only root allowed login ...

.... ciao:

all of a sudden, i am only able to login as root. this is not
something i was trying to accomplish, and at a loss in figuring out
how i did. anyway.

as a given, login as a valid user, with correct password, terminated
immediately, with a new login prompt. invalid login attempts iterate
until a new session initiated.

ftp, and smtp allowed, telnet fails.

i'm not seeing anything mentioned in the logs with regard to failed
normal user login. i'm at a loss as to where i might start looking.

any thoughts, suggestion would be much appreciated ...

--
.... it's not what you see ,
but in stead , notice ...
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

Possibly a permissions problem. Check the permissions for the user's home
directory.

Can you su into a user from the root login?




On Sat, 11 Jun 2011, terry white wrote:

> ... ciao:
>
> all of a sudden, i am only able to login as root. this is not something
> i was trying to accomplish, and at a loss in figuring out how i did. anyway.
>
> as a given, login as a valid user, with correct password, terminated
> immediately, with a new login prompt. invalid login attempts iterate until a
> new session initiated.
>
> ftp, and smtp allowed, telnet fails.
>
> i'm not seeing anything mentioned in the logs with regard to failed
> normal user login. i'm at a loss as to where i might start looking.
>
> any thoughts, suggestion would be much appreciated ...
>
> --
> ... it's not what you see ,
> but in stead , notice ...
> --
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

--
Marshall Lake -- mlake@mlake.net -- http://www.mlake.net
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

Am Samstag, 11. Juni 2011 schrieb terry white:
> ... ciao:
>
> all of a sudden, i am only able to login as root. this is not
> something i was trying to accomplish, and at a loss in figuring out
> how i did. anyway.
>
> as a given, login as a valid user, with correct password, terminated
> immediately, with a new login prompt. invalid login attempts iterate
> until a new session initiated.
>
> ftp, and smtp allowed, telnet fails.
>
> i'm not seeing anything mentioned in the logs with regard to failed
> normal user login. i'm at a loss as to where i might start looking.
>
> any thoughts, suggestion would be much appreciated ...
hard disk full ?

--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

=46TP and smtp do not require a full shell. Telnet does. The main
difference between an ftp-only or mail-only user and a full system
user is that the latter has a shell defined in its corresponding line
in /etc/passwd. The others would have something like /sbin/nologin.

If you can log in to ftp and transfer files back and forth, but not
login with a shell, my guess is the user's directory is not
accessible. This could be due to a number of things:

- the user's directory has been erased, or was changed in
/etc/passwd. It could also have changed ownership (root can do that
and it is not difficult to have it happen accidentally).

- the shell field in /etc/passwd may have been erased or changed for
that user, so the account is ftp-only.

Other variants that escape me now could be the cause, but the
fundamental issue seems to be the impossibility to create a shell and
assign a working directory to the account.

Gerardo Juarez


On Sun, Jun 12, 2011 at 12:42 AM, Markus Koßmann e> wrote:
> Am Samstag, 11. Juni 2011 schrieb terry white:
>> ... ciao:
>>
>> all of a sudden, i am only able to login as root. this is not
>> something i was trying to accomplish, and at a loss in figuring out
>> how i did. anyway.
>>
>> as a given, login as a valid user, with correct password, termi=
nated
>> immediately, with a new login prompt. invalid login attempts iterat=
e
>> until a new session initiated.
>>
>> ftp, and smtp allowed, telnet fails.
>>
>> i'm not seeing anything mentioned in the logs with regard to fa=
iled
>> normal user login. i'm at a loss as to where i might start looking=

>>
>> any thoughts, suggestion would be much appreciated ...
> hard disk full ?
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-admin=
" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

Also check out the permissions of the directories above the users home
directories.=A0 E.g., "ls -ld /", "ls -ld /home/".

Run "last" and if the logins apear there, also check the content of
the /etc/profile and ~account-that-cannot login/.profile.


