[lug] Backdoor Root

Alan Robertson alanr at suse.com
Fri Sep 29 23:52:28 MDT 2000


SoloCDM wrote:
> 
> Prior to my server update, when I made a backdoor root access, I would
> place a username at the end of the line for root after a comma in
> /etc/group, then I made a user in /etc/passwd with 0 uid, 0 gid, and
> /root as the account.  No matter where I was or what I did, I could
> act as root with all the same privileges.  Now it won't work with
> Mandrake 7.0.
> 
> The error for a user account is:
> 
>         su: incorrect password
> 
> when I use su - [super-user] or su [super-user].  Although, it does
> work when I'm logged in as root and I invoke su - [super-user].  It
> also shows the [super-user] name in the prompt.
> 
> Note: When you reply to this message, please include
>       the mailing list and my email address.

The short answer is "use sudo".  You can make it do the same thing (if you
want), or you can make it more secure, and it logs what you did, so you can
figure out "Now, how did I do *that*?"  

	-- Alan Robertson
	   alanr at suse.com




More information about the LUG mailing list