EDK corrupted all my passwords? Can't find /etc/shadow file to edit!
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I looked around in the various directories (i.e. /home and /usr etc. etc.), I found most of these directories are empty. My biggest worry here is that I have some very important files saved under the /usr direcotry and where did they go?!?
Did these files get deleted by some processes that I am not aware of or is it because I "Linux init=/bin/bash" at Lilo and as a result, Linux hid them on me? I am very worry now, what have I done...
By the way, you asked me to "egrep -A 50 "^root:[^:]+:.*$" /dev/hda1"; after I issued the command, the cursor went away for anout 5 seconds, it then came back with no results... I gues that means it didn't find anything then?
Hi thorkelljarl, thanks for the links. Unfortunately, those were the first ones I tried but I couldn't even get to the change "passwd" command. My system reports "bash: passwd: command not found" error. Any new thoughts?
As I said in a previous post: you'll need to specify the full path to
passwd or set the PATH environment variable since you're in rescue
mode (single user, init=/bin/bash), and the box knows nothing about
how to FIND those executables.
But given the fact that we hope to restore the shadow file at some
stage it may not be prudent to let loose the passwd command now, since
in the absence of shadow it will put the hash directly into /etc/passwd
which is a MAJOR security risk. passwd needs to be world readable (otherwise
no ordinary users could log in), but if it's world-readable and has the
password hash(es) anyone with access to it could use something like John
the ripper to run a dictionary or brute force password cracking attack.
Is there ANY older backup with an existing shadow file in place available?
Coming from the Windows world, I can appreciate how the PATH variable work - thanks for the clarifications and reminder.
Sorry for not making this clearer in the past. Although there other users on the passwd list (not many, just a handful), none are of them currently works here so there is no problem with them wanting to access the linux box anymore. Further more, only I have physical access to this linux box and, if you want, I can disconnect it from the network within 5 seconds or less. So there should be no worry about John the Ripper coming unexpectedly. Does this help?
I tried looking for a backup copy everywhere, unfortunately, I was unable to do so. (the guys who left is nowhere to be found also...)
Is there a way that I can make an image of my hard disk in case I do more things to screw it up further? I read about the dd & dump commands, can they be used? Also, is it possible to mount an external USB drive to copy this image? Thanks!
You could use dd, but it's probably easier to use rsync or even tar (depending
on whether you've mounted the other file-systems manually after logging in,
Yes, mounting an external USB drive should be no problem as root.
Create a temporary mount-point (e.g. mkdir /tmp/usb).
Plug the USB drive in, look at the output of dmesg after maybe
5 - 10 seconds - you should see a new scsi-disk being detected,
use it's ID in the mount command ...
mount -t auto /dev/sda1 /tmp/usb
If the external device is bigger than the built-in HDD you can
actually quite easily then do
dd if-=/dev/hda of=/tmp/usb/server_hd.img bs=4096
Sorry about the long time between posts, got really busy. Anyways not all pcs use the Function keys to get to bios. Some use ESC or DEL to enter bios. Might need to check out the pc's docs to find out what the combo is to enter bios. My sony vaio uses f11 and f2 one changes the boot order for just that boot, the other goes to bios.
Also I am a big fan of the 5.1 Knoppix, it is a slightly older kernel and still has alot of legacy support which is what I like, plus it comes with a cd image which is smaller. I have not tried v6 yet so no input on it.
Hi murankar, many thanks for your suggestion. And you are right! The key to get into the Bios on my Linux box is the <delete> key! I am now able to boot the Linux box with a Knoppix CD! As such, I am now studying http://linux.suramya.com/tutorials/ResetPassword/ to see if I can reset my password...