root unable to login???

ajeetraina · 11-25-2007, 11:15 PM

This morning I tried to login as root in fedora machine it throws:

sh-3.00 # passwd root
passwd:unknown user name 'root'

I checked the /etc/passwd and /etc/shadow files and surpriswed to see the /etc/passwd.OLD file and shadow- file there.I deleted the file.
Now when I am trying to su - in runlevel 1 then its says user 'root' not found..though root user is already there.
--------------------------------------------------------------------
# useradd root
useradd:unknown gid 100
No group named "mail" exists,craeting mail spool with mode 0600
-----------------------------------------------------------------

I have very critical project running on this machine and unable to login in runlevel 3 or 5.

HElp???

trickykid · 11-26-2007, 07:23 AM

So first thing you need to do is unplug this machine from the network if it has net access. Secondly, boot into single user mode or from a rescue disk and fix your root login, change the password, etc. Don't you find it odd that you had a passwd.OLD file in place of what should have been there. Sound like your shit got cracked probably cause you were logging in as root.

Also, why do you need to login as root? Setup sudo, more secure.

Tinkster · 11-26-2007, 11:35 AM

Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.

http://www.linuxquestions.org/questi...s-root-601813/
http://www.linuxquestions.org/questi...roblem-602346/

ikehack · 11-26-2007, 04:24 PM

Were you able to (or given the option) to set a root user and/or password during the Fedora installation? I haven't fooled with FC all that much.

ajeetraina · 11-26-2007, 11:19 PM

Sorry for the duplicate post..actually I put the query in newbies but couldnt get the sufficient help...there should be some criteria in whcih we can transport the posted message to different section if it has not been answered within the group.that will probably help the sufferer like me to make it view to different professionals.As a Server specialist will rarely visit programming section.Isnt it??
Reply to second post....How can I setup sudo then?need your help?
Actly the problem came to light when I was trying to configure Fedora DS Client and when I ran #getent passwd it transported all the users created in server to my machine.That overwrote the root id and it showed 500 as uid rather than 0 for root.Thats the moment the problem started.Can You help me with step by step as I cant take risk myself since the critical project is in operation in that machine.

Also,why it is showing the error:

------------------------------------------------
No group named "mail" exists,craeting mail spool with mode 0600
----------------------------------------------------
Any idea???
Plzz Help

ajeetraina · 11-27-2007, 12:34 AM

HALF WORK DONE !!!!!!

What I did was this time I checked wit the two file : /etc/pam.d/system-auth and /etc/pam.d/login..and changed all the settings to sufficient and tried to login.Before that I deleted all the users from /etc/passwd and shadow.Now in single mode I created a user called vjs and submitted a password to it.Now when I am tryign to login as vjs supplyig the password in 5th runlevel it says : user vjs with id=501 doesnt exist.
and threw the shell as
[I have no name!localhost]$

Any idea?how can i get rid of that?????

jschiwal · 11-27-2007, 01:37 AM

The best way may be to restore the old /etc/passwd and /etc/shadow from backup. When you deleted passwd.old you may have deleted your account information.

getent retrieves an item or items from a particular database such as /etc/passwd or /etc/networks and prints it to stdout. Did you do more that this? What was the source. For example, if you run "getent passwd" you could enter "sudo getent shadow" to get the shadow file entries from the same source. What is in /etc/passwd now. I wonder if you replaced /etc/passwd from another source but didn't replace the cooresponding shadow file. It is possible that someone manually edited /etc/passwd (instead of using usermod) in the past and made a backup first.

Look at "getent passwd" and "sudo getent shadow" from the same source and compare them with your current /etc/passwd and /etc/shadow.

To be able to login, you could reset the root passwd. Boot up with a rescue disk and mount the root partition.
Change the UID & GID to 0 as it should be, and zero the passwd entry in /etc/shadow.
[code]
/etc/passwd:
root:x:0:0:root:/root:/bin/bash

/etc/shadow:
root::13828::::::
[code]

Then reboot and try to login as root. If you can, run the "passwd" program to create a new passwd.

Then backup up the important project you mentioned.

System users will have entries like "news:x:9:13:news:/etc/news:" in /etc/passwd and "mail:*:13709:0:99999:7:::" in /etc/shadow. Note the "*". A system users account is disabled and doesn't have a passwd. I'm not certain if mail's uid and gid are fixed for a particular distro or are created when the system user is created. You could look at the gid of a directory you know is owned by the mail user.

Code:

sudo find ./ -group mail -exec ls -nd '{}' \;
drwx------ 2 0 12 4096 Nov 26 05:04 ./spool/mqueue
drwxrwxr-x 2 0 12 4096 Nov 26 05:04 ./spool/mail
-rw-rw---- 1 1000 12 0 Jul 15 07:12 ./spool/mail/jschiwal

Using another FC machine as a model, you may be able to reconstruct the /etc/passwd, /etc/shadow, and /etc/group system user entries. Especially if the UID & GID values are fixed. If not, you could look at the query listing of the rpm package giving you that service to find out what files or directories if any are owned by that service. Then examine the "ls -ln" listing of that file or "ls -lnd" listing of a directory to find out what the UID & GID values are.

Good Luck!
---

Just my 2 cents worth.
For a Fedora Core or Red Hat host, it may be better in the future to use a system-config program to change the authentication source in the future. You not only have to worry about samba & pam, but possibly have se_linux settings to contend with.

jschiwal · 11-27-2007, 01:40 AM

I started working on my response before your last one. Are you certain that you still are using /etc/passwd and /etc/shadow for login authentication. You did mention it was a Domain Member client.

colucix · 11-27-2007, 02:39 AM

Quote:

Originally Posted by ajeetraina

Sorry for the duplicate post..actually I put the query in newbies but couldnt get the sufficient help...there should be some criteria in whcih we can transport the posted message to different section if it has not been answered within the group.

A little off-topic, but worth to mention: you can ask a moderator to move your thread in another forum, by reporting your own post (see the REPORT button at the bottom of each single post) or you can e-mail to moderators (in the main page of each forum - at the bottom right - moderators are listed).