The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Su not working for me, locked out of root

Discussion in 'Security' started by angelleye, Jun 7, 2015.

  1. angelleye

    angelleye Active Member

    Joined:
    Nov 25, 2011
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kansas City, MO
    cPanel Access Level:
    Root Administrator
    Twitter:
    I was following a guide about securing my server where it talked about disabling SSH root logins so that you have to login with a regular user and then use su/sudo to gain root access.

    Per the guide, I added my regular user to the Wheel Group in WHM, and then I logged in via SSH using my root user/password so that I could adjust /etc/ssh/sshd_config. I updated the port being used and I also set PermitRootLogin to no to disable root logins.

    This all worked fine, and now I can use the new port to connect via SSH using my regular user (and root no longer works here). The problem is when I try to use "su root" and I enter the root password (the same password that I used previously when I edited the sshd_config file) it's telling me the password is incorrect. It's also still the same password I use to login to the WHM control panel, so I know the password is good.

    I've seen in forums where people say this can happen if the su script is no longer owned by root, but when I browse to that I see "root wheel" as the owner/group, so that doesn't seem to be my problem.

    Again, I checked that my regular user is added to the Wheel Group in WHM, so I'm very confused why it's not working for me, and at this point I can't do anything that requires root, so I'm a little panicked.

    Any information on how I can resolve this would be greatly appreciated. Thanks!
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Do you happen to have CSF installed? You could use the "watch system logs" feature to watch /var/log/secure while you try to auth to root.

    The su binary should be root/wheel on a cPanel system, but it also needs to be chmod 4750. The 4 in front of 750 is important so that it's suid when it executes. If you're even able to run the 'su' command at all, the user is in the wheel group, so that's probably not your issue.

    last but not least check cphulk... it can lock you out of root on your own system if someone else is brute forcing you at the moment.
     
  3. angelleye

    angelleye Active Member

    Joined:
    Nov 25, 2011
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kansas City, MO
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thanks for the response. I was reading about that and I was planning on installing it, but I haven't gotten there yet because this whole thing happened before I was able to play with that.

    I have a little bit more info here. Going through the WHM Security Advisor it told me to set the users to have jailed shells, so I had done that. I found through Google somewhere that su root will not work with jailed shell accounts, and that's what was causing the username to be returned as incorrect.

    So now I'm back in again with the "normal shell", and now when I run su root (or su - root) I get this error.

    su: cannot set user id: Resource temporarily unavailable.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Is "WHM Home » Security Center » Shell Fork Bomb Protection" enabled on this system? If so, does the issue continue when it's disabled?

    Thank you.
     
    angelleye likes this.
  5. angelleye

    angelleye Active Member

    Joined:
    Nov 25, 2011
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kansas City, MO
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, it was enabled, and yes, disabling it seems to resolve my issue! Thanks!

    I'm a little worried, though, because the WHM info in here tells me I should leave this enabled. How am I supposed to fully secure this thing of the security measures conflict with each other?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  7. angelleye

    angelleye Active Member

    Joined:
    Nov 25, 2011
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kansas City, MO
    cPanel Access Level:
    Root Administrator
    Twitter:
Loading...

Share This Page