Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

restore /etc/passwd

1:07 am on Mar 21, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member drdoc is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 15, 2002
votes: 0

I just took over a server from someone. As a "security measure" they have made it impossible to login to the machine (or su) as root, by setting the root user to /sbin/nologin in /etc/passwd. Unfortunately, none of the other user accounts have full root access, and it has now become necessary to change certain configurations which require root access. Is there a way to easily restore (or edit) /etc/passwd to re-enable root access to the machine?

I was thinking about simply unplugging the drive, plug it into a different machine I have, and then edit the file from there. Is there a different/better/easier way of doing this?

5:48 pm on Mar 21, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
votes: 11

I believe that if you can edit the password file, and remove the password hash, you can login as root without a password. But I think the flaw in my plan is that you won't be able to edit the password file unless you login as root.

Failing that, you're suggestion (mount drive somewhere where you have root) and then editing the password file to remove the hash is the best/only way to go.

8:18 pm on Mar 21, 2005 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
votes: 2

A couple of ideas off the cuff: as you've got physical access, you can try rebooting the machine and at the lilo prompt you can type
linux single
to boot the machine into single-user mode. That might give you root access (without a password) and would allow you to edit
. If you don't know the root password, you can also reset it with
. Otherwise, can you boot the machine with a live CD?

If you want to remove the hash for the root password, I think you'll have to edit

rather than
6:39 am on Mar 26, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 7, 2003
votes: 0

I would recommend quickly parsing through /etc/passwd to see if there are any other users that have uid 0. It wouldn't make sense to lock out the root user without replacing it with another user, as it basically means that you can never perform system-level configuration.

If another user has uid 0, then they have root access.

10:53 am on Mar 26, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 24, 2002
votes: 0

if you have physical access, you can boot from a knoppix CD and edit /etc/password from there too.

added - encyclo already suggested that ;)

6:46 pm on Mar 30, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:July 28, 2003
votes: 0

You said that none of the other users has "full" root access. Depending on what type of access they do have (for example, can any of them use sudo? su?, run a program as root another way?), you may still be able to use them to edit the passwd file.

It might also be helpful to mention what OS you are running. For example, on a FreeBSD install with security turned on, you wouldn't be able to boot into single-user without knowing the password.


3:33 pm on Apr 21, 2005 (gmt 0)

Inactive Member
Account Expired


The solution to this problem is to run "su --shell=/bin/bash -" to access the root user.

I had a similar problem and this thread was the first hit on google so it makes sense to add the solution :D