTE>
<BLOCKQUOTE>
Later, after I'd transferred all of my home directory
files, I starting working like I prefer (running xemacs,
in viper-mode under 'screen').  At some point I typed a
word that look "wrong" and I hit [F3][$] (my personal xemacs
macro for spell-checking the word under my cursor).
Ooops, ispell wasn't installed!
</BLOCKQUOTE>
<BLOCKQUOTE>
So I switch to another VC, type:
</BLOCKQUOTE>
<BLOCKQUOTE><BlockQuote>
apt-get install ispell iamerican
</BlockQuote></BLOCKQUOTE>
<BLOCKQUOTE>
... wait about 30 seconds and go back to my editing.
my spell check now works.
</BLOCKQUOTE>
<BLOCKQUOTE>
Another time a few weeks ago I was answering a question
about LPRng.  I logged into my other Debian system
(a little file and mail server, antares), installed
the package, read the doc page I was looking for, and
removed it.  That was faster than hunting for it in
Yahoo!
</BLOCKQUOTE>
<BLOCKQUOTE>
That's what I like about Debian.  I've been doing that
sort of thing for months on my machine at the office.
</BLOCKQUOTE>
<BLOCKQUOTE>
In fairness to Red Hat and it's ilk, the 'rpmfind'
command (<A HREF="http://rufus.w3.org"
	>http://rufus.w3.org</A>) makes RPMs <EM>almost</EM> as easy
to manage.  However, debian does have a lot more
packages and apt-get seems more stable than rpmfind.
</BLOCKQUOTE>
<BLOCKQUOTE>
So far the Debian apt-get facility is the only one
that I've ever trusted with automatic system
upgrades.  I've been running regular dist-upgrades
on my box at work for months --- on the UNSTABLE
development series, the betas --- and I haven't
broken my system yet (sometimes one or two packages get
a bit messed up; but nothing that's caused real problems).
</BLOCKQUOTE>
<BLOCKQUOTE>
Meanwhile Debian is not for the UNIX novice.  Most
users would not know that xemacs and emacs call on
a program named 'ispell' and most wouldn't know that
the various dictionary/wordlist files for ispell are named
like iamerican, ibritish, etc.  While Debian has more
packages, part of this is because they them to a finer
granularity.  They don't put an IMAP daemon and a POP
daemon in the same package.  Also many of the Debian
packages are alternatives or are fairly obscure.  They
are the sort of thing that
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course the FreeBSD "ports" system is also pretty
good.  I'd still like to see something like it for
Linux.  (It gets the prize for most comprehensive use
of the 'make' command).
</BLOCKQUOTE>
<BLOCKQUOTE>
Anyway, I hope you track down the problem.  If it
does turn out to be a cracker, be sure to get the
latest security fixes when you re-install.  There have
been a number of bugs with wu-ftpd and ProFTPd recently
and they are being actively exploited. (Fixes for the
known bugs are at the Red Hat updates site, and at
the archive sites for most other Linux distributions.
</BLOCKQUOTE>
<BLOCKQUOTE>
As usually you should disable any services that you
don't absolutely need to run, limit access to your
non-anonymous services (using TCP Wrappers and/or
ipchains) wherever that's possible, replace 'telnet'
support with 'ssh', 'ssltelnet' or 'STEL', use
shadow passwords, etc.
</BLOCKQUOTE>
<BLOCKQUOTE>
Read the Security-HOWTO
(<A HREF="http://www.linuxdoc.org/HOWTO/Security-HOWTO.html"
	>http://www.linuxdoc.org/HOWTO/Security-HOWTO.html</A>)
and the Linux Administrator's Security Guide
(<A HREF="http://www.seifried.org/lasg"
	>http://www.seifried.org/lasg</A>) for lots of details on
that.
