LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-28-2003, 02:45 PM   #1
ssobeht
Member
 
Registered: Oct 2003
Distribution: Debian Sarge
Posts: 207

Rep: Reputation: 30
Viewing my root password / creating an all permissions user


I forgot my root password and want to view it. I read in a very old post howt to boot as single and change it, but i cant change it because there are more people using this PC and needing root. If i were not able to view the password, how can i create a user which has all privileges (as root ).

thanx.
biez!
 
Old 10-28-2003, 02:51 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
You will need to be root to add another user and you ca't reset your root password unless you are root or you reboot into single usermode.

The only other way is if you can find a backdoor into your system.
 
Old 10-28-2003, 03:09 PM   #3
Ginux
Member
 
Registered: Oct 2003
Location: Montpellier, Milano
Distribution: RedHat
Posts: 81

Rep: Reputation: 15
Well, don't forget the obvious... ASK? if your a ligit user of the system just ask the other people/administrators.
If the password is encrypted, then sorry... the hash changes at every reboot if I'm not mistaken (to prevent non root users to decipher/crack the password).

Ginux
 
Old 10-29-2003, 02:54 AM   #4
ssobeht
Member
 
Registered: Oct 2003
Distribution: Debian Sarge
Posts: 207

Original Poster
Rep: Reputation: 30
I tried to inti as single user using -init 1, but it asked me for the root password!! ...mmm. I cant ask (social engeneering is not usefull in this case ) i tried also using -single and -init=/bash/sh but it intialized normally as my non-priviledged user.
Why does this happends.... who and how does not let me init as single.... mmm really strage
 
Old 10-29-2003, 04:05 AM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
So the real question is, why are you trying to get root access to a machine where you cannot ask for the root password again (if you had it legitimately before)?

Why do I get the feeling that you're not exactly welcome on this system?
 
Old 10-29-2003, 06:23 AM   #6
ssobeht
Member
 
Registered: Oct 2003
Distribution: Debian Sarge
Posts: 207

Original Poster
Rep: Reputation: 30
well, you cought me
i can explain the situation:
in my school there is being made a project of the goverment about the computers in studies etc.. so we have 15 computers (1 per 2 people) in all classes. The problem we found (teachers and students) is that we cannot install many programs because noone (even teachers) in the school knows the root pass. That's why one of my teachers, knowing that i'm already used to linux (i installed linux at home last year, and i love it) asked me to get the pass.
a beatiful story, isn't it?. Can anybody help me?
 
Old 10-29-2003, 07:35 AM   #7
hw-tph
Senior Member
 
Registered: Sep 2003
Location: Sweden
Distribution: Debian
Posts: 3,032

Rep: Reputation: 57
Ask the administrative staff. If they don't give you root access they probably have a good reason.

Btw, you can install a lot of software in your home directory. Just pass the installation prefix to the configuration script.

Håkan
 
Old 10-29-2003, 10:49 AM   #8
ssobeht
Member
 
Registered: Oct 2003
Distribution: Debian Sarge
Posts: 207

Original Poster
Rep: Reputation: 30
ok, i'll try to compile the software bymyself with the home dir as installation prefix. I usually prefer .deb packages anyway .

thanx u all!
 
Old 10-30-2003, 08:58 AM   #9
ssobeht
Member
 
Registered: Oct 2003
Distribution: Debian Sarge
Posts: 207

Original Poster
Rep: Reputation: 30
...anyway... im still triying. Today I accesed as root! While probing everything in the -init option did not worked (asked x a pass or started normally) i discovered how to enter as root: the fsck!
My partner didn't shut down the PC right and when i started the Fsck started to work... and after a while it stoped and asked me to do a manual sfck without -a parameter. So... i found myself typing in the shell as root! I mounted the root fs but ... SURPRISE! that computer does not have any user / password managing program, even passwd, useradd, etc... mmm
The one who designed that distrib (http://www.guadalinex.org) is bloody PARANOIC!
any suggestions?
 
