# Root account locked out

## steve_zr

Hi All,

This is my first post on this forum so i would like to say hi and apologize if this is in the wrong place.

Unfortunately my gentoo box has locked the root account and i am unable to login.

The error message that appears is:

'This account is restricted by rssh.

This user is locked out.'

I am completely new to linux and i was not the person who set up this installation.

Thankyou in advance for your help

----------

## MostAwesomeDude

Remote login, right? Can you login as a limited user and then su or sudo?

----------

## steve_zr

It looks as though its a complete lockout, i cannot logon to the root account locally or remotely

I could try, how would i su or sudo?

I do apologize as i am a complete noob

----------

## downer

 *steve_zr wrote:*   

> It looks as though its a complete lockout, i cannot logon to the root account locally or remotely
> 
> I could try, how would i su or sudo?
> 
> I do apologize as i am a complete noob

 

```
$ su -
```

 or 

```
$ sudo /bin/bash
```

----------

## steve_zr

Well unfortunately I haven't been given the su password so i cant do that, is there a way of upgrading another account to a root without the need for the root account or am i in trouble. We have a web page running on that server but i am unable to restart apache to get it running, can i do this without the root account?

----------

## downer

 *steve_zr wrote:*   

> Well unfortunately I haven't been given the su password so i cant do that, is there a way of upgrading another account to a root without the need for the root account or am i in trouble. We have a web page running on that server but i am unable to restart apache to get it running, can i do this without the root account?

 

that is what su is for  :Wink: 

su stands for "set userid", meaning you can take on the role of any user, without arguments it defaults to uid 0, ie root. and it is root's password you need.

sudo on the other hand defaults to ask for your own password i'm not mistaken, it can be changed in the configs.. but then you need root access.

//D

----------

## steve_zr

When i try using su it gives me a permission denied message, is this due to a wrong password or it is because of the /etc/passwd file for the root has been changed to /usr/bin/rssh instead on /bin/bash ?

----------

## downer

 *steve_zr wrote:*   

> When i try using su it gives me a permission denied message, is this due to a wrong password or it is because of the /etc/passwd file for the root has been changed to /usr/bin/rssh instead on /bin/bash ?

 

does /usr/bin/rssh exist? and is it a valid shell..?

try running 

```
$ su -s /bin/bash
```

you can specify shell with -s.

//D

----------

## Hu

The easiest way to fix this is to halt the machine, boot a LiveCD, and modify /etc/passwd using the LiveCD environment.  You will be down for the duration, but it is straightforward and much less trouble than trying to find a security flaw in the current configuration.

----------

## downer

 *Hu wrote:*   

> The easiest way to fix this is to halt the machine, boot a LiveCD, and modify /etc/passwd using the LiveCD environment.  You will be down for the duration, but it is straightforward and much less trouble than trying to find a security flaw in the current configuration.

 

easier than running su with a working shell and fixing it from there..?  :Smile: 

//D

----------

## schachti

 *downer wrote:*   

> easier than running su with a working shell and fixing it from there..? 

 

Which will only work

* if there is another user account on that machine,

* if he knows the password of this account, and

* if this account is member of the wheel group.

----------

## downer

 *schachti wrote:*   

> Which will only work
> 
> * if there is another user account on that machine,
> 
> * if he knows the password of this account, and
> ...

 

true, but it is a good place to start, rather than bringing out the big guns at once, right?

from what steve_zr wrote:

 *Quote:*   

> Well unfortunately I haven't been given the su password so i cant do that, is there a way of upgrading another account to a root without the need for the root account or am i in trouble. 

 

I got the impression that he at least is able to login as a normal user, meaning the first 2 points are not really an issue and if he was following the install guide chances are the user is in wheel.

//D

----------

## Hu

 *downer wrote:*   

>  *schachti wrote:*   Which will only work
> 
> * if there is another user account on that machine,
> 
> * if he knows the password of this account, and
> ...

 

He is not following the installation guide.  He has inherited a fully installed system.  He does not have the root password.  He does not have sudo access, as far as we know.  The only way he can attain superuser access is to get the root password, to get into an account with sudo access, or to find some security flaw that can be exploited for a privilege escalation attack.  I presume that he cannot get the root password or he would have done so by now.  Similarly, I presume that sudo is not enabled for any user or he would have mentioned it.

Finally, the fact that root is using rssh instead of sh or bash is not a good sign, and may impact his ability to administer the system even if he managed to run a shell as root.  Therefore, I suggested using the LiveCD so that he could fix the shell at the same time as he changes the root password.

----------

## downer

 *Hu wrote:*   

> He is not following the installation guide.  He has inherited a fully installed system.  He does not have the root password.  He does not have sudo access, as far as we know.  The only way he can attain superuser access is to get the root password, to get into an account with sudo access, or to find some security flaw that can be exploited for a privilege escalation attack.  I presume that he cannot get the root password or he would have done so by now.  Similarly, I presume that sudo is not enabled for any user or he would have mentioned it.
> 
> Finally, the fact that root is using rssh instead of sh or bash is not a good sign, and may impact his ability to administer the system even if he managed to run a shell as root.  Therefore, I suggested using the LiveCD so that he could fix the shell at the same time as he changes the root password.

 

Well, maybe the person who set it up did..? Someone gave him access to the computer, and we don't know if he has sudo access or not (from the looks of it, asking how to use sudo or su implies that he does not know himself), thus simply typing "su -" or "sudo bash" seemed like a logical first step to see if it worked, if it doesn't by all means, reboot the system. 

//D

----------

## padoor

you can boot with cd and chroot into your system and make new passwd.

how do you login now?

try same passwd for root also.

if it wouldnt work then make new passwd from cd boot up.

----------

## steve_zr

Sorry it has taken me so long to reply, i have been on holiday  :Smile: 

I have gotten the root password but su or sudo do not work, i have not been made part of the 'wheel' by the looks of this.

As HU said i have inherited a fully installed system without any training on how to use it unfortunately, i will try the live cd now in order to try and gain access that way. Is there anything i need to try before this or is there anything i need to be aware of?

Thankyou for being so helpful both

----------

## steve_zr

Good news everyone!!!! (i've always wanted to say that)

We managed to fix the problem by logging on using the "single" user account when booting coupled with the "init=/bin/bash/" command at the grub boot screen. Which then enabled me to reset the password and the shell.

I'm not sure how we stumbled across that but thankyou everyone for your help

No doubt you will be hearing from me on a regular basis

----------