</BLOCKQUOTE>

<!-- sig -->


<!-- end 23 -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
	>Copyright &copy;</a> 1999, James T. Dennis 
<BR>Published in <I>The Linux Gazette</I> Issue 48 December 1999</H5>
<H6 ALIGN="center">HTML transformation  by
	<A HREF="mailto:star@starshine.org">Heather Stern</a> of
	Starshine Technical Services,
	<A HREF="http://www.starshine.org/">http://www.starshine.org/</A> 
</H6>
<P> <hr> <P>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<TABLE WIDTH="95%"><TR VALIGN="center" ALIGN="center">
<TD colspan="2" rowspan="2"><A 
	HREF="../lg_answer48.html"
	><IMG SRC="../../gx/dennis/answernew.gif"
              ALT="[ Answer Guy Current Index ]"></A>
<TD colspan="2" rowspan="2"><A 
	HREF="../../tag/kb.html"
	><IMG SRC="../../gx/dennis/answertoc.gif"
              ALT="[ Index of Past Answers ]"></A></td>
  <TD WIDTH="11%"><A HREF="../lg_answer48.html#greeting"><img
	src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A></TD>
  <TD WIDTH="11%"><A HREF="1.html">1</A></TD>
  <TD WIDTH="11%"><A HREF="2.html">2</A></TD>
  <TD WIDTH="11%"><A HREF="3.html">3</A></TD>
  <TD WIDTH="11%"><A HREF="4.html">5</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="11%"><A HREF="5.html">5</A></TD>
  <TD WIDTH="11%"><A HREF="6.html">6</A></TD>
  <TD WIDTH="11%"><A HREF="7.html">7</A></TD>
  <TD WIDTH="11%"><A HREF="8.html">8</A></TD>
  <TD WIDTH="11%"><A HREF="9.html">9</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="10.html">10</A></TD>
  <TD WIDTH="10%"><A HREF="11.html">11</A></TD>
  <TD WIDTH="10%"><A HREF="12.html">12</A></TD>
  <TD WIDTH="10%"><A HREF="13.html">13</A></TD>
  <TD WIDTH="11%"><A HREF="14.html">14</A></TD>
  <TD WIDTH="11%"><A HREF="15.html">15</A></TD>
  <TD WIDTH="11%"><A HREF="16.html">16</A></TD>
  <TD WIDTH="11%"><A HREF="17.html">17</A></TD>
  <TD WIDTH="11%"><A HREF="18.html">18</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="19.html">19</A></TD>
  <TD WIDTH="10%"><A HREF="20.html">20</A></TD>
  <TD WIDTH="10%"><A HREF="21.html">21</A></TD>
  <TD WIDTH="10%"><A HREF="22.html">22</A></TD>
  <TD WIDTH="11%"><A HREF="23.html">23</A></TD>
  <TD WIDTH="11%"><A HREF="24.html">24</A></TD>
  <TD WIDTH="11%"><A HREF="25.html">25</A></TD>
  <TD WIDTH="11%"><A HREF="26.html">26</A></TD>
  <TD WIDTH="11%"><A HREF="27.html">27</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="28.html">28</A></TD>
  <TD WIDTH="10%"><A HREF="29.html">29</A></TD>
  <TD WIDTH="10%"><A HREF="30.html">30</A></TD>
  <TD WIDTH="10%"><A HREF="31.html">31</A></TD>
  <TD WIDTH="11%"><A HREF="32.html">32</A></TD>
  <TD WIDTH="11%"><A HREF="33.html">33</A></TD>
  <TD WIDTH="11%"><A HREF="34.html">34</A></TD>
  <TD WIDTH="11%"><A HREF="35.html">35</A></TD>
  <TD WIDTH="11%"><A HREF="36.html">36</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="37.html">37</A></TD>
  <TD WIDTH="10%"><A HREF="38.html">38</A></TD>
  <TD WIDTH="10%"><A HREF="39.html">39</A></TD>
  <TD WIDTH="10%"><A HREF="40.html">40</A></TD>
  <TD WIDTH="11%"><A HREF="41.html">41</A></TD>
  <TD WIDTH="11%"><A HREF="42.html">42</A></TD>
  <TD WIDTH="11%"><A HREF="43.html">43</A></TD>
  <TD WIDTH="11%"><A HREF="44.html">44</A></TD>
  <TD WIDTH="11%"><A HREF="45.html">45</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD WIDTH="10%"><A HREF="46.html">46</A></TD>
  <TD WIDTH="10%"><A HREF="47.html">47</A></TD>
  <TD WIDTH="10%"><A HREF="48.html">48</A></TD>
  <TD WIDTH="10%"><A HREF="49.html">49</A></TD>
  <TD WIDTH="11%"><A HREF="50.html">50</A></TD>
  <TD WIDTH="11%"><A HREF="51.html">51</A></TD>
  <TD WIDTH="11%"><A HREF="52.html">52</A></TD>
  <TD WIDTH="11%"><A HREF="53.html">53</A></TD>
  <TD WIDTH="11%"><A HREF="54.html">54</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
  <TD colspan="3"><A HREF="55.html">55</A></TD>
  <TD colspan="3"><A HREF="56.html">56</A></TD>
  <TD colspan="3"><A HREF="57.html">57</A></TD>
</TR></TABLE>
</TR><TR VALIGN="center" ALIGN="center">
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<P> <hr> <P>
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<A HREF="../index.html"
	><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
<A HREF="../../index.html"
	><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
<A HREF="../lg_bytes48.html"
	><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
<A HREF="../../faq/index.html"
	><IMG SRC="../../gx/dennis/faq.gif"
              ALT="[ Linux Gazette FAQ ]"></A>
<A HREF="../lg_tips48.html"
	><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->