The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Installed cP DNS-only, now can't su to root

Discussion in 'Bind / DNS / Nameserver Issues' started by philpem, Jun 1, 2006.

  1. philpem

    philpem Member

    Joined:
    Aug 12, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hi,
    I've just installed cPanel DNS-Only on a server and clustered it with the master server and have now found out (rather helpfully AFTER I dropped root access) that I can't run su. It seems the cPanel installer has rigged su so that only people in the wheel group can su to root. At the moment only root is in the wheel group...
    Ordinarily I'd use WHM to add a user to the wheel group, but I can't do this because DNS-only doesn't include the wheel group manager.

    Is there any way to add a user to the wheel group either via WHM or some other means? I do have the affected server's Remote Access Key, root password and all the other details to hand, it's just that I can't su because Cpanel has locked me out...

    Thanks.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's standard linux (requiring wheel group membership for su). You'll have to login on the serial console and fix it.
     
  3. philpem

    philpem Member

    Joined:
    Aug 12, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Well, before I installed cP on the server I now can't su on, three users had wheel access. Now those users have had their wheel access removed - it looks like cPanel's installer has rewritten the /etc/group file so that only root is a member of the wheel group...

    And with SSH set to "root can't log in", and the host provider (it's a dedicated server) refusing any support (because we were given the root password), it seems I'm pretty much sunk :(

    Thanks.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Then it's probably a good sign that you should get a different server provider that actually offers the basic support required with a dedicated server - i.e. hands-on help at the console, which is a must and it's inexcusable not to provide it.
     
  5. philpem

    philpem Member

    Joined:
    Aug 12, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hm, looks like I got the wrong end of the stick - they do provide support (i.e. they will hook up a keyboard and monitor and run commands as root if you lock yourself out) but they need the root password to do it, and they "reserve the right to charge" for doing it.. Guess that's to stop people messing up their servers then expecting the admins to fix it.

    In any case, I used public key authentication to get past the problem. Turns out I had "PermitRootLogin" set to "without-password" in sshd_config, which means I can log in as root using my private key (but not a password). I found a copy of the aforementioned keyfile on my pendrive, tried it and it worked. Ten minutes later, the three admin users had wheel access again and BIND was up and running again.

    I think I'm going to leave PK auth enabled just in case something like this happens again...
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Great! PK authentication is, IMO, the best way to go anyway. Glad you got back in without problems in the end.
     
Loading...

Share This Page