FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-02-2011, 02:54 PM
Kwan Lowe
 
Default Lost root access

On Wed, Feb 2, 2011 at 9:44 AM, James Bensley <jwbensley@gmail.com> wrote:
> So on a virtual server the root password was no longer working (as in
> I couldn't ssh in anymore). Only I and one other know it and neither
> of us have changed it. No other account had the correct privileges to
> correct this so I'm wondering, if I had mounted that vdi as a
> secondary device on another VM, browsed the file system and delete
> /etc/shadow would this have wiped all users passwords meaning I could
> regain access again?




Nope... would lock everyone out!!

You can change the shadow to a known hash and that should work. But
going through that exercise, though interesting, would not be the most
direct method.

Had you changed the default expiration setttings on the system? You
can run the "chage" command to see the settings on different users.
Also you may want to check the faillog.

Is this system Internet accessible? I'd be very leery of trusting
that system until you determine what caused it to lock out.

Anyhoo, coincidentally I was thinking of ways to change a root
password on a 24/7 system. Some of the things I tested was to
overwrite some of the cron scripts that I had access to, create a suid
binary on a trusted and mounted fs (i.e., no root squash, noexec not
enabled), exec a shell from with a sudo command that had shell out
capability, etc..


> (This is past tense because its sorted now but I'm curious if this
> would have worked? And if not, what could I have done?).
>
> --
> Regards,
> James.
>
> http://www.jamesbensley.co.cc/
>
> There are 10 kinds of people in the world; Those who understand
> Vigesimal, and J others...?
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-02-2011, 03:35 PM
 
Default Lost root access

Kwan Lowe wrote:
> On Wed, Feb 2, 2011 at 9:44 AM, James Bensley <jwbensley@gmail.com> wrote:
>> So on a virtual server the root password was no longer working (as in
>> I couldn't ssh in anymore). Only I and one other know it and neither
>> of us have changed it. No other account had the correct privileges to
<snip>
> Anyhoo, coincidentally I was thinking of ways to change a root
> password on a 24/7 system. Some of the things I tested was to
> overwrite some of the cron scripts that I had access to, create a suid
> binary on a trusted and mounted fs (i.e., no root squash, noexec not
> enabled), exec a shell from with a sudo command that had shell out
> capability, etc..
<snip>
Well, if you could get on the system at all, and had sudo privileges, no
problem.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-03-2011, 11:50 AM
Nico Kadel-Garcia
 
Default Lost root access

On Wed, Feb 2, 2011 at 9:44 AM, James Bensley <jwbensley@gmail.com> wrote:
> So on a virtual server the root password was no longer working (as in
> I couldn't ssh in anymore). Only I and one other know it and neither
> of us have changed it. No other account had the correct privileges to
> correct this so I'm wondering, if I had mounted that vdi as a
> secondary device on another VM, browsed the file system and delete
> /etc/shadow would this have wiped all users passwords meaning I could
> regain access again?
>
> (This is past tense because its sorted now but I'm curious if this
> would have worked? And if not, what could I have done?).

Deleting /etc/shadow is *BAD*. You just blew away everyone's password,
and will cause enormous confusion.

If you can't restore it, use "pwunconv" to turn off the use of
/etc/shadow, and "pwconv" to re-enable it. The passwords will be
locked, I believe: then you can mount the idle filesystem, do a
"chroot" to the idle filesystem, and run "passwd root" to set a new
password.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-03-2011, 12:02 PM
James Bensley
 
Default Lost root access

On 2 Feb 2011 15:07, "Robert Heller" <heller@deepsoft.com> wrote:

>

> At Wed, 2 Feb 2011 14:44:01 +0000 CentOS mailing list <centos@centos.org> wrote:

>

> >

> > So on a virtual server the root password was no longer working (as in

> > I couldn't ssh in anymore). Only I and one other know it and neither

> > of us have changed it. No other account had the correct privileges to

> > correct this so I'm wondering, if I had mounted that vdi as a

> > secondary device on another VM, browsed the file system and delete

> > /etc/shadow would this have wiped all users passwords meaning I could

> > regain access again?

>

> No, it would not have. *It would have resulted in NOONE having access.

>

> What you could have done is chroot to the secondary device on the other

> VM and then simply reset the root password with the passwd command.

>


Of course! Good idea, thanks.


--James. (This email was sent from a mobile device)

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-03-2011, 12:05 PM
James Bensley
 
Default Lost root access

On 2 Feb 2011 16:36, <m.roth@5-cent.us> wrote:

>


> Well, if you could get on the system at all, and had sudo privileges, no

> problem.

>

> * * * mark


No sudo priv's, remote VM so ssh only to a stanard user not in sudoers.


--James. (This email was sent from a mobile device)



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-03-2011, 12:40 PM
Rafa Griman
 
Default Lost root access

Hi

On Wed, Feb 2, 2011 at 3:44 PM, James Bensley <jwbensley@gmail.com> wrote:
> So on a virtual server the root password was no longer working (as in
> I couldn't ssh in anymore). Only I and one other know it and neither
> of us have changed it. No other account had the correct privileges to
> correct this so I'm wondering, if I had mounted that vdi as a
> secondary device on another VM, browsed the file system and delete
> /etc/shadow would this have wiped all users passwords meaning I could
> regain access again?
>
> (This is past tense because its sorted now but I'm curious if this
> would have worked? And if not, what could I have done?).


As the other said: DON'T delete /etc/shadow.

Someone also mentioned you could modify the hash in /etc/shadow. This
will work if you are root or have the right permissions with sudo.

If you can reboot the system, what really works great is passing the
following option to the kernel on the lilo/grub screen when the system
boots:

init=/bin/bash

This will give you a shell without being asked for a password (unless
the sys admin has done his homework Now that you have shell access
... you are in charge so you can:

- mount the / partition and chroot

- edit /etc/shadow and delete the password hash

- whatever you can imagine ... you decide


HTH

Rafa
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-03-2011, 12:59 PM
Giles Coochey
 
Default Lost root access

On 03/02/2011 14:40, Rafa Griman wrote:

Hi

On Wed, Feb 2, 2011 at 3:44 PM, James Bensley<jwbensley@gmail.com> wrote:

So on a virtual server the root password was no longer working (as in
I couldn't ssh in anymore). Only I and one other know it and neither
of us have changed it. No other account had the correct privileges to
correct this so I'm wondering, if I had mounted that vdi as a
secondary device on another VM, browsed the file system and delete
/etc/shadow would this have wiped all users passwords meaning I could
regain access again?

(This is past tense because its sorted now but I'm curious if this
would have worked? And if not, what could I have done?).


As the other said: DON'T delete /etc/shadow.

Someone also mentioned you could modify the hash in /etc/shadow. This
will work if you are root or have the right permissions with sudo.

If you can reboot the system, what really works great is passing the
following option to the kernel on the lilo/grub screen when the system
boots:

init=/bin/bash

This will give you a shell without being asked for a password (unless
the sys admin has done his homework Now that you have shell access
... you are in charge so you can:

- mount the / partition and chroot

- edit /etc/shadow and delete the password hash

- whatever you can imagine ... you decide

That would do it... There is single-user-mode (runlevel 1), just add the
word single to the kernel parameters line before bootup


It will give you the same result and mount stuff without the need to
chroot etc...



--
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: giles@coochey.net
Skype: gilescoochey



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-03-2011, 02:17 PM
Kwan Lowe
 
Default Lost root access

On Wed, Feb 2, 2011 at 11:35 AM, <m.roth@5-cent.us> wrote:

> <snip>
> Well, if you could get on the system at all, and had sudo privileges, no
> problem.

