Fresh install lock out
Fresh install lock out
So, fresh install (backup server) with an admin user.
Can't sudo as "effective uid is not 0"; "su -" fails to authenticate with the correct password, sshd is not starting by default.
So, can't make any changes to the machine as can't log in as root or use sudo.
Surely, that should not be happening.
Can't sudo as "effective uid is not 0"; "su -" fails to authenticate with the correct password, sshd is not starting by default.
So, can't make any changes to the machine as can't log in as root or use sudo.
Surely, that should not be happening.
Re: Fresh install lock out
CentOS 7 (1511 ISO)
Default security profile
Re: Fresh install lock out
Can you reproduce this problem with the current supported version, 7.4.1708? Please try that first.
Re: Fresh install lock out
Yup, downloaded CentOS-7-x86_64-DVD-1708.iso this morning. Installed as Backup server with default security settings, same thing happened. Then used an older 1511 iso on a fresh VM - same steps, same result.avij wrote:Can you reproduce this problem with the current supported version, 7.4.1708? Please try that first.
user added to wheel at install
/bin/su & /usr/bin/su owned by uid 1000, not root, can't chown to root:root - not permitted
Currently downloading 6.9 to check if that's OK
Edit:
looks like ssh is not off, just fails to load properly
Code: Select all
$ systemctl | grep sshd
sshd.service loaded activating auto-restart
Last edited by uns3en on 2017/09/15 16:59:58, edited 2 times in total.
Re: Fresh install lock out
Do you have any idea why your /usr/bin/su is not owned by root? Are you using some sort of a kickstart script which does odd things after installation in its %post section?
Re: Fresh install lock out
No scripts. Just the default options.avij wrote:Do you have any idea why your /usr/bin/su is not owned by root? Are you using some sort of a kickstart script which does odd things after installation in its %post section?
Edit: scratch that. I changed user home directory to '/'. I wonder if the setup did
Code: Select all
usermod -d / user && chown user:user /
I'll see if leaving it at '/home/user' actually eliminates the issue.
Re: Fresh install lock out
I'm sorry, but I can't reproduce this problem myself.
I'd need more detailed steps to reproduce this problem.
edit: yes, setting / as the user's home directory can indeed cause problems.
Code: Select all
$ ssh root@192.168.122.235
The authenticity of host '192.168.122.235 (192.168.122.235)' can't be established.
ECDSA key fingerprint is SHA256:VqW+oCVQe+gRGFuoPtncJIVD7vquL5VyuMrhp0YG0DU.
No matching host key fingerprint found in DNS.
ECDSA key fingerprint is MD5:28:7f:2f:16:c7:87:ba:fd:68:03:d4:62:17:a9:e5:d6.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.122.235' (ECDSA) to the list of known hosts.
root@192.168.122.235's password:
[root@c74minimaliso4 ~]# su - anssi
[anssi@c74minimaliso4 ~]$ groups
anssi wheel
[anssi@c74minimaliso4 ~]$ su - root
Password:
Last login: Fri Sep 15 12:58:25 EDT 2017 from 192.168.122.1 on pts/0
[root@c74minimaliso4 ~]# ls -ln /usr/bin/{su,sudo}
-rwsr-xr-x. 1 0 0 32096 Aug 4 07:18 /usr/bin/su
---s--x--x. 1 0 0 143184 Aug 4 10:38 /usr/bin/sudo
edit: yes, setting / as the user's home directory can indeed cause problems.
Re: Fresh install lock out
Only during the install it seems. I have other CentOS 6 & 7 VMs running perfectly with the admin's directory set to '/'. The only difference is that those accounts were created manually after the install. Looks like the installer indeed does a chown on directory during the install as half the folders in '/' belong to the admin user not root. Someone might want to set a check for that and not do a chown if directory is set to '/' or at least not allow to select that.avij wrote:I'm sorry, but I can't reproduce this problem myself.
...
edit: yes, setting / as the user's home directory can indeed cause problems.
I'll let you know if not setting it to / resolved the issue.
Re: Fresh install lock out
Issue Update:
Not setting user's home directory to '/' at install eliminates the issue entirely.
Not setting user's home directory to '/' at install eliminates the issue entirely.