| 2006-10-09 00:14:03 |
David Green |
description |
This bug is related to existing bug 39444
Used Users and Groups tool in Ubuntu Linux Dapper drake to add a user to another group. After operation was completed discovered my account no longer had admin rights in my ssh shell. sudo did not work and most of the menu items were gone from System -> Administraton. su failed with bad password for root. I first thought hacking but I am have both HW and SW firewall with no service ports open on the HW firewall.
ichecked the auth.log file and found the below - timestamped for when I made my changes. This is not the complete log. just know that all the other users have the same entries as root. The entry 18954 to add sandi to group smbusers is the change I wanted. The admin tool also thought it needed to remove me from that group and modify all the other usernames and passwords. It should not be doing this. The same thing happened a few weeks ago when I made the same change - I had to reinstall Ubuntu for unrelated reasons.
Oct 7 22:30:53 Hawking sudo: crokett : TTY=unknown ; PWD=/home/crokett ; USER=root ; COMMAND=/usr/bin/users-admin
Oct 7 22:30:55 Hawking sudo: crokett : TTY=pts/2 ; PWD=/home/crokett ; USER=root ; COMMAND=/bin/sh -c env LANG="en_US.UTF-8" LANGUAGE="en" /usr/share/setup-tool-backends/scripts/users-conf --report
Oct 7 22:31:15 Hawking gpasswd[18952]: remove member crokett from group smbusers by root
Oct 7 22:31:15 Hawking gpasswd[18954]: add member sandi to group smbusers by root
Oct 7 22:31:15 Hawking gpasswd[18956]: add member crokett to group smbusers by root
Oct 7 22:31:15 Hawking usermod[18958]: change user `root' GID from `0' to `0'
Oct 7 22:31:15 Hawking usermod[18958]: change user `root' shell from `/bin/bash' to `/bin/bash'
Oct 7 22:31:15 Hawking usermod[18958]: change user `root' password
Oct 7 22:31:15 Hawking usermod[18960]: change user `daemon' GID from `1' to `1'
Oct 7 22:31:16 Hawking usermod[18960]: change user `daemon' shell from `/bin/sh' to `/bin/sh'
Oct 7 22:31:16 Hawking usermod[18960]: change user `daemon' password
Oct 7 22:31:16 Hawking usermod[18962]: change user `bin' GID from `2' to `2'
Oct 7 22:31:16 Hawking usermod[18962]: change user `bin' shell from `/bin/sh' to `/bin/sh'
Oct 7 22:31:16 Hawking usermod[18962]: change user `bin' password
The fix for me was to use the user admin tool to change the root password - should not have been able to do this as a non-admin. From there I could run usermod as root to add myself back to the admin group - did not want to do this via the useradmin tool. When I changed the root password I got these log entries again. This is also not the complete list but should confirm that the users and groups admin tool is doing things it should not including allowing a non-admin to reset root's password
Oct 7 23:28:57 Hawking sudo: crokett : TTY=unknown ; PWD=/home/crokett ; USER=root ; COMMAND=/usr/bin/users-admin
Oct 7 23:29:00 Hawking sudo: crokett : TTY=pts/1 ; PWD=/home/crokett ; USER=root ; COMMAND=/bin/sh -c env LANG="en_US.UTF-8" LANGUAGE="en" /usr/share/setup-tool-backends/scripts/users-conf --report
Oct 7 23:29:41 Hawking usermod[5382]: change user `root' GID from `0' to `0'
Oct 7 23:29:42 Hawking usermod[5382]: change user `root' shell from `/bin/bash' to `/bin/bash'
Oct 7 23:29:42 Hawking usermod[5382]: change user `root' password
Oct 7 23:29:42 Hawking usermod[5384]: change user `daemon' GID from `1' to `1'
Oct 7 23:29:42 Hawking usermod[5384]: change user `daemon' shell from `/bin/sh' to `/bin/sh'
Oct 7 23:29:42 Hawking usermod[5384]: change user `daemon' password
Oct 7 23:29:42 Hawking usermod[5386]: change user `bin' GID from `2' to `2'
Oct 7 23:29:42 Hawking usermod[5386]: change user `bin' shell from `/bin/sh' to `/bin/sh'
Oct 7 23:29:42 Hawking usermod[5386]: change user `bin' password
Oct 7 23:29:42 Hawking usermod[5388]: change user `sys' GID from `3' to `3'
|
This bug is related to existing bug 39444
Used Users and Groups tool in Ubuntu Linux Dapper drake to add a user to another group. After operation was completed discovered my account no longer had admin rights in my ssh shell. sudo did not work and most of the menu items were gone from System -> Administraton. su failed with bad password for root. I first thought hacking but I have both HW and SW firewall with no service ports open on the HW firewall. Also my router logs show no attempts to get through.
