restore /etc/passwd

Forum Moderators: bakedjake

Message Too Old, No Replies

restore /etc/passwd

DrDoc

1:07 am on Mar 21, 2005 (gmt 0)

I just took over a server from someone. As a "security measure" they have made it impossible to login to the machine (or su) as root, by setting the root user to /sbin/nologin in /etc/passwd. Unfortunately, none of the other user accounts have full root access, and it has now become necessary to change certain configurations which require root access. Is there a way to easily restore (or edit) /etc/passwd to re-enable root access to the machine?

I was thinking about simply unplugging the drive, plug it into a different machine I have, and then edit the file from there. Is there a different/better/easier way of doing this?

wheel

5:48 pm on Mar 21, 2005 (gmt 0)

I believe that if you can edit the password file, and remove the password hash, you can login as root without a password. But I think the flaw in my plan is that you won't be able to edit the password file unless you login as root.

Failing that, you're suggestion (mount drive somewhere where you have root) and then editing the password file to remove the hash is the best/only way to go.

encyclo

8:18 pm on Mar 21, 2005 (gmt 0)

A couple of ideas off the cuff: as you've got physical access, you can try rebooting the machine and at the lilo prompt you can type

linux single

to boot the machine into single-user mode. That might give you root access (without a password) and would allow you to edit

/etc/passwd

. If you don't know the root password, you can also reset it with

passwd

. Otherwise, can you boot the machine with a live CD?

If you want to remove the hash for the root password, I think you'll have to edit

/etc/shadow

rather than

/etc/passwd

though.

NickCoons

6:39 am on Mar 26, 2005 (gmt 0)

I would recommend quickly parsing through /etc/passwd to see if there are any other users that have uid 0. It wouldn't make sense to lock out the root user without replacing it with another user, as it basically means that you can never perform system-level configuration.

If another user has uid 0, then they have root access.

jamie

10:53 am on Mar 26, 2005 (gmt 0)

if you have physical access, you can boot from a knoppix CD and edit /etc/password from there too.

added - encyclo already suggested that ;)

Sharper

6:46 pm on Mar 30, 2005 (gmt 0)

You said that none of the other users has "full" root access. Depending on what type of access they do have (for example, can any of them use sudo? su?, run a program as root another way?), you may still be able to use them to edit the passwd file.

It might also be helpful to mention what OS you are running. For example, on a FreeBSD install with security turned on, you wouldn't be able to boot into single-user without knowing the password.

shred

3:33 pm on Apr 21, 2005 (gmt 0)

The solution to this problem is to run "su --shell=/bin/bash -" to access the root user.

I had a similar problem and this thread was the first hit on google so it makes sense to add the solution :D