LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-20-2009, 06:13 PM   #16
fy1000000
LQ Newbie
 
Registered: May 2009
Posts: 15

Original Poster
Rep: Reputation: 0

Hi Tink,

I think I have a majoy problem here!

I looked around in the various directories (i.e. /home and /usr etc. etc.), I found most of these directories are empty. My biggest worry here is that I have some very important files saved under the /usr direcotry and where did they go?!?

Did these files get deleted by some processes that I am not aware of or is it because I "Linux init=/bin/bash" at Lilo and as a result, Linux hid them on me? I am very worry now, what have I done...

By the way, you asked me to "egrep -A 50 "^root:[^:]+:.*$" /dev/hda1"; after I issued the command, the cursor went away for anout 5 seconds, it then came back with no results... I gues that means it didn't find anything then?

Cheers!

FY
 
Old 05-20-2009, 07:02 PM   #17
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
They didn't disappear; they're just not being mounted in your
emergency boot mode.
Code:
/dev/hda9 /home ext3 defaults 0 2
/dev/hda8 /tmp ext3 defaults 0 2
/dev/hda5 /usr ext3 defaults 0 2
/dev/hda6 /var ext3 defaults 0 2
are invisible.
 
Old 05-20-2009, 07:11 PM   #18
fy1000000
LQ Newbie
 
Registered: May 2009
Posts: 15

Original Poster
Rep: Reputation: 0
Tink, thank you, thank you, thank you for that comment. At least I can sleep tonight!!!
 
Old 05-20-2009, 07:56 PM   #19
thorkelljarl
Senior Member
 
Registered: Jun 2008
Posts: 1,787

Rep: Reputation: 211Reputation: 211Reputation: 211
If this helps...

http://www.debuntu.org/recover-root-...-mode-and-grub

http://nixcraft.com/linux-software/2...user-mode.html

The operative search term is single user mode.

Last edited by thorkelljarl; 05-20-2009 at 08:11 PM.
 
Old 05-20-2009, 08:56 PM   #20
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 14,832

Rep: Reputation: 1820Reputation: 1820Reputation: 1820Reputation: 1820Reputation: 1820Reputation: 1820Reputation: 1820Reputation: 1820Reputation: 1820Reputation: 1820Reputation: 1820
Quote:
Originally Posted by fy1000000 View Post
# /etc/fstab: static file ssytem information.
#
# <file system> <mount point> <type <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/hda1 / ext3 defaults,errors=remount-ro 0 1
/dev/hda9 /home ext3 defaults 0 2
/dev/hda8 /tmp ext3 defaults 0 2
/dev/hda5 /usr ext3 defaults 0 2
/dev/hda6 /var ext3 defaults 0 2
/dev/hda7 none swap sw 0 0
/dev/hdc /media/cdrom0 iso9960 ro,user,noauto 0 0
That needs a fsck I'd say. Toying with it in the interim would likely only cause more problems
 
Old 05-21-2009, 02:58 PM   #21
fy1000000
LQ Newbie
 
Registered: May 2009
Posts: 15

Original Poster
Rep: Reputation: 0
Hi syg00,

Thanks for your comment. I have done a "fsck -n -v", here is what it came back with:

root@(none):/# fsck -n -v
fsck 1.37 (21-Mar-2005)
e2fsck 1.37 (21-Mar-2005)
/: clean, 14989/136544 files, 179264/273073 blocks
e2fsck 1.37 (21-Mar-2005)
/home: clean, 28635/8634368 files, 115115294/17261834 blocks
e2fsck 1.37 (21-Mar-2005)
/tmp: clean, 13/192768 files, 32460/393217 blocks
e2fsck 1.37 (21-Mar-2005)
/usr: clean, 110126/610432 files, 583029/1220932 blocks
e2fsck 1.37 (21-Mar-2005)
/var: clean, 11018/366528 files, 82957/732957 blocks
root@(none):/#

Everything seems clean... (I think?)...

Any comments? Thanks!

FY
 
Old 05-21-2009, 03:46 PM   #22
fy1000000
LQ Newbie
 
Registered: May 2009
Posts: 15

Original Poster
Rep: Reputation: 0
Hi thorkelljarl, thanks for the links. Unfortunately, those were the first ones I tried but I couldn't even get to the change "passwd" command. My system reports "bash: passwd: command not found" error. Any new thoughts?

Thanks!

FY
 
Old 05-21-2009, 04:33 PM   #23
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
As I said in a previous post: you'll need to specify the full path to
passwd or set the PATH environment variable since you're in rescue
mode (single user, init=/bin/bash), and the box knows nothing about
how to FIND those executables.


But given the fact that we hope to restore the shadow file at some
stage it may not be prudent to let loose the passwd command now, since
in the absence of shadow it will put the hash directly into /etc/passwd
which is a MAJOR security risk. passwd needs to be world readable (otherwise
no ordinary users could log in), but if it's world-readable and has the
password hash(es) anyone with access to it could use something like John
the ripper to run a dictionary or brute force password cracking attack.

Is there ANY older backup with an existing shadow file in place available?




Cheers,
Tink
 
Old 05-21-2009, 04:49 PM   #24
fy1000000
LQ Newbie
 
Registered: May 2009
Posts: 15

Original Poster
Rep: Reputation: 0
Hi Tink,

Coming from the Windows world, I can appreciate how the PATH variable work - thanks for the clarifications and reminder.

Sorry for not making this clearer in the past. Although there other users on the passwd list (not many, just a handful), none are of them currently works here so there is no problem with them wanting to access the linux box anymore. Further more, only I have physical access to this linux box and, if you want, I can disconnect it from the network within 5 seconds or less. So there should be no worry about John the Ripper coming unexpectedly. Does this help?

I tried looking for a backup copy everywhere, unfortunately, I was unable to do so. (the guys who left is nowhere to be found also...)

Thanks!

FY
 
Old 05-21-2009, 05:31 PM   #25
fy1000000
LQ Newbie
 
Registered: May 2009
Posts: 15

Original Poster
Rep: Reputation: 0
Hi Tink,

Is there a way that I can make an image of my hard disk in case I do more things to screw it up further? I read about the dd & dump commands, can they be used? Also, is it possible to mount an external USB drive to copy this image? Thanks!

FY
 
Old 05-21-2009, 06:21 PM   #26
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
You could use dd, but it's probably easier to use rsync or even tar (depending
on whether you've mounted the other file-systems manually after logging in,
that is).

Yes, mounting an external USB drive should be no problem as root.

Create a temporary mount-point (e.g. mkdir /tmp/usb).
Plug the USB drive in, look at the output of dmesg after maybe
5 - 10 seconds - you should see a new scsi-disk being detected,
use it's ID in the mount command ...
e.g.
mount -t auto /dev/sda1 /tmp/usb

If the external device is bigger than the built-in HDD you can
actually quite easily then do
dd if-=/dev/hda of=/tmp/usb/server_hd.img bs=4096




Cheers,
Tink
 
Old 05-22-2009, 12:37 AM   #27
murankar
Member
 
Registered: Jan 2008
Location: Cleveland Ohio
Distribution: Current CentOS 5.6
Posts: 117

Rep: Reputation: 20
Sorry about the long time between posts, got really busy. Anyways not all pcs use the Function keys to get to bios. Some use ESC or DEL to enter bios. Might need to check out the pc's docs to find out what the combo is to enter bios. My sony vaio uses f11 and f2 one changes the boot order for just that boot, the other goes to bios.

Also I am a big fan of the 5.1 Knoppix, it is a slightly older kernel and still has alot of legacy support which is what I like, plus it comes with a cd image which is smaller. I have not tried v6 yet so no input on it.
 
Old 05-22-2009, 11:46 AM   #28
fy1000000
LQ Newbie
 
Registered: May 2009
Posts: 15

Original Poster
Rep: Reputation: 0
Hi murankar, many thanks for your suggestion. And you are right! The key to get into the Bios on my Linux box is the <delete> key! I am now able to boot the Linux box with a Knoppix CD! As such, I am now studying http://linux.suramya.com/tutorials/ResetPassword/ to see if I can reset my password...

Thanks again.

FY
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I corrupted /etc/shadow shifty51 Linux - Newbie 4 03-21-2006 09:44 PM
shadow passwords help? SciYro Linux - Security 2 03-03-2004 06:11 AM
shadow passwords dtheorem Linux From Scratch 2 10-19-2003 12:40 AM
shadow passwords and mdf njnear Linux - Security 5 08-06-2003 04:41 PM
Am I using shadow passwords? keirobyn Linux - Newbie 1 01-28-2002 01:55 AM


All times are GMT -5. The time now is 12:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration