After logging as root, how to change the password for the user "admin: without knowing its current password?

# /usr/bin/passwd admin
Changing password for user admin.
Changing password for admin
(current) password:
passwd: Authentication token manipulation error

It would help (me) to have a couple of items of information:

1. Version of Linux (Slackware, Ubuntu, Fedora).
2. egrep 'root|admin' /etc/passwd
3. Are you running SELinux?

You might also wish to look at the following:
http://www.linuxquestions.org/questi...on-error-2813/

... Mark

Fedora Core 6 : kernel 2.6.18-1.2798.fc6

# egrep 'root|admin' /etc/passwd
root:x:0:0:root:/root:/bin/bash
admin:x:0:0:root:/root:/usr/comp/lush/lush
operator:x:11:0perator:/root:/sbin/nologin

How to find out whether SELinux is installed or running?

My question is, Why do you have a user called admin with the same uid as root? That's just bad and opens this machine up to all kinds of security related issues. I'd like to know the reason behind this, if any? If it's for some application, I'd talk to the developers to rethink how they need to develop such application without needing an active account with root power across the whole system.

And you're probably getting the manipulation token error cause you have two uid's with the same value.

Bad bad bad.. in my opinion. When root changes a password, it usually will not prompt for the existing password, root is god, don't create other accounts with same UID as root with 0.

The admin account is a quick and dirty way to execute some privileged commands.
Besides using "sudo", are there alternatives?

Having more that one username with the same userid is a dangerous activity, especially for root. Hence the purpose of sudo. To allow some people to run some commands that they could not otherwise use, AND track their use of sudo and the things they did (if you have accounting running (pacct)).

As root run the following:
if [ -e `which selinuxenabled` ] ; then `which selinuxenabled` ; if [ $? -eq 0 ] ; then echo "SELinux enabled" ; else echo "SELinux disabled" ; fi; else echo "SELinux not installed"; fi

Below is a really good tutorial on setting up sudo.
http://www.onlamp.com/pub/a/bsd/2002...y_Daemons.html

... Mark

Might be quick and dirty but add in insecure as well. You can easily implement sudo to run what you need without passwords, etc. If you're going to run a user with the UID of 0, basically making it another root user, you might as well just login and use root, there's no difference in what your doing except possibly security through obscurity, which never works and is not fool proof.

Obscurity? The username is "admin" hehehehehe. So, nor even that.

Use sudo. By deleting the admin user you will also fix the "problem" that you created and this thread will be solved as well.

Well, anyone in the Unix world all know root is god. I've seen plenty of accounts created as admin that aren't necessarily given anything close to root privileges. When I think of admin or administrator, I think of Windows.

Sure. But regardless, I don't think I am wrong if I say that 100% of the dictionary based attacks will try that word on an early stage. It's not that uncommon, and even if it can't guarantee root access, it's a good start.

Believe me, someone that short sighted as to set an user account called "admin" with a weak password that can be cracked, has probably made much more errors that will make the system vulnerable enough if you get to log with that user.

There's no obscurity in using "admin" as an user or root account as there's no obscurity in using an account name named "Joseph" either and putting your ID number as a password. But that's what a lot of people do. So, it's doesn't really matter if the "admin" user has root privileges or not (that's just a bonus that the eventual attacker will find and enjoy). The point is that, as you said, there's a lot of people that use "admin" for one purpose or another. So, it's a very common name to find on a name generator, and even in dictionaries for passwords (yeah, some people is that way).

As long as it's on the dictionary or it's close enough, there's no obscurity at all, because attackers don't care about what the user name is supposed to be. They can try lots of times on lots of computers, and the ip banning is not invulnerable. When it comes to security the best you can do is to put as many layers as possible in the middle.

That's why admins use tools like johntheripper to check the integrity of the passwords. A weak password is a way for an attacker to get into the system. Once you are there, if you are smart enough you can wait, watch, and find a way to scale privileges.

Not really on topic ...
Like what kind of security problem?

I have some machines here that have this.. hum.. feature.. And i vaguely remember that this is not good habit but more precisely what's the risk?

I'm not the admin but the admin created me this kind of UID 0 account. He said he doesn't want to install any packages.. like sudo... As I can now change he's root password, that's not very logical but that's not the point, I just want to know the real risk of having two same UID 0.

Thanks!