# root denied shutdown?



## eggblade1 (Dec 14, 2012)

Hello FreeBSD community. Straight to the point, I went to shutdown my server and it said I needed to be the Super-User. I am logged in as a wheel user, user1, and shutting down through root, su. I am clueless as to what I did. Never had this problem before. I've restarted with the power button but still same issue. Useing su, I can still access all files and update as if I were root but I cannot shutdown. Additionally, when logging into the machine as root, manually, from my garage, It says that root is not found. And gives an error saying Root does not own permission to the masterpasswrd file. 

I will post exact errors tomorrow once I get back to my house. This has just been eatting up my mind so I was hopeing to get some feedback.

Thanks in advance,
    -Ty


----------



## SirDice (Dec 14, 2012)

Not really important in this case but what version of FreeBSD?

When you say logging in as root manually, from the garage, what does that mean? Logged in on the console or via ssh(1)? If you enabled root logins over ssh(1), that would be a bad idea.


----------



## eggblade1 (Dec 14, 2012)

Sorry for the lack of info. 

FreeBSD 9.0

When I say log in from garage, I'm hosting it there. Useing a keyboard and monitor to get directly into the system.  Root over ssh is disabled. It won't let me log into FreeBSD as root. User group is not found.


----------



## SirDice (Dec 14, 2012)

Did you update recently? Used mergemaster(8)? Sometimes mergemaster(8) needs to add accounts and if you don't pay attention you're going to nuke your passwd and group files.


----------



## eggblade1 (Dec 14, 2012)

```
Login:root
www login: _secure_path: /etc/login.conf is not owned by root
Password www login: login_getclass: unknown class 'root'
www sm-mta[1399]: qBECgEwc001399: SYSERR(root): collect cannot write ./dfqBECgEwc00139 (bfcommit, uid=0, gid=25): permission denied
```

Code like that repeats itself several times until ctr-c. 

Again, I am trying to login directly from the machine, without ssh or anything. 

The issue appears again when trying to shutdown via ssh useing SU, says su is not super-user... 

I can log into a user, but root is broken.

Will post more soon.


----------



## SirDice (Dec 14, 2012)

Can you post your /etc/passwd file? It looks like 'root' doesn't have UID 0 anymore.


----------



## eggblade1 (Dec 14, 2012)

*/etc/passwd*

cat /etc/passwd


```
root:*:0:0:Charlie &:/root:/bin/tcsh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
hast:*:845:845:HAST unprivileged user:/var/empty:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
tyler:*:1001:0:tyler:/home/tyler:/usr/local/bin/bash
mysql:*:88:88:MySQL Daemon:/var/db/mysql:/usr/sbin/nologin
ftp:*:14:5:Anonymous Ftp:/var/ftp:/nonexistent
```


----------



## SirDice (Dec 14, 2012)

Hmm. That looks normal, which only makes the errors stranger :\


----------



## eggblade1 (Dec 14, 2012)

ls -l of root files. should root be a wheel account? or am I just reading this wrong... seems strange to me.

Thanks for your help thus far.


```
[tyler@www ~]$ ls -l /
total 46
-r--r--r--   1 user1  wheel  6199 Jan  2  2012 COPYRIGHT
drwxr-xr-x   2 user1  wheel    46 Jan  2  2012 bin
drwxr-xr-x   8 user1  wheel    41 Dec 11 11:10 boot
dr-xr-xr-x   7 root   wheel   512 Dec 14 09:07 dev
-rw-------   1 root   wheel  4096 Dec 14 08:52 entropy
drwxr-xr-x  20 user1  wheel   103 Dec 14 01:26 etc
drwxr-xr-x   3 root   wheel     3 Dec 11 01:21 home
drwxr-xr-x   3 root   wheel    48 Dec 11 11:10 lib
drwxr-xr-x   3 user1  wheel     5 Dec 11 01:14 libexec
drwxr-xr-x   2 user1  wheel     2 Jan  2  2012 media
drwxr-xr-x   2 user1  wheel     2 Jan  2  2012 mnt
dr-xr-xr-x   2 user1  wheel     2 Jan  2  2012 proc
drwxr-xr-x   2 root   wheel   141 Dec 11 11:10 rescue
drwxr-xr-x   2 user1  wheel     9 Dec 12 14:34 root
drwxr-xr-x   2 user1  wheel   130 Dec 11 11:10 sbin
lrwxr-xr-x   1 root   wheel    11 Jan  2  2012 sys -> usr/src/sys
drwxrwxrwt   6 user1  wheel     8 Dec 14 09:07 tmp
drwxr-xr-x  16 root   wheel    16 Dec 11 01:14 usr
drwxr-xr-x  23 user1  wheel    23 Dec 14 09:07 var
drwxr-xr-x   3 user1  wheel     3 Dec 12 15:40 www
```


----------



## wblock@ (Dec 14, 2012)

Either someone has been mistakenly aggressive with chown(8), or you've got security problems.


----------



## kpa (Dec 14, 2012)

Start with running these to fix the directory permissions:

`# cd /`
`# mtree -U -f /etc/mtree/BSD.root.dist`
`# mtree -U -p /usr -f /etc/mtree/BSD.usr.dist`
`# mtree -U -p /var -f /etc/mtree/BSD.var.dist`


----------



## eggblade1 (Dec 14, 2012)

am I looking at a mandatory reinstall? I had just got everything configured how I liked it. This isn't the first time I've gotten too comfortable behind the root account. :/


----------



## SirDice (Dec 17, 2012)

I'm wondering why some directories are now owned by user1 when they should be owned by root. Try using the commands kpa posted, that should 'reset' the permissions to what they're supposed to be.


----------



## eggblade1 (Dec 18, 2012)

Even after making the changes, the problem persists. I decided that the time put into troubleshooting waasnt worth it. Formatted and reinstalled.


----------

