[RESOLVED] User can connect as root (su) even with wrong password

LinuxNewbie1498

New Member
Joined
Oct 8, 2021
Messages
3
Reaction score
1
Credits
30
Hi,

I'm struggling with a security issue, i have a machine in OpenSuse 15.2, the root user does have a password.
If any user uses the command :
su - root
or just
a password is asked but whatever the user types he gets to become root (even if it is empty).

I looked in the visudo and there is nothing for "su" so i don't think that's it.
I think it's about the PAM somewhere but i can't find anything in the files, i looked at "rsh" "rexec" and "rlogin" which are the configuration files for PAM that i know of.
The user i'm testing on is local.
 


Gonna go through some steps:
- Make sure nothing is derped on root account. Log out of everything remote and local and ensure ssh server is not running. Now locally login as root and change the password passwd
- Using nano/vi/whatever, edit etc/sudoers and remove any users (and their primary group) that must not have privilege escalation. Save. Now look for all the groups (they start with "%" signs) that are in sudoers (grep % /etc/sudoers also works). Common sudoers groups are wheel, sudo, and admin. But note them all and their privilege. Most dangerous are "ALL=(ALL) ALL".
- Now you want to remove the right to sudo from all remote users by removing them from the admin, sudo, wheel, etc. groups. You can do this with the deluser command (which I'll use), or by searching through /etc/groups and searching each group you noted. For the first method:
deluser <username> <group, eg "sudo"
- Now you have an underprivileged user. As an added security layer, check ssh does not allow root access remotely. The default is not to. In case not, go to ssh's config, and change the "PermitRootLogin" value to no.
- Reboot server & client and se how it goes.
 
Hi,
Thank you for your answer.

I should have specified it in my post but the basic user cannot be underprivileged, I use the sudoer file to grant access to some commands to the user such as the "route" command

Also the SSH connection as root cannot be disabled either, as it is used for admin access.

I looked through the sudoers file and I couldn't find anything weird going on.

My problem is really that the basic user that can connect as root even when typing a wrong password.
 
That doesn't seem to all add up. If you don't have a serious reason not to, I'd do a full reinstall and new config. Sometimes you spend more time troubleshooting than doing a reset. Only other thing I can think of is an auto-login / persistent session cookie, and that the login prompt is merely displaying by glitch and you've already auto-logged in. This is speculation as I doubt there's a way to make SSH behave this way.
 
Well Done !

Would you kindly edit your topic's title,so that it reads ....

SOLVED, User can connect as root (su) even with wrong password
 

Members online


Top