Well, the point was actually if you did not have sudo access to change
the password, what else could you do. I.e., you had sudo to edit a
particular file or do something else, but not run passwd.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-03-2011, 06:12 PM
Rafa Grimán
 
Default Lost root access

Hi

On Thursday 03 February 2011 14:59 Giles Coochey wrote
> On 03/02/2011 14:40, Rafa Griman wrote:
> > Hi
> >
> > On Wed, Feb 2, 2011 at 3:44 PM, James Bensley<jwbensley@gmail.com> wrote:
> >> So on a virtual server the root password was no longer working (as in
> >> I couldn't ssh in anymore). Only I and one other know it and neither
> >> of us have changed it. No other account had the correct privileges to
> >> correct this so I'm wondering, if I had mounted that vdi as a
> >> secondary device on another VM, browsed the file system and delete
> >> /etc/shadow would this have wiped all users passwords meaning I could
> >> regain access again?
> >>
> >> (This is past tense because its sorted now but I'm curious if this
> >> would have worked? And if not, what could I have done?).
> >
> > As the other said: DON'T delete /etc/shadow.
> >
> > Someone also mentioned you could modify the hash in /etc/shadow. This
> > will work if you are root or have the right permissions with sudo.
> >
> > If you can reboot the system, what really works great is passing the
> > following option to the kernel on the lilo/grub screen when the system
> >
> > boots:
> > init=/bin/bash
> >
> > This will give you a shell without being asked for a password (unless
> > the sys admin has done his homework Now that you have shell access
> >
> > ... you are in charge so you can:
> > - mount the / partition and chroot
> >
> > - edit /etc/shadow and delete the password hash
> >
> > - whatever you can imagine ... you decide
>
> That would do it... There is single-user-mode (runlevel 1), just add the
> word single to the kernel parameters line before bootup
>
> It will give you the same result and mount stuff without the need to
> chroot etc...


Yes, but S|Single|1 asks for root password to login ... And he doesn't have
the root password

Rafa

--
"We cannot treat computers as Humans. Computers need love."

Happily using KDE 4.5.5
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-03-2011, 06:42 PM
Robert Heller
 
Default Lost root access

At Thu, 3 Feb 2011 20:12:17 +0100 CentOS mailing list <centos@centos.org> wrote:

>
> Hi
>
> On Thursday 03 February 2011 14:59 Giles Coochey wrote
> > On 03/02/2011 14:40, Rafa Griman wrote:
> > > Hi
> > >
> > > On Wed, Feb 2, 2011 at 3:44 PM, James Bensley<jwbensley@gmail.com> wrote:
> > >> So on a virtual server the root password was no longer working (as in
> > >> I couldn't ssh in anymore). Only I and one other know it and neither
> > >> of us have changed it. No other account had the correct privileges to
> > >> correct this so I'm wondering, if I had mounted that vdi as a
> > >> secondary device on another VM, browsed the file system and delete
> > >> /etc/shadow would this have wiped all users passwords meaning I could
> > >> regain access again?
> > >>
> > >> (This is past tense because its sorted now but I'm curious if this
> > >> would have worked? And if not, what could I have done?).
> > >
> > > As the other said: DON'T delete /etc/shadow.
> > >
> > > Someone also mentioned you could modify the hash in /etc/shadow. This
> > > will work if you are root or have the right permissions with sudo.
> > >
> > > If you can reboot the system, what really works great is passing the
> > > following option to the kernel on the lilo/grub screen when the system
> > >
> > > boots:
> > > init=/bin/bash
> > >
> > > This will give you a shell without being asked for a password (unless
> > > the sys admin has done his homework Now that you have shell access
> > >
> > > ... you are in charge so you can:
> > > - mount the / partition and chroot
> > >
> > > - edit /etc/shadow and delete the password hash
> > >
> > > - whatever you can imagine ... you decide
> >
> > That would do it... There is single-user-mode (runlevel 1), just add the
> > word single to the kernel parameters line before bootup
> >
> > It will give you the same result and mount stuff without the need to
> > chroot etc...
>
>
> Yes, but S|Single|1 asks for root password to login ... And he doesn't have
> the root password

RedHat / RHEL / CentOS does not do that! At least never on any of my
machines -- is there some config option for that? Yes, for manual fchk
it does, but not otherwise.

>
> Rafa
>

--
Robert Heller -- 978-544-6933 / heller@deepsoft.com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/ www.asciiribbon.org -- against proprietary attachments



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org