When forgetting to set a password for root is the least of your woes

A tale of command line booby traps and bored engineers


Who, Me? Take a trip back to when mainframes and terminals were all the rage and The Cloud was the smoke produced by the mainframe when a washing-machine-sized disk was about to let go. Welcome to another Who, Me? confession.

Today's plea for forgiveness comes from a reader Regomised as "Doug" and is a warning to careless administrators.

"Back in the days when terminals were still fairly common," said Doug, "the company I worked for provided 'local' data based on the result of a search run on the client's main dataset held on their server."

"We could telnet from these terminals to our box – and frequently had to in the early days," he recalled. The client itself was nationally known in back then and had spanked millions getting this remote site up and running.

Things were going swimmingly. Right up until a month after go-live when Doug and a pal were stuck at the client site on a Friday evening. The client's own engineer had long gone, and Doug was finishing up the last checks to allow a weekly backup to kick off.

He ambled up to a darkened terminal near the server room and tapped the return key to bring it to life. The prompt was odd, something he'd not seen before. Tappity tap: whoami

.

It transpired he was logged in as root. On THE server. "Y'know," he said, "the one that held all the billing information, delivery records and the kind of useful stuff that kept a company running."

At this point he could have logged off. Instead he called over his chum.

"We spent a happy few minutes playing about with the login prompt before having the wonderful idea that typing something along the lines of '/etc/shutdown -t0 -h now' and leaving the terminal to go to sleep would be a jolly jape."

"Like me, most people used the 'return' key to wake up a terminal."

Doug and pal went off to do whatever techies did on weekends in those days. It wasn't until Monday morning when all hell broke loose and he (now on another site) was summoned to HQ for a talking-to. It transpired that the client's main (and only) database server had unexpectedly shut down.

Any protestations of innocence were shortlived as logs were produced showing commands attributed to the terminal on the site where Doug and friend had been.

"Awkward," understated Doug.

However, Doug was saved by his manager who asked a simple question: how could 'his' engineers have possibly known the login for the client's mainframe? "...and was shamefacedly told that they hadn't set a password on the root account..."

So, in a way, Doug was actually the hero of the hour, right? Hm.

These days, neither employer nor client are still trading "although not because of this, I hasten to add," said Doug.

"The moral of this sorry tale is simple: Junior techs with a little Unix knowledge are dangerous if they get bored so be careful if your hardware attaches to client servers.

"Oh, and secure your root access – and never, ever, leave superuser accounts logged in."

Ever left something logged in that you shouldn't? Leaving something explosive on the command line certainly ups the ante of the witty desktop background switcheroo of today. Let us know your misdemeanours with an email to Who, Me? ®

Similar topics

Broader topics


Other stories you might like

  • September 16, 1992, was not a good day to be overly enthusiastic about your job
    If I get in early and work hard, everyone will notice, right?

    Who, Me? "The early bird trashes the business" is a saying that we've just made up, but could easily apply to the Register reader behind a currency calamity in today's episode of Who, Me?

    Our hero, Regomized as "Mike", was working as a "data entry operative" for a tourism company in 1992. The company ran bus tours to the then brand-new EuroDisney, parent company of Disneyland Paris (now the most visited theme park in Europe), which had opened earlier that year.

    Mike was an eager beaver, his youthful naivete having convinced him that if he worked extra hard, came in extra early, and kept the in-tray clear, then his efforts would be both noticed and rewarded with promotion and a bump in pay.

    Continue reading
  • An international incident or just some finger trouble at the console?
    All routers are equal, but some are more equal than others

    Who, Me? Welcome to an edition of Who, Me? where some configuration confusion left an entire nation cast adrift.

    Today's story is set in the early 2000s and comes from a reader Regomized as "Mikael" who was gainfully employed at a European ISP. The company had customers in multiple countries and Mikael's team was responsible for the international backbone.

    "Us senior network engineers were widely regarded as consummate professionals," he told us, before adding, "at least amongst ourselves."

    Continue reading
  • A discounting disaster averted at the expense of one's own employment
    I know what this process needs: Microsoft Access!

    Who, Me? A tale of discounts and process improvement via the magic of Excel, Access and a fair bit of electronic duct tape we imagine. Welcome to Who, Me?

    "James" is the Regomized reader of record today, and continues the theme of running the risk of doing a job just that little bit too well with an ancedote from the end of the last century involving his first job out of university, at a certain telecommunications giant.

    The job involved a process of calculating the discount received by big customers (the ones with multiple branches). "For the life of me I can't remember what the main DB was called," he told us, "but it was the old style green writing on a black screen that took forever to download the necessary data."

    Continue reading
  • In IT, no good deed ever goes unpunished
    When being helpful can mean being shown the door

    Who, Me? Going above and beyond in IT can sometimes lead to also going directly out of the door, as one Register reader found when discovering that sometimes efficiencies can be less than rewarding.

    A reader Regomised as "Will" told of us his days working at a now-defunct company that produced large telephone switches. In those days whenever a major software revision occurred, customers were expected to send in their configurations and Will's group would merge them into the latest and greatest. A new load would then be returned to the customers.

    It was not a fun process, not least because of constant hardware and software failures during the merge process. "When I first started, there was a constant grumble about how unreliable the machine used for the merging was," Will told us.

    Continue reading

Biting the hand that feeds IT © 1998–2022