How I broke and later fixed root shell

By | July 1, 2017

I was playing with shell changes and accidentally changed root user shell to nonexistent one. How did it happen? From Ubuntu terminal I switched to root’s environment executing “sudo su -” and then I tried to change login shell for root user performing chsh command. Instead of specifying correct shell with path like “/bin/sh” I typed only “sh”. The system presented reply about the error I made, but in the same time it changed a record in the system file /etc/passwd from correct one to erroneous. On terminal window it looked as:


root@vealomrea-virtualbox:~# chsh -s sh
chsh: Warning: sh does not exist

Later I logged in to my Linux box through ssh, tried to switch to super user and received this:


vealomrea@vealomrea-virtualbox:~$ sudo su –
[sudo] password for vealomrea:
Cannot execute sh: No such file or directory
vealomrea@vealomrea-virtualbox:~$ su –
su: Authentication failure
vealomrea@vealomrea-virtualbox:~$

The following messages were logged in /var/log/auth.log file:


Jun 29 15:29:01 vealomrea-VirtualBox su[2613]: pam_unix(su:auth): authentication failure;
logname=vealomrea uid=1000 euid=0 tty=/dev/pts/18 ruser=vealomrea rhost= user=root
Jun 29 15:29:03 vealomrea-VirtualBox su[2613]: pam_authenticate: Authentication failure
Jun 29 15:29:03 vealomrea-VirtualBox su[2613]: FAILED su for root by vealomrea
Jun 29 15:29:03 vealomrea-VirtualBox su[2613]: – /dev/pts/18 vealomrea:root

The problem was because the login shell for root user was broken. I opened /etc/passwd file in text editor


$ sudo nano /etc/passwd

and found that line for root user account was looked like:


root:x:0:0:root:/root:sh

Definitely it was incorrect, correct shells’ locations are

and found that line for root user account was looked like:


$ cat /etc/shells
# /etc/shells: valid login shells
/bin/sh
/bin/dash
/bin/bash
/bin/rbash

I replaced the line in /etc/passwd for root user account to:


root:x:0:0:root:/root:/bin/bash

saved /etc/passwd file and rebooted my Linux box. When I logged in agent and “sudo su -” started to work as expected and /var/log/auth.log showed this:


Jun 29 16:19:52 vealomrea-VirtualBox sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jun 29 16:19:52 vealomrea-VirtualBox su[2301]: Successful su for root by root

Leave a Reply

Your email address will not be published. Required fields are marked *