Old 10-30-2003, 09:57 AM   #10
iaredam
LQ Newbie
 
Registered: Aug 2003
Location: usa
Distribution: Slack 9.1 & LFS 5.0
Posts: 18

Rep: Reputation: 0
I know with rh if you boot off of the install CD you can go into rescue mode. Once you are in rescue mode you can do a chroot to the primary partition which will most likely be mounted in the /mnt part. Once you chroot you can install apps and make changes to the system b/c the security policy doesn't start since it booted from the CD. You probably could copy the useradd from another distribution that is like it and add new users or change users privileges
 
Old 10-30-2003, 10:24 AM   #11
ssobeht
Member
 
Registered: Oct 2003
Distribution: Debian Sarge
Posts: 207

Original Poster
Rep: Reputation: 30
thats what i was going 2 do
 
Old 10-30-2003, 01:53 PM   #12
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Quote:
Originally posted by iaredam
I know with rh if you boot off of the install CD you can go into rescue mode. Once you are in rescue mode you can do a chroot to the primary partition which will most likely be mounted in the /mnt part. Once you chroot you can install apps and make changes to the system b/c the security policy doesn't start since it booted from the CD. You probably could copy the useradd from another distribution that is like it and add new users or change users privileges
One good reason to make sure you don't set your BIOS to boot from CD and also put a supervisor password on it.
 
Old 10-31-2003, 05:28 AM   #13
Robert0380
Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
david_ross,

good point but yet even still, removing the CMOS battery = disabling the BIOS passwd on a lot of mother boards, or has this changed recently??

The more i think about it, it is 2 easy to get the root password or root access to a Linux box. And on a windows machine u can get all the data off by A installing the next highest version of windows on the same partition or B installing a Knoppix CD and letting it automount the drives for you.

Bascially, once someone has physical access to the machine, there is not much preventing them from gettin root access and doing whatever they want.

If he wanted, he could burn a Gentoo CD, boot it, create a passwd file via the passwd command, mount the drive in question, and copy the created passwd file over the one on the mounted drive, boot back into installed OS and use newly created password.

i have yet to try this because i have no need to, but if this is as easy as I say, make sure you keep your most precious machines behind good physical security as well as internet security.
 
Old 10-31-2003, 10:20 AM   #14
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Robert, even with WinXP you can simply use the Win2K disk to go into recovery mode, so it's not like it's impossible to change the Admin password on Windows. Also, someone has created a great little Linux floppy imagine with Windows password manipulation tools. Just boot off the floppy and WHEEEE (so I'm told).

There are always measures and counter-measures, but let's just generally assume that physical access to a box will allow root after some amount of time. You can put things in place so the time required to get root will be longer, but you can't make it impossible. The only way to save your data is to encrypt it.

Of course, most critically important machines should not be in a place where anyone has access to them. For instance, credit card companies keep their transaction approving machines in guarded data centers with many layers of physical access controls, including man-traps, multiple access badges, etc.
 
Old 10-31-2003, 11:10 AM   #15
zaphodiv
Member
 
Registered: Oct 2003
Distribution: Slackware
Posts: 388

Rep: Reputation: 30
>the hash changes at every reboot if I'm not mistaken
>(to prevent non root users to decipher/crack the password).

I'v never seen a linux machine that does that and I don't
think it would provide any security. The whole point of a
hash is that is produces the same result every time but
is not reversable.
Perhaps you meant changing the salt every time the user logs
in? The plaintext password would be requried to make a new.
hash. That would not make the machine any more secure
since someone who has got access to the shadow password
file still knows the hash, the salt and the algorithm.

>So... i found myself typing in the shell as root!
At this point you could have copied /etc/shadow and taken it home to run through a cracking program. If the password
is an english word then it will be found in minutes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 10:28 PM
Creating a user with no permissions... defa0009 Linux - Newbie 4 05-15-2005 02:24 PM
what is the command to make a user change their password after creating a new user? naweenio Linux - Newbie 7 01-05-2005 07:07 AM
Creating file link -- user needs permissions? AnthonyM Linux - General 1 07-07-2003 12:18 PM
Creating a User with No Password? OldNewUser Linux - Networking 1 08-26-2002 09:56 AM


All times are GMT -5. The time now is 10:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration