homepage Welcome to WebmasterWorld Guest from 54.227.141.230
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
restore /etc/passwd
DrDoc




msg:912169
 1:07 am on Mar 21, 2005 (gmt 0)

I just took over a server from someone. As a "security measure" they have made it impossible to login to the machine (or su) as root, by setting the root user to /sbin/nologin in /etc/passwd. Unfortunately, none of the other user accounts have full root access, and it has now become necessary to change certain configurations which require root access. Is there a way to easily restore (or edit) /etc/passwd to re-enable root access to the machine?

I was thinking about simply unplugging the drive, plug it into a different machine I have, and then edit the file from there. Is there a different/better/easier way of doing this?

 

wheel




msg:912170
 5:48 pm on Mar 21, 2005 (gmt 0)

I believe that if you can edit the password file, and remove the password hash, you can login as root without a password. But I think the flaw in my plan is that you won't be able to edit the password file unless you login as root.

Failing that, you're suggestion (mount drive somewhere where you have root) and then editing the password file to remove the hash is the best/only way to go.

encyclo




msg:912171
 8:18 pm on Mar 21, 2005 (gmt 0)

A couple of ideas off the cuff: as you've got physical access, you can try rebooting the machine and at the lilo prompt you can type
linux single to boot the machine into single-user mode. That might give you root access (without a password) and would allow you to edit /etc/passwd. If you don't know the root password, you can also reset it with passwd. Otherwise, can you boot the machine with a live CD?

If you want to remove the hash for the root password, I think you'll have to edit /etc/shadow rather than /etc/passwd though.

NickCoons




msg:912172
 6:39 am on Mar 26, 2005 (gmt 0)

I would recommend quickly parsing through /etc/passwd to see if there are any other users that have uid 0. It wouldn't make sense to lock out the root user without replacing it with another user, as it basically means that you can never perform system-level configuration.

If another user has uid 0, then they have root access.

jamie




msg:912173
 10:53 am on Mar 26, 2005 (gmt 0)

if you have physical access, you can boot from a knoppix CD and edit /etc/password from there too.

added - encyclo already suggested that ;)

Sharper




msg:912174
 6:46 pm on Mar 30, 2005 (gmt 0)

You said that none of the other users has "full" root access. Depending on what type of access they do have (for example, can any of them use sudo? su?, run a program as root another way?), you may still be able to use them to edit the passwd file.

It might also be helpful to mention what OS you are running. For example, on a FreeBSD install with security turned on, you wouldn't be able to boot into single-user without knowing the password.

shred




msg:912175
 3:33 pm on Apr 21, 2005 (gmt 0)

The solution to this problem is to run "su --shell=/bin/bash -" to access the root user.

I had a similar problem and this thread was the first hit on google so it makes sense to add the solution :D

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved