Some strange things are happening with my Ubuntu box today as a regular (non-root user):
- As soon as I log in, I can
sudowithout typing my password (normally, I believe I always have to type my password tosudo?) - When I type
cd ~, it tells me that I don't have permission to go to/root. - Similarly, my bash prompt displays something like:
user@host:/home/usernameinstead of the more familiaruser@host:~that I'm used to. - None of my profiles seem to be set up correctly anymore, everything seems to be thinking that my home directory is
/root. - Because of the previous bullet, I can't do things like run
screenbecause it can't write a new profile in the/rootdirectory.
It's probably useful to know that cating /etc/passwd shows that my user's home is /home/user and not /root.
I did just do a big apt-get upgrade, is this normal behavior for the new versions of my software? rkhunter reports some suspicious files, but they appear to have been there for awhile and seem legitimate (they look to be files related to Request Tracker). I can post the rkhunter logs if that helps anyone and is prudent. And chkrootkit shows up with nothing. Also unhide doesn't seem to notice anything. The only thing that rkhunter seems to be concerned about is my versions of openssl, openssh, php, GnPG. But doing a
sudo apt-get update; sudo apt-get upgrade; sudo apt-get dist-upgrade
Gives me no packages to upgrade.
Anyone have anything to suggest for how to fix this? Bonus points to anyone that can determine the cause of my problem.
UPDATE: As I said above, my /etc/passwd shows my home directory to be correct (/home/username), but when I echo $HOME it shows /root. Here's output:
user@hostname:/home/user$ getent passwd $USER
user:x:1000:1000:user,,,:/home/user:/bin/bash
user@hostname:/home/user$ echo $HOME
/root
UPDATE UPDATE: Thanks to suggestions here, I found that there was a .profile in /home/user that was exporting my HOME as /root. While I guess this is the work of some weird software I apt-get'd removing it seems to have fixed most of my issues.
Thanks everyone!
Best Answer
Sounds like $HOME is incorrect, which is interesting. If this is happening at login, look at what is in the system accounts database for your account, which is what the second command does. Typically/historically, this db is /etc/passwd and on modern Linux, there will be /etc/shadow too.
Partly, the sudo sounds like your uid has been set to 0, which would be strange. Don't do that, it means your account is root, just with a different name, which makes your account just as dangerous if misused. If this has happened, then you have some cleanup work ahead of you. Do not do { sudo vipw } because you risk not being able to sudo again, depending on ownership of various configs, so you then could not fix the permissions. Instead { sudo -i } to effectively log in as root, then use { vipw } and then use a { chown -R ... } to reset ownerships.