[lug] Re: Backdoor Root

Alan Robertson alanr at suse.com
Sat Sep 30 21:23:32 MDT 2000


SoloCDM wrote:
> 
> Alan Robertson wrote:
> >
> > SoloCDM wrote:
> > >
> > > Prior to my server update, when I made a backdoor root access, I would
> > > place a username at the end of the line for root after a comma in
> > > /etc/group, then I made a user in /etc/passwd with 0 uid, 0 gid, and
> > > /root as the account.  No matter where I was or what I did, I could
> > > act as root with all the same privileges.  Now it won't work with
> > > Mandrake 7.0.
> > >
> > > The error for a user account is:
> > >
> > >         su: incorrect password
> > >
> > > when I use su - [super-user] or su [super-user].  Although, it does
> > > work when I'm logged in as root and I invoke su - [super-user].  It
> > > also shows the [super-user] name in the prompt.
> >
> > The short answer is "use sudo".  You can make it do the same thing (if you
> > want), or you can make it more secure, and it logs what you did, so you can
> > figure out "Now, how did I do *that*?"
> 
> I'm going to go for what's behind door number 2.  How do I get su to
                                                                 ^^
I assume you mean "sudo", and not "su"?      --------------------++


> work?  Also, isn't sudo an application not on the normal distribution?

What normal distribution?  Is there a normal distribution?

It's on SuSE Linux, along with about 2000 other packages :-)  If you use one
of those *other* distributions ;-) , you can get it in various places -
probably the powertools CD for Red Hat, for example.  In general, for
RPM-based distributions, you should probably look for most any RPM package
at http://rpmfind.net/  Sudo is no exception.

Sudo's home page is here:
	http://www.courtesan.com/sudo/

So:

	Get sudo

	Install it

	Read the "sudoers" man page.  You have *LOTS* of options.

You can let your own login do anything root can do and ask for a password
"every so often" (like 5 minutes of inactivity forces another request for
the password).

You can let your own login do everything root can do, and never ask for a
password.

You can let any given login do some of the things root can do, and either
ask for a password or not.

You can set it up so you can do certain things as other (non-root) people
without going through sudo or su to root first.

My guess is you want to do one of the first two, from what you said.

	-- Alan Robertson
	   alanr at suse.com




More information about the LUG mailing list