Server locking root account

Matthew Walker mwalker at
Sun Mar 8 08:32:20 MDT 2009

On Sun, March 8, 2009 12:38 am, Dave Smith wrote:
> Matthew Walker wrote:
>> Several servers I help manage have recently developed a somewhat alarming habit. They
>> have started modifying the root account to have no shell account, which of course
>> makes
>> it impossible to log into root.
> Is there any hint in the logs?

Not that I've been able to find. There's no evidence of anyone else being on the box. No
unusual processes, no SSH logins from unknown IPS, or anything like that. I also can't
find any log entries that correspond with the modification of the account.

I'm highly suspicious that something in cPanel is responsible, since the way it locks
out users is to remove their shell as well. But I haven't been able to confirm that.

Matthew Walker
Kydance Hosting & Consulting, Inc. -
PHP, Perl, and Web Development - Linux Server Administration

More information about the PLUG mailing list