I checked the auth.log file and found the below - timestamped for when I made my changes. This is not the complete log. just know that all the other users have the same entries as root. The entry 18954 to add sandi to group smbusers is the change I wanted. The admin tool also thought it needed to remove me from that group and modify all the other usernames and passwords. It should not be doing this. The same thing happened a few weeks ago when I made the same change - I had to reinstall Ubuntu for unrelated reasons. I didn't report it then since I thought it was related to Windows fubaring my Linux install
Oct 7 22:30:53 Hawking sudo: crokett : TTY=unknown ; PWD=/home/crokett ; USER=root ; COMMAND=/usr/bin/users-admin
Oct 7 22:30:55 Hawking sudo: crokett : TTY=pts/2 ; PWD=/home/crokett ; USER=root ; COMMAND=/bin/sh -c env LANG="en_US.UTF-8" LANGUAGE="en" /usr/share/setup-tool-backends/scripts/users-conf --report
Oct 7 22:31:15 Hawking gpasswd[18952]: remove member crokett from group smbusers by root
Oct 7 22:31:15 Hawking gpasswd[18954]: add member sandi to group smbusers by root
Oct 7 22:31:15 Hawking gpasswd[18956]: add member crokett to group smbusers by root
Oct 7 22:31:15 Hawking usermod[18958]: change user `root' GID from `0' to `0'
Oct 7 22:31:15 Hawking usermod[18958]: change user `root' shell from `/bin/bash' to `/bin/bash'
Oct 7 22:31:15 Hawking usermod[18958]: change user `root' password
Oct 7 22:31:15 Hawking usermod[18960]: change user `daemon' GID from `1' to `1'
Oct 7 22:31:16 Hawking usermod[18960]: change user `daemon' shell from `/bin/sh' to `/bin/sh'
Oct 7 22:31:16 Hawking usermod[18960]: change user `daemon' password
Oct 7 22:31:16 Hawking usermod[18962]: change user `bin' GID from `2' to `2'
Oct 7 22:31:16 Hawking usermod[18962]: change user `bin' shell from `/bin/sh' to `/bin/sh'
Oct 7 22:31:16 Hawking usermod[18962]: change user `bin' password
The fix for me was to use the user admin tool to change the root password - should not have been able to do this as a non-admin. From there I could run usermod as root to add myself back to the admin group - did not want to do this via the useradmin tool. When I changed the root password I got these log entries again. This is also not the complete list but should confirm that the users and groups admin tool is doing things it should not including allowing a non-admin to reset root's password
Oct 7 23:28:57 Hawking sudo: crokett : TTY=unknown ; PWD=/home/crokett ; USER=root ; COMMAND=/usr/bin/users-admin
Oct 7 23:29:00 Hawking sudo: crokett : TTY=pts/1 ; PWD=/home/crokett ; USER=root ; COMMAND=/bin/sh -c env LANG="en_US.UTF-8" LANGUAGE="en" /usr/share/setup-tool-backends/scripts/users-conf --report
Oct 7 23:29:41 Hawking usermod[5382]: change user `root' GID from `0' to `0'
Oct 7 23:29:42 Hawking usermod[5382]: change user `root' shell from `/bin/bash' to `/bin/bash'
Oct 7 23:29:42 Hawking usermod[5382]: change user `root' password
Oct 7 23:29:42 Hawking usermod[5384]: change user `daemon' GID from `1' to `1'
Oct 7 23:29:42 Hawking usermod[5384]: change user `daemon' shell from `/bin/sh' to `/bin/sh'
Oct 7 23:29:42 Hawking usermod[5384]: change user `daemon' password
Oct 7 23:29:42 Hawking usermod[5386]: change user `bin' GID from `2' to `2'
Oct 7 23:29:42 Hawking usermod[5386]: change user `bin' shell from `/bin/sh' to `/bin/sh'
Oct 7 23:29:42 Hawking usermod[5386]: change user `bin' password
Oct 7 23:29:42 Hawking usermod[5388]: change user `sys' GID from `3' to `3'
|
|
