Hi

I just installed freebsd 7.1 on vmware , then installed gnome with "sysinstall" and everything worked fine but then i decided to install kde and i did , well , i should say its nice but the problem is i cannot run su or sudo when im loged in with a normal user , so i really stuck ! :(

When i type su or sudo i get this answer:

%su: Sorry



Tnx...

Are you a member of group "wheel"? If not, you need to add that to use su.

Check the output of
% groups <yourname>

No im not:(
Ive created another VM and installed another freebsd , but this time i first created a user and added it in wheel group before i install KDE (because gui root login is desabled by default in KDE) and then installed the kde and i could run the su command with that user !

I dunno why is that ? , but i dont like it , why a normal user cannot run su?!
:e

tnx sverreh :)

It's a fundamental part of FreeBSD's security model. FreeBSD won't let regular users su to root. They must be part of the wheel group. If you don't like it, learn to like it, because it prevents hackers who manage to crack a user account to grab root without too much additional effort.

Sounds reasonable
But whats gonna happen in a situation like mine , when i just installed the freebsd and i had no idea that there must be a user in wheel group ?

Tnx...

I would boot to single user and add a user in group wheel from there. In single user you are automatically root.

Or type ctrl+Alt+F2 and log in on the virtual terminal to do the job. type ctrl+Alt+F9 to get back to the GUI.

First of all , im new to FreeBSD .

I just tested what sverreh said , it worked , i even noticed that its possible to reset the root password in "single user mode" !

Why is that so easy to reset the root password with just few clicks?
So anyone that has physical access to your system could login to your system without any problems !
Of course physical security is so important , but at home?!!! , there is no physical security at home :e

Is there a way to disable this mode?(User Single Mode)

You can set single-user mode to ask for a password, see /etc/ttys. You will need a root password for setting that option.

Sounds reasonable
But whats gonna happen in a situation like mine , when i just installed the freebsd and i had no idea that there must be a user in wheel group ?

Tnx...
This can happen with every feature of every operating system.
That's why the documentation is important.

We are lucky as we have the Handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html) and the FAQ (http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/)
You can find your problem here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/admin.html#SU-WHEEL-GROUP

Tnx DutchDaemon for your help .

Ive checked it .
All i had to do was change the "secure" to "insecure" in "/etc/ttys" :

console none unknown off secure

to

console none unknown off insecure

Is there any other way to reset the root password or create a user account ? , i mean rescure disk or sth ?

And thanks ale for the Handbook .

This is my second day with FreeBSD :stud .

All i had to do was change the "secure" to "insecure" in "/etc/ttys"

And kill -HUP 1. Changing a password can be done with passwd, users can be added using adduser or pw.

Thanks
What i meant was is there any other way like "single user mode" to reset the root's password?

Yes, you can boot off a live cd and reset it.

Anyone that has physical access to the hardware will be able to access the data on that hardware. All they have to do is pull the harddrive, connect it to another system, and they can do whatever they want. :) And with netbooks and ide/sata-to-usb adapters, they don't even have to pull it from the case, just unplug the cord and connect it to the netbook.

You can make things difficult for people (insecure ttys entry, encrypt the harddrive, lock the computer case, lock the door to the room, etc), but the only way to make a computer completely impenetrable is to encase it in cement, and drop it down a very deep, very dark hole, and then cover that over with cement. :D

Network security is what you should really be concentrating on, unless you really don't trust your friends/roommates/family/etc. ;)

Is there anyway to disable the reset password by the live cd ?

Im agree with phoenix , when there is a physical access to the system so the data could be recovered , even if we encrypt the data or etc , this would only make the data access harder but not impossible .

but we should consider the knowledge that required for deciphering or breaking into a secure system , too ! , not everyone has that much of knowledge ! , as far as i know :)

We should do our best make our systems as secure as possible , is'nt that right? :OOO

By the way , its a good one :
to make a computer completely impenetrable is to encase it in cement, and drop it down a very deep, very dark hole, and then cover that over with cement

Is there anyway to disable the reset password by the live cd ?
I would suppose that if you encrypted / it would keep someone from doing so, until they could "brute force" the key.

Is there anyway to disable the reset password by the live cd ?


You could configure your BIOS to boot from harddisk first and set a BIOS password, so people cannot change that and thus boot a live cd. Then an intruder will have to open your computer to either get access to the drives or reset the BIOS (assuming everything after booting is locked well).

You could configure your BIOS to boot from harddisk first and set a BIOS password, so people cannot change that and thus boot a live cd.
BIOS passwords are notoriously simple to reset.

Then an intruder will have to open your computer to either get access to the drives or reset the BIOS (assuming everything after booting is locked well).
Which is easy to do if you have physical access.

The only way to prevent access to your data (and prevent the root password from being reset using a different boot device) is to use encryption.

Hello guys,
I have a similar problem too. I actually knew that I could login to a virtual console using the ctrl+alt+F(0-8) but this key combination does not work for me in KDE3 (which, by the way I installed using pkg_add -r kde-lite).

So what should I do now? I would like to run as root so that I could add a few users into the wheel group as you suggested and may be do a visudo too to add them to the /etc/sudoers file.

FYI, I am running freebsd 7.2 on a virtual machine using vmware player.

Looking to hear from you guys,

Just found this post as I was having a similar problem. Thanks for the replies, all. I just wanted to put in my 2 cents for how I found the answer on my own:
$ man su
"...PAM is used to set the policy su(1) will use. In particular, by default
only users in the ``wheel'' group can switch to UID 0 (``root'')..."

If you read further you will find indeed you can change this behavior if you don't like it.

Sometimes I think we forget to mention the man pages are a wealth of helpful information distributed on the system.