DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default root password is blank

my friend install FreeBSD 7 , he has three user on his system and use Gnome and XFCE4 and FluxBox
in this evening he run
Code:
sysinstall
and press
Code:
Enter
and he do not understand what he do , after minutes he log out from sysinstall and open new terminal and type
Code:
su
after press Enter he see this mesage
Code:
Who are you
after reboot system he type bagher for login the system and then type pass
but he see this message
Code:
sorry
when he type root and press enter he can login as root without password
and root dose not has password
so he have to add new user

what you think ?
and why this happen ??
Reply With Quote
  #2   (View Single Post)  
Old 8th May 2008
richardpl richardpl is offline
Spam Deminer
 
Join Date: May 2008
Location: Croatia
Posts: 284
Default

Quote:
Originally Posted by mfaridi View Post
in this evening he run
Code:
sysinstall
Interesting part of story is missing here.
Quote:
Originally Posted by mfaridi
and press
Code:
Enter
and he do not understand what he do , after minutes he log out from sysinstall and open new terminal and type
How he could log out from sysinstall?
Reply With Quote
  #3   (View Single Post)  
Old 8th May 2008
lvlamb's Avatar
lvlamb lvlamb is offline
Real Name: Louis V. Lambrecht
Spam Deminer
 
Join Date: May 2008
Location: .be
Posts: 221
Default

Sysinstall is on single user mode.
You can ctrl+C and go to the terminal.
In fact, one of the methods to reset as root's password if you are too lazy to click the proper menu choices.
__________________
da more I know I know I know nuttin'
Reply With Quote
  #4   (View Single Post)  
Old 8th May 2008
roddierod's Avatar
roddierod roddierod is offline
Real Name: Rod Person
VPN Cryptographer
 
Join Date: Apr 2008
Location: Pittsburgh, Pa
Posts: 437
Default

I think he didn't give root a password when he setup the system. Why? because he forgot or made a mistake.

Anyway, all he needs to do is login as root. Then type:
Code:
passwd
__________________
"The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use the words." -Philip K. Dick

Last edited by roddierod; 8th May 2008 at 06:06 PM. Reason: brain freeze with sudo and su...
Reply With Quote
  #5   (View Single Post)  
Old 8th May 2008
lvlamb's Avatar
lvlamb lvlamb is offline
Real Name: Louis V. Lambrecht
Spam Deminer
 
Join Date: May 2008
Location: .be
Posts: 221
Default

You can su (switch user) to any user as long as you know that user's password (you can su to another user on the system, not only root).
Being a member of group wheel is managed by sudo you can even set to not ask for a password. Linuxism.
__________________
da more I know I know I know nuttin'
Reply With Quote
  #6   (View Single Post)  
Old 8th May 2008
roddierod's Avatar
roddierod roddierod is offline
Real Name: Rod Person
VPN Cryptographer
 
Join Date: Apr 2008
Location: Pittsburgh, Pa
Posts: 437
Default

you are correct. i had a moment of confusion and corrected my post...
__________________
"The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use the words." -Philip K. Dick
Reply With Quote
  #7   (View Single Post)  
Old 8th May 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Default

use of sysinstall is best avoided for administration.

take a look at /etc/passwd and see if its ok.
Reply With Quote
  #8   (View Single Post)  
Old 11th May 2008
pcfxer pcfxer is offline
Port Guard
 
Join Date: May 2008
Location: Ottawa, Ontario, Canada
Posts: 14
Default

I believe your friend is entering sysinstall to reach the "you should have a root" password prompt, however, he isn't and simply exits from sysinstall. sysinstall will NEVER overwrite anything unless YOU tell it to.

So, what you need to do is login as root then type passwd and press enter. Now type the new ROOT password and hit enter, it will ask you twice for confirmation. Assuming your friend is doing what I think he is (i.e., reinstalling a lot of /usr stuff), type adduser and press enter, follow the prompts...make sure to make the login group: wheel if you want to enable su to root witht that user.

Regards,
Brodey
Reply With Quote
  #9   (View Single Post)  
Old 11th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default

Quote:
Originally Posted by ephemera View Post
use of sysinstall is best avoided for administration.

take a look at /etc/passwd and see if its ok.

I see /etc/passwd , my friend computer have three user bagher , google and yahoo , but after that , I can not find bagher and google and yahoo in /etc/passwd and I think all user was deleted ,

My friend set new password for root and then make new user and right now he use FreeBSD 7
but it is not clear what he do with sysinstall and he lose all user and root password change to Blank.
Reply With Quote
Old 12th May 2008
pcfxer pcfxer is offline
Port Guard
 
Join Date: May 2008
Location: Ottawa, Ontario, Canada
Posts: 14
Default

I don't quite remember the sysinstall menus off by hand, but I believe that he is reinstalling the FreeBSD "core" via the "standard","express", or "custom" options.

You should only sysinstall for "configure" and "upgrade". Typically "Fix It" is used in single user mode because you can't do too much when mounted/booted up. I have done this when I was new that's why it's ringing a few bells.
Reply With Quote
Old 16th May 2008
coppermine's Avatar
coppermine coppermine is offline
Port Guard
 
Join Date: May 2008
Posts: 40
Default

I think he done similar "heroic" works like me some time ago. I ran the sysinstall on already installed system and ordered to install core files. As a result I got virgin /etc/passwd file... That was a good lesson and cold water shower.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
weak password=broken knasbas OpenBSD Security 6 1st July 2009 08:44 PM
A failure in password security TerryP Off-Topic 3 25th September 2008 03:19 AM
change root password. bsdnewbie999 OpenBSD General 1 16th September 2008 01:29 PM
Set password for Folder mfaridi FreeBSD Security 6 5th September 2008 10:49 PM
Anyone Install Password Gorilla revzalot OpenBSD Installation and Upgrading 3 26th August 2008 03:58 AM


All times are GMT. The time now is 04:34 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick