Synology Inc. Online Community Forum

[eludlow]

I think I've stupidly managed to lock myself out of the root account....

SSHd in as root, installed bash and then opened /etc/passwd to change default shell - instead of saying /opt/bin/bash I set it to /bin/bash

Now I obv can't login as root to change it back- anyone got any suggestions? Could I create a link of some sort from /bin/bash to /opt/bin/bash?

Thanks in advance.

Ed Ludlow

[eludlow]

OK problem solved - in my confusion I still had another SSH window open, logged in as root....thank god!

[illwill]

I managed the same, but I don't have a window open to fix it.. What can I do?. This feels really bad!

[bzhou]

Worst case, shut it down, take the disk out and mount on a linux machine, modify the file.

[illwill]

Hmm, ok thanks. But it's a RAID1 solution (in ds207+). Wouldn't that break "things"?

[merty]

Do you still have rights for admin and firmware 7.22 ? If so, you might construct your own 'spk' file. Installation of a package will be done under root rights, so in the installer script, you can do whatever you want under root rights to set everything back. Other option would be to install configfile editor (http://www.mertymade.com/syno/). Edit it's own configfile to make, for instance '/usr/syno/etc/rc.d/S97apache-user.sh' accessible via the editor. Edit in the 'start' section the extra commands you want to add. Turn 'webservices' off and on in your configuration or reboot the diskstation, et voila, commands are executed.

If you don't have admin access, there is still the possibility to gain it, as long as you can create php files accessible by the 'user' webserver. But pm me about that details, I don't think it is good to explain here to every one how to hack a diskstation ...

Regards,

Remco

[illwill]

Hi Remco!

Million thanks for the effort, this would probably have worked like a charm, but I thought it wasn't possible without removing the disks and putting it in another computer so I did a firmware-reset a couple of hours ago on my synology, loosing all my settings and installed packages , but keeping the data (phew!). I will never change the shell of the root user again! . I wish I wasn't always in such a hurry to fix things! .

Regards,
Pontus

[glem01]

A practical hint - but zero points for security, of course:
Add a line pointing to a full-perm script on some accessible share into /etc/rc.local. This way you could run some shell commands in a file, e.g. /volume1/myshare/SOS.sh with permissions set to 777, on startup of the diskstation. Edit this file, insert any commands you need, you could easily change files or passwords too using awk, sed or expect. I'd recommend at least to put the file on a share only you have access to and to delete it when not needed.
Glem

[waffl]

Sigh, I made the same stupid mistake. However, I managed to recover with the method mentioned! (Thanks!!) I couldn't even use su or sudo because it wasn't installed.

I installed the "Config File Editor" package from http://www.mertymade.com/syno/#cfe

Then edited the "Config File Editor" config itself to add /etc/passwd as one of the editable files.

Luckily it worked, I changed the shell back to /bin/ash

However, after doing so, I was unable to login via ssh, I kept getting an odd error:

PTY allocation request failed on channel 0

So I turned the ssh server on and off via the web control panel and it works now.

Phew, dabbling with root settings is a bad idea.

[dawolf]

If you locked yourself out (like me a week ago) and cant access your DS using ssh/telnet you can reset your admin/root password using these instructions:
http://www.synology.com/wiki/index.php/ ... ogy_System

How to reset the administration password and network settings of the Synology system
This procedure will conduct the following
* Admin password will be blank

# Look at the back of the Synology System, find a small reset hole near the USB ports
# Using a paper clip, gently depress and hold down the recessed button for about four seconds
# The system will beep once
* Release the button immediately, holding it down may trigger system firmware reinstall


I am not sure if this also resets the root shell, but it might be worth a try.

[nhed]

I got into a similar problem
Getting "PTY allocation request failed on channel 0" on SSH connection

but disable/enable SHH wasnt enough, I had to toggle telnet as well,

I wish there was a restart button on the admin web (or is there and I am not seeing it?)

[doktor.notor]

I wish there was a restart button on the admin web (or is there and I am not seeing it?)

It's there, carefully hidden.

[Milu]

Thanks, Merty - I locked myself out of root access by doing the exact same thing as the OP. I copied one of your SPK files and modified it to restore /bin/sh for root when the root shell is not an executable file. Here's the code in case anyone needs it. Create the files in some directory and then run the make utility to create the SPK file. Make sure to replace the spaces in the Makefile by tabs as per make's requirements.

Code: Select all

INFO
Makefile
resetshell/LIESMICH.txt
scripts/postinst
scripts/postuninst
scripts/preinst
scripts/preinst.pl
scripts/preuninst
scripts/start-stop-status

======== Makefile
SPK = ResetShell-0.1.spk
PKG = package.tgz

all: $(SPK)

$(SPK) : INFO $(PKG) scripts/*
        tar cf $@ $?

$(PKG) : resetshell/*
        tar czf $@ $?

.PHONY: clean

clean:
        -rm $(PKG) $(SPK) 2> /dev/null

======== INFO
package="ResetShell"
version="0.1"
maintainer="Michael Ludwig"
description="Reset root shell to /bin/sh if deemed necessary"
arch="noarch"

======== resetshell/LIESMICH.txt
# dummy, content removed

======== scripts/postinst
#!/bin/sh
exit 0

======== scripts/postuninst
#!/bin/sh
exit 0

======== scripts/preinst
#!/bin/sh
perl $0.pl
exit 0

======== scripts/preuninst
#!/bin/sh
exit 0

======== scripts/start-stop-status
#!/bin/sh

case $1 in
        start)
                exit 0
        ;;
        stop)
                exit 0
        ;;
        status)
                exit 1
        ;;
        log)
                exit 0
        ;;
esac

======== scripts/preinst.pl
#!/usr/bin/perl
use strict;
use warnings;
use constant LINE => '-' x 40;
use File::Copy 'copy';

sub plog { print STDERR @_, "\n" }

my $noshell = 0;

plog 'checking passwd entries';

while ( my @pwent = getpwent ) {
        next unless $pwent[0] eq 'root';
        my $shell = $pwent[8];
        # only report shell invalid if not an executable file
        $noshell++ unless -f $shell and -x $shell;
        last;
}

endpwent; # close database

plog 'no shell: ',
        $noshell ? "$noshell - job to do" : "$noshell - all good";
exit 0 unless $noshell;

my $passwd = '/etc/passwd';
my $baknam = $passwd . '.' . time . '.bak';

plog "going to modify $passwd";
plog "backing up to $baknam";
# backup before clobbering
copy $passwd, $baknam or die "copy $passwd $baknam: $!";

# read passwd file
open my $fh, '<', $passwd or die "open $passwd: $!";
my @lines = <$fh>;
close $fh;

# clobber passwd file
open $fh, '>', $passwd or die "clobber $passwd: $!";
for ( @lines ) {
        if ( m/^root:/ ) {
                my @line = split /:/;
                my $shell = $line[-1];
                unless (-f $shell and -x $shell) {
                        plog 'resetting shell to default';
                        $line[-1] = '/bin/sh'; # reset
                }
                $_ = join ':', @line;
                $_ .= "\n";
        }
        print $fh $_;
}
close $fh;

exit 0;


[Tiggar]

Thanks Milu - worked like a charm. Maybe you can publish the package on github or somewhere.

[fredipusrex]

Wow - this message thread was a lifesaver! I was upgrading from DSM 3.2 to 4.0 and it messed up the bootstrap and ipkg. I was attempting to reinstall the bootstrap and part of the process was to remove the existing packages - including the bash shell that the root user was now using. Part of the install process is a reboot then log back in... D'oh!

I couldn't log in anymore (putty fails silently, but I logged in via telnet, which helpfully told me it was missing /opt/bin/bash). I looked everywhere for a workaround (why no sudo? why?) when I finally found this thread.

I installed merty's Config File Editor, added /usr/passwd to its list of configurable files, closed and opened the editor, picked the usr/passwd file and edited the root user back to using /bin/sh. Turned ssh/telnet off then on and presto! Access restored!

Thank you ever so much! Now, I have to reinstall all my packages (and CrashPlan too - all my backups - gone!)