From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anindya Mozumdar Subject: Root Permissions Date: Thu, 1 Jul 2004 10:34:25 +0530 Sender: linux-admin-owner@vger.kernel.org Message-ID: <20040701050425.GA7890@cmi.ac.in> Mime-Version: 1.0 Return-path: Content-Disposition: inline List-Id: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-admin@vger.kernel.org Hi, The following problem may be trivial to some of you, however my knowledge of linux is limited, and I dont understand how can it be done. In our institute, we use Debian Linux, and the boot loader is lilo. For those machines where the lilo password is not set, ANY ONE can get a root shell by simply interrupting the boot process and typing linux init=/bin/sh in the boot prompt. One of my friends obtained a root shell in this manner, and has either made some changes, or set up some program, by which he can become root any time, without acutally knowing the root password, which is known only to our system administrator. What may be the possible things he has done to setup his program, and how can it be reversed ? Thanks in advance. Anindya Mozumdar.