LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-07-2005, 02:11 AM   #1
Jabber
LQ Newbie
 
Registered: Oct 2005
Posts: 6

Rep: Reputation: 0
Angry Root password recovery


Hi,

I have problem with root password recovery. :-(

Distro: Redhat Fedora Core 3.

As I searched through the mailing list I found couple of ways to recover the root password.

1. Using single user mode
2. Using Linux installation CD and changing the files /etc/passwd and /etc/shadow. This included removing shadowing option in /etc/passwd file and removing the password hash in /etc/shadow.

Problem: I can not login in single user mode its password protected. And I do not know the password.

I used the second option but I could not reset the root password. Second time I tried this approach the /etc/shadow file was missing.

I need help on resetting the password. Is there any way to prevent unauthorized password modification? Is password change notification to sysadmin possible?

Let me know if you need more info.

Thanks a lot... in advance...

Devel.

We faced such problem due to an unethical staff of our company...
 
Old 11-07-2005, 02:37 AM   #2
ashamril
Member
 
Registered: Jan 2003
Location: cyberjaya
Distribution: rh mdk deb fed suse
Posts: 99

Rep: Reputation: 15
Quote:
2. Using Linux installation CD and changing the files /etc/passwd and /etc/shadow. This included removing shadowing option in /etc/passwd file and removing the password hash in /etc/shadow.
i'm not sure u did this but do u mount your root partition b4 u edit the files?

# mount /dev/hda2 /tmp/root

Last edited by ashamril; 11-07-2005 at 02:39 AM.
 
Old 11-07-2005, 03:30 AM   #3
Jabber
LQ Newbie
 
Registered: Oct 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Unhappy

Thanks for your reply ashamril.

Ooooops...

I think I have missed the part...

Quote:
Originally posted by ashamril

# mount /dev/hda2 /tmp/root
Here is what I did with the system...

I reboot the system with Fedora installation CD. went into rescue mode. changed the file passwd and shadow in /etc dir and rebooted the system again..

Did I miss anything else? It would be great if you outline the steps in detail.



Jabber..

Last edited by Jabber; 11-07-2005 at 03:43 AM.
 
Old 11-07-2005, 05:06 AM   #4
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 46
Quote:
changed the file passwd and shadow in /etc dir and rebooted the system again..
You shouldn't need to change /etc/shadow only remove the astericks from the file /etc/passwd, e.g.
root:*:0:0::/root:/bin/bash
change to
root::0:0::/root:/bin/bash

After booting into rescue mode type mount to see where your linux root partition (in my example /dev/hda2) is mounted. Make sure it is mounted rw, if not then remount it as rw, e.g.
If /dev/hda2 is mounted read-only at mountpoint /mnt/sysimage then do this:
mount /dev/hda2 /mnt/sysimage -o remount,rw

Now you can edit the file /mnt/sysimage/etc/passwd and make root non-password protected.

<edit> This is probably among the "Top 10 asked questions" here and searching the forums will produce many hits for you to look through.

Last edited by /bin/bash; 11-07-2005 at 05:09 AM.
 
Old 11-08-2005, 04:00 AM   #5
Jabber
LQ Newbie
 
Registered: Oct 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by /bin/bash
You shouldn't need to change /etc/shadow only remove the astericks from the file /etc/passwd, e.g.
root:*:0:0::/root:/bin/bash
change to
root::0:0::/root:/bin/bash
Thanks /bin/bash..

I did as you said and it worked..

Jabber.
 
Old 11-12-2005, 02:17 AM   #6
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 46
HTH
 
Old 11-27-2005, 04:23 PM   #7
reaping_ripper
LQ Newbie
 
Registered: Nov 2005
Location: Svenstavik, Sweden
Distribution: Gentoo
Posts: 3

Rep: Reputation: 0
How do i do when:
passwd: Autentication token manipulation error.

I run gentoo

EDIT: Problem solved thanks to kuser

Last edited by reaping_ripper; 01-06-2006 at 06:19 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Root Password Recovery ? Pravat Linux - Security 1 04-24-2005 04:46 AM
Password Recovery (not root) NewbGhostShells Linux - Newbie 3 12-17-2003 03:03 PM
SCO root password recovery sandoz *BSD 7 05-20-2003 06:43 PM
root password recovery... roofy Linux - Software 7 05-06-2003 02:37 PM


All times are GMT -5. The time now is 12:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration