Welcome to WebmasterWorld Guest from 54.226.25.231

Forum Moderators: bakedjake

Message Too Old, No Replies

restore /etc/passwd

     

DrDoc

1:07 am on Mar 21, 2005 (gmt 0)

WebmasterWorld Senior Member drdoc is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I just took over a server from someone. As a "security measure" they have made it impossible to login to the machine (or su) as root, by setting the root user to /sbin/nologin in /etc/passwd. Unfortunately, none of the other user accounts have full root access, and it has now become necessary to change certain configurations which require root access. Is there a way to easily restore (or edit) /etc/passwd to re-enable root access to the machine?

I was thinking about simply unplugging the drive, plug it into a different machine I have, and then edit the file from there. Is there a different/better/easier way of doing this?

wheel

5:48 pm on Mar 21, 2005 (gmt 0)

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I believe that if you can edit the password file, and remove the password hash, you can login as root without a password. But I think the flaw in my plan is that you won't be able to edit the password file unless you login as root.

Failing that, you're suggestion (mount drive somewhere where you have root) and then editing the password file to remove the hash is the best/only way to go.

encyclo

8:18 pm on Mar 21, 2005 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



A couple of ideas off the cuff: as you've got physical access, you can try rebooting the machine and at the lilo prompt you can type
linux single
to boot the machine into single-user mode. That might give you root access (without a password) and would allow you to edit
/etc/passwd
. If you don't know the root password, you can also reset it with
passwd
. Otherwise, can you boot the machine with a live CD?

If you want to remove the hash for the root password, I think you'll have to edit

/etc/shadow
rather than
/etc/passwd
though.

NickCoons

6:39 am on Mar 26, 2005 (gmt 0)

10+ Year Member



I would recommend quickly parsing through /etc/passwd to see if there are any other users that have uid 0. It wouldn't make sense to lock out the root user without replacing it with another user, as it basically means that you can never perform system-level configuration.

If another user has uid 0, then they have root access.

jamie

10:53 am on Mar 26, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



if you have physical access, you can boot from a knoppix CD and edit /etc/password from there too.

added - encyclo already suggested that ;)

Sharper

6:46 pm on Mar 30, 2005 (gmt 0)

10+ Year Member



You said that none of the other users has "full" root access. Depending on what type of access they do have (for example, can any of them use sudo? su?, run a program as root another way?), you may still be able to use them to edit the passwd file.

It might also be helpful to mention what OS you are running. For example, on a FreeBSD install with security turned on, you wouldn't be able to boot into single-user without knowing the password.

shred

3:33 pm on Apr 21, 2005 (gmt 0)



The solution to this problem is to run "su --shell=/bin/bash -" to access the root user.

I had a similar problem and this thread was the first hit on google so it makes sense to add the solution :D

 

Featured Threads

Hot Threads This Week

Hot Threads This Month