On 12 June 2011 02:07, Gerardo Juarez-Mondragon m> wrote:
>
> FTP and smtp do not require a full shell. Telnet does. The main
> difference between an ftp-only or mail-only user and a full system
> user is that the latter has a shell defined in its corresponding line
> in /etc/passwd. The others would have something like /sbin/nologin.
>
> If you can log in to ftp and transfer files back and forth, but not
> login with a shell, my guess is the user's =A0directory is not
> accessible. This could be due to a number of things:
>
> - the user's directory has been erased, or was changed in
> /etc/passwd. It could also have changed ownership (root can do that
> and it is not difficult to have it happen accidentally).
>
> - the shell field in /etc/passwd may have been erased or changed for
> that user, =A0so the account is ftp-only.
>
> Other variants that escape me now could be the cause, but the
> fundamental issue seems to be the impossibility to create a shell and
> assign a working directory to the account.
>
> Gerardo Juarez
>
>
> On Sun, Jun 12, 2011 at 12:42 AM, Markus Koßmann de> wrote:
> > Am Samstag, 11. Juni 2011 schrieb terry white:
> >> ... ciao:
> >>
> >> =A0 =A0 =A0all of a sudden, i am only able to login as root. =A0th=
is is not
> >> something i was trying to accomplish, and at a loss in figuring ou=
t
> >> how i did. =A0anyway.
> >>
> >> =A0 =A0 =A0as a given, login as a valid user, with correct passwor=
d, terminated
> >> immediately, with a new login prompt. =A0invalid login attempts it=
erate
> >> until a new session initiated.
> >>
> >> =A0 =A0 =A0ftp, and smtp allowed, telnet fails.
> >>
> >> =A0 =A0 =A0i'm not seeing anything mentioned in the logs with rega=
rd to failed
> >> normal user login. =A0 i'm at a loss as to where i might start loo=
king.
> >>
> >> =A0 =A0 =A0any thoughts, suggestion would be much appreciated ...
> > hard disk full ?
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-adm=
in" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at =A0http://vger.kernel.org/majordomo-info.htm=
l
> >
> --
> To unsubscribe from this list: send the line "unsubscribe linux-admin=
" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at =A0http://vger.kernel.org/majordomo-info.html



--
"Life on Earth may be expensive,
=A0but it comes with a free ride around the Sun."
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

On Sat, Jun 11, 2011 at 08:46, terry white wrote:
> =A0 =A0all of a sudden, i am only able to login as root. =A0this is n=
ot something

Computers are deterministic machines. Nothing happens 'all of the sudd=
en'.

The "Have you recently dicked with" checklist:
1) pam
2) ulimits
3) permissions
4) selinux
5) /etc/passwd
6) .bashrc .bash_profile /etc/profile*
7) df -h (Is the disk full)

> =A0 =A0as a given, login as a valid user, with correct password, term=
inated
> immediately, with a new login prompt. =A0invalid login attempts itera=
te until
> a new session initiated.

Sounds like a shell related problem if it seems to instantaneously log
in and then kick you back out. check the .bashrc .bash_profile
/etc/profile* files for recent modifications. See if setting a user's
shell to something else (csh, ksh, zsh, ash) makes a difference.

> =A0 =A0ftp, and smtp allowed, telnet fails.

Telnet should fail. It does sound like a malicious attacker has
compromised your system though, because that's the only way
authenticated FTP would be working. And I hope to got you're using
TLS on smtp.

> =A0 =A0i'm not seeing anything mentioned in the logs with regard to f=
ailed
> normal user login. =A0 i'm at a loss as to where i might start lookin=
g.

Which logs have you checked so far?
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

On 06/11/2011 07:16 PM, terry white wrote:
> ... ciao:
>
> all of a sudden, i am only able to login as root. this is not something
> i was trying to accomplish, and at a loss in figuring out how i did.
> anyway.
>
> as a given, login as a valid user, with correct password, terminated
> immediately, with a new login prompt. invalid login attempts iterate
> until a new session initiated.
>
> ftp, and smtp allowed, telnet fails.
>
> i'm not seeing anything mentioned in the logs with regard to failed
> normal user login. i'm at a loss as to where i might start looking.
>
> any thoughts, suggestion would be much appreciated ...
>

/var/log/message is your friend.

Regards,
Seenu.
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

Or /var/log/secure depending on your distro.

What login method are you utiizing?



On 6/12/11, Srinivasa T N wrote:
> On 06/11/2011 07:16 PM, terry white wrote:
>> ... ciao:
>>
>> all of a sudden, i am only able to login as root. this is not something
>> i was trying to accomplish, and at a loss in figuring out how i did.
>> anyway.
>>
>> as a given, login as a valid user, with correct password, terminated
>> immediately, with a new login prompt. invalid login attempts iterate
>> until a new session initiated.
>>
>> ftp, and smtp allowed, telnet fails.
>>
>> i'm not seeing anything mentioned in the logs with regard to failed
>> normal user login. i'm at a loss as to where i might start looking.
>>
>> any thoughts, suggestion would be much appreciated ...
>>
>
> /var/log/message is your friend.
>
> Regards,
> Seenu.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

--
Sent from my mobile device
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

Depending upon how your system is set up, the issue could have something
to do with your /home partition, either full, or not mounting. When you
are logged in as root can you get into your /home directory fine?

