The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't su to root

Discussion in 'General Discussion' started by Brook, Jul 8, 2009.

  1. Brook

    Brook Well-Known Member

    Joined:
    Apr 22, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Just got a new cpanel server and I usually disable root login (simply su from an admin account) but I can't seem to do it on this server - has anything in cpanel changed re super users?

    When I enter the password it tells me the password is incorrect (but I know it is correct). I've even tried manually changing the password via SSH (passwd) but still no joy :confused:

    Anyone have any ideas what's going on?
     
  2. Brook

    Brook Well-Known Member

    Joined:
    Apr 22, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Yes (sorry I forgot to mention that).
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Is the user you are trying to escalate a member of wheel?
     
  4. Brook

    Brook Well-Known Member

    Joined:
    Apr 22, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    That's odd! My replies gone above yours! Spooky o_O
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Looks like someone reset a clock around here ;)

    Anyway, you disabled root access and your administrator account
    is in fact a member of wheel but you are not able su or sudo to
    root access? What are the permissions on those utilities?

    I wonder if you are missing any permission flags or set to root only?

    You may need to re-enable root access and login as root to the shell
    and poke around a bit checking permissions of sudo both on the file itself
    and what is setup /etc, /etc/ssh configs, etc.

    May also want to make sure your admin user is loading up with a standard
    shell instead of jailshell which will also effect what you can do.

    Hope that helps
     
  6. Brook

    Brook Well-Known Member

    Joined:
    Apr 22, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the replies :)

    I haven't disabled root access yet :)

    I am using jalied shell for the admin account though - this is what I've always done and was under the impression it's safer that way?

    What commands should I run to check permissions? Anything else to look into?
     
  7. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Actually jailshell doesn't really offer any additional security and actually
    can bring you some headaches as you cannot use SUDO / SU commands
    on some newer versions on some of the Linux flavors (distributions).

    I actually avoid jailshell entirely because it lends itself too much to a
    false sense of security. A lot of server managers out there incorrectly
    believe jailshell offers additional security from being hacked by limiting
    the user's actions in SSH but the reality is that there are literally hundreds
    of ways to escalate privileges or bust out of the jailed session once logged
    in with a jailshell shell and any real hacker is going to know each and every
    one of those so the only people you limit are the average regular users
    who wouldn't know enough to do any harm anyway.

    In a similar vain, disabling direct root logins doesn't hurt but does not
    really offer much additional protection. You could argue that the hacker
    needs two passwords instead of one and that may or may not be true
    since there are also other ways to get to root aside from using the
    standard SU login once in a regular user account.

    Mathematically speaking, you are just as good having an unusually long
    random password for root and installing a login attempt defense such as
    the LFD system that comes with Chirpy's CSF firewall. For increased
    security, I recommend disabling password logins completely and using
    certificate based logins under at least protocol 2 on a non-standard port.

    Good luck to anyone attempting brute force hacks as they not only
    would need to know the login port but would have to already have the
    correct encryption certificate which cannot be guessed since you have
    a login defense for one (see above) and because each character in the
    certificate adds an exponential increased difficulty in decoding that
    makes brute force unrealistic even in the best of situations and the
    hacker would have to resort to some other method of attack.

    If you really want to lock down security, I'd be happy to help you with
    that directly or go over a much longer list of items to address with
    many that are often missed or forgotten such as for example setting
    your partition for /tmp non-executable without escalation bits,
    securing vulnerable OS components, updating with the latest patches
    to all software components and libraries, setting up a good firewall,
    portscanner, hack attempt monitors, mod_security (always a good idea),
    mod_evasive (helps with some web DOS conditions), using SuPHP,
    methods for better tracking of user activity, Using SuHosin, Closing
    out security vulnerabilities in named, exim, and other services, etc.

    I could actually type all night long on the subject just simply making
    a flat list of things you should do to protect your server.

    Like I said, if you want to go over those, talk to me. I will be heading
    to bed fairly soon but I'll be on tomorrow on and off, of course. :D

    Just your standard "ls -la" and "lsattr" will tell you plenty ...

    Code:
    # cd /usr/bin
    # lsattr /usr/bin/sudo /bin/su
    [b]------------- sudo
    ------------- su
    [/b]
    
    # ls -la /usr/bin/sudo /bin/su
    [b]---s--x--x 2 root root 150904 Jun 27 18:55 sudo*[/b]
    [b]-rwsr-x--- 1 root wheel 28336 Jun 28 23:24 su*[/b]
    
    Root has "rws" so the setid bit is set and root could run su as well which
    is pretty obvious since that is kind of the point of su.

    Notice the that "su" is grouped to wheel and has "r-x" for group permissions
    which means that anyone that is a member of "wheel" can run it while
    everyone else has "---" which means no access.

    Now the reason for pointing this out is that I have seen a number of servers
    where the administrators or data center setting it up set the group to something
    other than wheel or locked down access to root only such as "-rws------" for su
    which would be rather pointless and do more harm than good but that is something
    you should double check and make sure that you don't have going on with your server.

    I would also open up /etc/sudoers in an editor and see how you have sudo configured

    While in the /etc folder, it doesn't hurt to take a look at /etc/passwd and take note
    of how both your "root" and the user account designated to be your admin account look.
     
    #7 Spiral, Jul 9, 2009
    Last edited: Jul 9, 2009
    Brook likes this.
  8. Brook

    Brook Well-Known Member

    Joined:
    Apr 22, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Some excellent info there Sprial - thanks for posting.

    Have you thought about creating an article on securing/setting up your cpanel server and then putting it on your own website (or starting a new one just for it) and then putting a link to it in your sig here? You could put google ads on the site to compensate for your time ;-) I am sure lots of people would mention/link to it :cool:

    The guide here is way out of date, and so there's a definitely a call for one!

    Back to my topic here, I've done a lot of the changes as mentioned in the current guide including installing CSF. I haven't gone with certificate based logins as I don't really understand them - for eg, what if I have to log-in to the server from someone else's pc? How would that work? Do you have a link to an easy guide on setting it up?

    Re jailshell, won't I still need that to use sftp? (sorry I'm a bit of a nube!).

    Thanks again for your help!
     
  9. venon

    venon Registered

    Joined:
    Jul 14, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Not every server give root access.
    Especially if it is a shared server.

    Check with your hosting company they will let you know if your new server has root access
     
Loading...

Share This Page