[Linux-disciples] Can't do root stuff.

Adam Kessel linux-disciples@bostoncoop.net
Fri, 21 Nov 2003 17:24:51 -0800 

There are many security concerns unrelated to the Internet.

One important purpose of the permissions system is to keep buggy software
from deleting all your files. It also keeps you from accidentally typing
rm -r / yourself and destroying your whole system.

In any case, the way to get out of your bind would be to boot directly
into the shell, skipping all the daemons, and then go take away
permissions from /etc/ssh/*.

You need to add init=/bin/sh to your boot line.  This is done slightly
differently in lilo or grub; I think it's easier in grub.  You hit 'e' to
edit the boot line, then add init=/bin/sh to the end of the line, then
hit 'b' to boot.

With lilo, I think you have to catch the boatloader, presumably with
shift, then choose your kernel and init=/bin/sh to that line. I haven't
used lilo in a couple of years, so I'm a little hazy on that.

Another thing you should note is that when you upgrade packages the
permissions will be returned to their proper settings.. there is a
command dpkg-statoverride that lets you change permissions and ownership
permanently, but I think it's a bad idea generally.

On Fri, Nov 21, 2003 at 05:16:12PM -0800, Karl Sokol wrote:
> My desktop is not attatched to the net and is in my
> bedroom, so security isn't a big concern to me on this
> machine.  So, I did chmod 777 *.  Now at startup, I
> get "Starting Open BSD Secure Shell server:sshd @@@@@@
> Warning: UNPROTECTED PRIVATE KEY FILE! @@@@
> Permissions 0777 for /etc/ssh/ssh_host_rsa_key are too
> open."  The same for dsa_key.
> 
> So, now I can't do any root stuff to harden the
> permissions (like logging in on root, su, sudo, chmod
> etc.).  A bit of an ironic catch-22.
> 
> Any suggestions?
> 
> 
> 
> =====
> "Which is more musical: a truck passing by a factory or a truck passing by a music school?" --John Cage
> 
> __________________________________
> Do you Yahoo!?
> Free Pop-Up Blocker - Get it now
> http://companion.yahoo.com/
> _______________________________________________
> Linux-disciples mailing list
> Linux-disciples@bostoncoop.net
> http://bostoncoop.net/mailman/listinfo/linux-disciples

-- 
Adam Kessel
http://bostoncoop.net/adam