On 06/12/2011 09:57 PM, Ben Kevan wrote:
> Or /var/log/secure depending on your distro.
>
> What login method are you utiizing?
>
>
>
> On 6/12/11, Srinivasa T N wrote:
>> On 06/11/2011 07:16 PM, terry white wrote:
>>> ... ciao:
>>>
>>> all of a sudden, i am only able to login as root. this is not something
>>> i was trying to accomplish, and at a loss in figuring out how i did.
>>> anyway.
>>>
>>> as a given, login as a valid user, with correct password, terminated
>>> immediately, with a new login prompt. invalid login attempts iterate
>>> until a new session initiated.
>>>
>>> ftp, and smtp allowed, telnet fails.
>>>
>>> i'm not seeing anything mentioned in the logs with regard to failed
>>> normal user login. i'm at a loss as to where i might start looking.
>>>
>>> any thoughts, suggestion would be much appreciated ...
>>>
>> /var/log/message is your friend.
>>
>> Regards,
>> Seenu.
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>

--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

.... ciao:

: on "6-12-2011" "Billy Crook" writ:
: Computers are deterministic machines. Nothing happens 'all of
: the sudden'.

"all of a sudden, i am only able to login as root. this is not
something i was trying to accomplish, and at a loss in figuring out
how i did."

perhaps, in context, 'all of a sudden' makes more sense. CLEARLY, my
problem is the direct result of something i did. not to make too fine a
point of it, it is possible to make a configuration change, and have the
results of that change, show up much later. its appearance seems
'sudden' and the 'root' cause, may not be immediately obvious.

i would even hazard the observation that a cron event, 'sudden'.


: See if setting a user's shell to something else (csh, ksh, zsh, ash)
: makes a difference.

changed to 'csh' with same result.


: And I hope to got you're using TLS on smtp.

i am at a complete loss in understanding 'how' TLS relevant.


: Which logs have you checked so far?

syslog*, kernel*, messages*, wtmp*, btmp, secure* ...


--
.... it's not what you see ,
but in stead , notice ...
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

Could you also check your /etc/shells?



On 6/13/11, terry white wrote:
> ... ciao:
>
> : on "6-12-2011" "Billy Crook" writ:
> : Computers are deterministic machines. Nothing happens 'all of
> : the sudden'.
>
> "all of a sudden, i am only able to login as root. this is not
> something i was trying to accomplish, and at a loss in figuring out
> how i did."
>
> perhaps, in context, 'all of a sudden' makes more sense. CLEARLY, my
> problem is the direct result of something i did. not to make too fine a
> point of it, it is possible to make a configuration change, and have the
> results of that change, show up much later. its appearance seems
> 'sudden' and the 'root' cause, may not be immediately obvious.
>
> i would even hazard the observation that a cron event, 'sudden'.
>
>
> : See if setting a user's shell to something else (csh, ksh, zsh, ash)
> : makes a difference.
>
> changed to 'csh' with same result.
>
>
> : And I hope to got you're using TLS on smtp.
>
> i am at a complete loss in understanding 'how' TLS relevant.
>
>
> : Which logs have you checked so far?
>
> syslog*, kernel*, messages*, wtmp*, btmp, secure* ...
>
>
> --
> ... it's not what you see ,
> but in stead , notice ...
> --
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

--
Sent from my mobile device
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.

---515927645-1603629318-1307975733=:31356
Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1
Content-Transfer-Encoding: 8BIT
Content-ID:

.... ciao:

: "Marshall Lake"
: Possibly a permissions problem.
drwxr-x--- 27 twhite twhite 3072 2011-06-13 07:03 twhite
drwxr-x--- 8 t.white t.white 1024 2011-06-09 03:58 t.white
drwx------ 2 ups ups 1024 2009-10-18 13:35 ups
drwxr-x--- 20 wd0fpc wd0fpc 2048 2011-06-13 04:50 wd0fpc

: Can you su into a user from the root login?
yes


: "Markus Koßmann"
: hard disk full ?
no. 38% free space


: "Yuri Rodrigues Braz"
: A possible reason is that exists the file /etc/nologin
ls: cannot access /etc/nologin: No such file or directory


: "Herta Van den Eynde"
: E.g., "ls -ld /", "ls -ld /home/".
drwxr-xr-x 23 root root 3072 2011-06-13 07:28 /
drwxr-xr-x 27 root root 1024 2011-06-06 05:07 /home/


: "Ben Kevan"
: What login method are you utiizing?

from a local machine, into root, then su 'user' ...


--
.... it's not what you see ,
but in stead , notice ...
---515927645-1603629318-1307975733=:31356--
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

On 06/13/2011 01:01 PM, terry white wrote:
> ... ciao:
>
> : on "6-12-2011" "Billy Crook" writ:
> : Computers are deterministic machines. Nothing happens 'all of
> : the sudden'.
>
> "all of a sudden, i am only able to login as root. this is not
> something i was trying to accomplish, and at a loss in figuring out
> how i did."
>
> perhaps, in context, 'all of a sudden' makes more sense. CLEARLY, my
> problem is the direct result of something i did. not to make too fine a
> point of it, it is possible to make a configuration change, and have the
> results of that change, show up much later. its appearance seems
> 'sudden' and the 'root' cause, may not be immediately obvious.
>
> i would even hazard the observation that a cron event, 'sudden'.
>
>
> : See if setting a user's shell to something else (csh, ksh, zsh, ash)
> : makes a difference.
>
> changed to 'csh' with same result.
>
>
> : And I hope to got you're using TLS on smtp.
>
> i am at a complete loss in understanding 'how' TLS relevant.
>
>
> : Which logs have you checked so far?
>
> syslog*, kernel*, messages*, wtmp*, btmp, secure* ...
>
>

Are there entries in /etc/shadow for these users?


--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.

---1463810303-1690038356-1307996027=:28026
Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE


Which shell are you using? Check the contents of the applicable .[login]=
=20
files for something which might be inhibiting login completion.




On Mon, 13 Jun 2011, terry white wrote:

> ... ciao:
>
> : "Marshall Lake"
> :=09Possibly a permissions problem.
> drwxr-x--- 27 twhite twhite 3072 2011-06-13 07:03 twhite
> drwxr-x--- 8 t.white t.white 1024 2011-06-09 03:58 t.white
> drwx------ 2 ups ups 1024 2009-10-18 13:35 ups
> drwxr-x--- 20 wd0fpc wd0fpc 2048 2011-06-13 04:50 wd0fpc
>
> :=09Can you su into a user from the root login?
> yes
>
>
> : "Markus Koßmann"
> :=09hard disk full ?
> no. 38% free space
>
>
> : "Yuri Rodrigues Braz"
> :=09A possible reason is that exists the file /etc/nologin
> ls: cannot access /etc/nologin: No such file or directory
>
>
> : "Herta Van den Eynde"
> :=09E.g., "ls -ld /", "ls -ld /home/".
> drwxr-xr-x 23 root root 3072 2011-06-13 07:28 /
> drwxr-xr-x 27 root root 1024 2011-06-06 05:07 /home/
>
>
> : "Ben Kevan"
> :=09What login method are you utiizing?
>
> from a local machine, into root, then su 'user' ...
>
>
> --=20
> ... it's not what you see ,
> but in stead , notice ...

--=20
Marshall Lake -- mlake@mlake.net -- http://www.mlake.net
---1463810303-1690038356-1307996027=:28026--
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

terry white wrote:

> i'm not seeing anything mentioned in the logs with regard to failed
> normal user login. i'm at a loss as to where i might start looking.
>
> any thoughts, suggestion would be much appreciated ...

Once you've tried the obvious possibilities, a systematic approach is
to log in as root, then run e.g.:

strace -f -o login.txt login twhite

and analyse the resulting file for clues as to where it's going wrong.

--
Glynn Clements
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

.... ciao:

i'd like the thank everyone that offered opinions, suggestions, and
hints with regard 'my' problem.

thanks ...

--
.... it's not what you see ,
but in stead , notice ...
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

On 06/20/2011 02:07 PM, terry white wrote:
> ... ciao:
>
> i'd like the thank everyone that offered opinions, suggestions, and
> hints with regard 'my' problem.
>
> thanks ...
>
Please post the final solution.

Regards,
Seenu.
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: only root allowed login ...

: on "6-14-2011" "Glynn Clements" writ:

: Once you've tried the obvious possibilities, a systematic approach is
: to log in as root, then run e.g.:
: strace -f -o login.txt login twhite

that offered a wealth of information. 200+MB. i started ploughing
through it, and found a syscall for which i did not have a manpage. i
have a hunch, that somewhere between 2.2 and 2.4 kernels, i screwed up.

given that, building a new system probably a more time efficient
approach. i have zero confidence i could affect a fix without doing
further damage. but, thanks for the pointer to strace; an impressive
tool.

and linux just kept on, keepin' on ...

--
.... it's not what you see ,
but in stead , notice ...
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html