While adding a user to a group (in a new installation), via the KDE
settings panel, the process seemed to go OK in the gui, but I found that
the new group was not listed on the command line by the 'groups'
command. When I tried to logout I got a message saying that policykit
had crashed, and I then found that I could not log back in. I tried
maintenance mode but couldn't get access.

I booted up a rescue session and set up passwords for both user and
root, but neither was accepted by the system. I just can't get access
to the machine at all.

Is there anything I can do, short of re-installing? It's taken me
two and a half days to do the install and set everything up :-( so I'd
like to be able avoid doing that again. Is there perhaps a package that
could be re-installed in the rescue session that might solve it?

- Richard

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On 09/29/2011 07:21 PM, richardkimber@btinternet.com wrote:
Resetting the
root password when all privileged access is lost




Created at:
Wed
12 Aug 2009, 16:36
Last updated at:
Tue 5
Jul, 21:27


Categories:


10.04 LTS (Lucid Lynx)
10.10 (Maverick Meerkat)
11.04 (Natty Narwhal)
6.06 LTS (Dapper Drake)
8.04 LTS (Hardy Heron)
CLI
Security





Was this article
helpful to you?
*




Imagine the following scenario:

a) A colleague has set a password
for the root user

b) This colleague was the sole member of the admin group

c) This colleague has left the company

How do you regain administrator
privileges? You do not have direct access to the root user
because a password has been set. You also do not have
indirect access (via sudo) because you are not a member of
the admin group.

This article will present two
ways to rectify these two issues.

Solution #1

1. Boot up with a Ubuntu live CD
(normal Desktop install CD) and enter a live graphical
session.

2. Mount the partitions containing both the / and /usr
directories of your Ubuntu installation. 99.99% of the
time they are on the same partition (say it's /dev/sda1 in
this example):

$ sudo mount /dev/sda1 /mnt

The above can also be
accomplished in GNOME by clicking on the partition (drive
icon) under Places in the top menu (Panel).

3. Change the root password:

$ sudo chroot /mnt passwd root

Alternatively you can restore the
Ubuntu default of not giving root a password at all:

$ sudo chroot /mnt usermod -p '!' root

And now put a user (peter in this
example) in the admin group:

$ sudo chroot /mnt adduser peter admin

4. Boot normally (from the hard
disk) and ensure that the user peter can gain root
privileges via the sudo command.

As user peter:

$ sudo ls

And that your root password has
been properly set:

$ su - root
# exit

Solution #2

Instead of booting with external
media you can try booting into recovery mode with the
following kernel boot option:

init=/bin/bash

This should give you a root
shell. You would then continue with the commands:

# mount -o remount,rw /
# passwd root (or usermod -p '!' root)
# adduser peter admin







--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Le 29/09/2011 18:21, richardkimber@btinternet.com a écrit :

While adding a user to a group (in a new installation), via the KDE
settings panel, the process seemed to go OK in the gui, but I found that
the new group was not listed on the command line by the 'groups'
command. When I tried to logout I got a message saying that policykit
had crashed, and I then found that I could not log back in. I tried
maintenance mode but couldn't get access.

I booted up a rescue session and set up passwords for both user and
root, but neither was accepted by the system. I just can't get access
to the machine at all.

Is there anything I can do, short of re-installing? It's taken me
two and a half days to do the install and set everything up :-( so I'd
like to be able avoid doing that again. Is there perhaps a package that
could be re-installed in the rescue session that might solve it?

- Richard



On machines running GRUB 0.97 (and with a root account), there was a
nice trick. On boot, edit the kernel line and add the following boot
parameter:


init=/bin/bash

Then when you get a login prompt, do this:

# mount -o remount,rw /

Then do what you have to do, for example:

# passwd

Problem: no init was started, so how to shutdown the machine? Here goes:

# mount -o remount,ro /

And then simply hit the Poweroff button )

I'm regularly training folks on RHEL servers, and more often than not,
the students forget their root passwords (ts, ts...). This is a way to
restore things when they shot themselves in the foot.


Unfortunately, a) I don't know how to do this with GRUB2 (which I hate
with a passion), and b) no root account in a default Ubuntu install
(which is the first thing I restore).


Cheers,

Niki Kovacs
--
Microlinux - Solutions informatiques 100% Linux et logiciels libres
7, place de l'église - 30730 Montpezat
Web : http://www.microlinux.fr
Mail : info@microlinux.fr
Tél. : 04 66 63 10 32

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Thu, 29 Sep 2011 21:04:39 +0300
Pop Horea-Vasile <pop.horea@lnxopensource.com> wrote:

> *Solution #1*
>
> 1. Boot up with a Ubuntu live CD (normal Desktop install CD) and
> enter a live graphical session.
> 2. Mount the partitions containing both the / and /usr directories of
> your Ubuntu installation. 99.99% of the time they are on the same
> partition (say it's /dev/sda1 in this example):
>
> $ sudo mount /dev/sda1 /mnt
>
> The above can also be accomplished in GNOME by clicking on the
> partition (drive icon) under Places in the top menu (Panel).
>
> 3. Change the root password:
>
> $ sudo chroot /mnt passwd root

Thanks, but I tried this via the maintenance session on the DVD, but on
rebooting it wouldn't accept the password

Would it be any different using a live graphical session? My feeling
is that there is something wrong with the mechanism that checks the
password and allows access.

- Richard

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Thu, 29 Sep 2011 20:43:29 +0200
Nicolas Kovacs <info@microlinux.fr> wrote:

> Then when you get a login prompt, do this:
>
> # mount -o remount,rw /
>
> Then do what you have to do, for example:
>
> # passwd

Thanks, but as I said in the original post, I tried this. It's not a
problem of not knowing the password, but rather one of the known
password not working.

- Richard

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Le 29/09/2011 22:26, Richard Kimber a écrit :

Thanks, but as I said in the original post, I tried this. It's not a
problem of not knowing the password, but rather one of the known
password not working.


Well, the passwd command in my example lets you redefine a password in a
shell that doesn't ask for one )


--
Microlinux - Solutions informatiques 100% Linux et logiciels libres
7, place de l'église - 30730 Montpezat
Web : http://www.microlinux.fr
Mail : info@microlinux.fr
Tél. : 04 66 63 10 32

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

richardkimber@btinternet.com wrote:
> I booted up a rescue session and set up passwords for both user and
> root, but neither was accepted by the system. I just can't get access
> to the machine at all.

In the rescue session, can you add a new user? If you do this, does
that user's username and password then work?

Can you see what's in the password field for that (first) user and root
in /etc/shadow? Do they contain only valid characters?

Is there anything in /var/log/auth.log to suggest precisely what the
problem is, or indeed does the error on the console give any
information?

> Is there anything I can do, short of re-installing?

Generally, yeah - pretty much anything configuration based just
invovles editing a test file, so presuming you can work out what needs
changing, and to what, it's fixable without a reboot.

--
Avi

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Thu, 29 Sep 2011 23:30:55 +0200
Nicolas Kovacs <info@microlinux.fr> wrote:

> > Thanks, but as I said in the original post, I tried this. It's not a
> > problem of not knowing the password, but rather one of the known
> > password not working.
>
> Well, the passwd command in my example lets you redefine a password
> in a shell that doesn't ask for one )

Sorry, I don't follow you. My objective is to be able to get back to
the normal login procedure, and I think it is this that is broken.

- Richard

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Thu, 29 Sep 2011 23:18:43 +0100
Avi Greenbury <lists@avi.co> wrote:

> In the rescue session, can you add a new user? If you do this, does
> that user's username and password then work?

Yes. I tried that and, after re-booting, was able to login using the
normal KDE screen using the new username and password.

However, I was unable to su to my normal user account - I get an
'authentication failure' error.

> Can you see what's in the password field for that (first) user and
> root in /etc/shadow? Do they contain only valid characters?

Well, it looks OK. The user entry has a very long string of characters
(92) where other entries are '*' but I guess that's normal. It's the
same for the new account I set up, and that worked OK.

> Is there anything in /var/log/auth.log to suggest precisely what the
> problem is, or indeed does the error on the console give any
> information?

Just 'authentication failure' errors where I have tried to login.

What would happen if, in recovery mode, I deleted all the users, and
then re-added my original user? (Presumably I couldn't delete the
root user, though - or is 'root' in recovery mode a different entity
from a normal root user?.) Would the files in the /home/user be affected
and would they keep the same UID and GID values? I'm getting into deep
(for me) waters here.

- Richard



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Thu, 29 Sep 2011 17:21:18 +0100
richardkimber@btinternet.com wrote:

> While adding a user to a group (in a new installation), via the KDE
> settings panel, the process seemed to go OK in the gui, but I found that
> the new group was not listed on the command line by the 'groups'
> command. When I tried to logout I got a message saying that policykit
> had crashed, and I then found that I could not log back in. I tried
> maintenance mode but couldn't get access.
>
> I booted up a rescue session and set up passwords for both user and
> root, but neither was accepted by the system. I just can't get access
> to the machine at all.
>
> Is there anything I can do, short of re-installing? It's taken me
> two and a half days to do the install and set everything up :-( so I'd
> like to be able avoid doing that again. Is there perhaps a package that
> could be re-installed in the rescue session that might solve it?

It turned out that in re-setting the passwords from the root shell available
via the 'repair broken system' option on the dvd, you mustn't use the same
password as the one that failed. I had assumed that you could reset
a password to anything you wanted, including the previous one. Clearly you
are limited to a subset of all possible passwords that doesn't include the
one that failed. Presumably re-setting the password doesn't update other
information that is crucial to letting you into the system, unless a
different one is detected.

Once I set a *completely* new password I was able to login normally. Thanks
to NoOp for his offline support and advice on this.

- Richard.
--
Richard Kimber
Political Science Resources
http://www.PoliticsResources.net/

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users