fognl

Get off my lawn.

Tuesday, June 27, 2006

Screwing oneself on a secure OS

Here's today's commandment in system administration when dealing with a secure OS:

"Thou shalt Know what commands do before thou doest execute them."

I added a group to my Linux box, intending to add my own userid to that group to give myself access to certain functions on the machine. So, I typed the following command:

/usr/sbin/usermod -G (groupname) (username)

...where "(groupname)" and "(username)" are, of course, not the actual values I used.

The important thing is that "-G" switch. My meaning was "Add the specified userid to the specified group". Which it did. What it also did was to remove the specified userid from every other group." I forgot the "-a".

The effects are many and immediately noticeable. Playing audio is suddently out of the question. So is accelerated video, or plugging USB devices in, or (worst of all) fixing the aforementioned problems, since this system doesn't have a discrete "root" user for things like that, and I just kicked myself out of the A/V club called the "admin" group. If I try to do any of those things, the velvet rope comes up, and I'm kicked out of the party going on in my own house. I'm free to stand in the entry way, and think about how cool it would be to go elsewhere, but that's about it.

This is the second time I've screwed something up on a *nix machine while running as "root" (not couning the time that SuSE wiped out my wife's partition table while installing alongside Windows. I wasn't "root" then, anyway.).

The first time, I was young and reckless, and I deleted /etc/passwd, intending to replace it with a backup (but forgetting to do so). I logged out, and got a prompt that said "I don't know you." I tried logging in elsewhere. "I don't know you." I talked to the computer like Scotty on Star Trek, yelling directly into the mouse, microphone-style, and got the same response.

I think it's kind of interesting that, in both cases, the computer came out of the knife fight just fine. It just sits there fending off my attempts to log in. If I were to reboot my Linux system without fixing the problem, it would continue to just work like it does now (kind of like a plane on auto-pilot).


Well, it's not that interesting. I guess I better fix it.

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home