A tale of command line booby traps and bored engineers • The Register

Who, Me? Take a trip back to when mainframes and terminals were all the rage and The Cloud was the smoke produced by the mainframe when a washing-machine-sized disk was about to let go. Welcome to another Who, Me? confession.

Today’s plea for forgiveness comes from a reader Regomised as “Doug” and is a warning to careless administrators.

“Back in the days when terminals were still fairly common,” said Doug, “the company I worked for provided ‘local’ data based on the result of a search run on the client’s main dataset held on their server.”

“We could telnet from these terminals to our box – and frequently had to in the early days,” he recalled. The client itself was nationally known in back then and had spanked millions getting this remote site up and running.

Things were going swimmingly. Right up until a month after go-live when Doug and a pal were stuck at the client site on a Friday evening. The client’s own engineer had long gone, and Doug was finishing up the last checks to allow a weekly backup to kick off.

He ambled up to a darkened terminal near the server room and tapped the return key to bring it to life. The prompt was odd, something he’d not seen before. Tappity tap: whoami

.

It transpired he was logged in as root. On THE server. “Y’know,” he said, “the one that held all the billing information, delivery records and the kind of useful stuff that kept a company running.”

At this point he could have logged off. Instead he called over his chum.

“We spent a happy few minutes playing about with the login prompt before having the wonderful idea that typing something along the lines of ‘/etc/shutdown -t0 -h now‘ and leaving the terminal to go to sleep would be a jolly jape.”

“Like me, most people used the ‘return’ key to wake up a terminal.”

Doug and pal went off to do whatever techies did on weekends in those days. It wasn’t until Monday morning when all hell broke loose and he (now on another site) was summoned to HQ for a talking-to. It transpired that the client’s main (and only) database server had unexpectedly shut down.

Any protestations of innocence were shortlived as logs were produced showing commands attributed to the terminal on the site where Doug and friend had been.

“Awkward,” understated Doug.

However, Doug was saved by his manager who asked a simple question: how could ‘his’ engineers have possibly known the login for the client’s mainframe? “…and was shamefacedly told that they hadn’t set a password on the root account…”

So, in a way, Doug was actually the hero of the hour, right? Hm.

These days, neither employer nor client are still trading “although not because of this, I hasten to add,” said Doug.

“The moral of this sorry tale is simple: Junior techs with a little Unix knowledge are dangerous if they get bored so be careful if your hardware attaches to client servers.

“Oh, and secure your root access – and never, ever, leave superuser accounts logged in.”

Ever left something logged in that you shouldn’t? Leaving something explosive on the command line certainly ups the ante of the witty desktop background switcheroo of today. Let us know your misdemeanours with an email to Who, Me? ®