LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Ubuntu (http://www.linuxquestions.org/questions/ubuntu-63/)
-   -   User account issue after moving passwd file (http://www.linuxquestions.org/questions/ubuntu-63/user-account-issue-after-moving-passwd-file-4175451955/)

Prabhu.Are 02-27-2013 02:10 PM

User account issue after moving passwd file
 
Hi

I'm running into a critical situation with my ubuntu12.04 OS. I did a test by moving /etc/passwd file to desktop, after a restart it got strucked up in GRUB menu without booting in. After that I replaced the passwd file into /etc folder by taking the root access through GRUB menu (by chaning the init).

Now I'm unable to login to the Administrator account through GUI (Graphical User login), but I'm able to access my Administrator account through terminal. simillarly it happens to the standered users also. But not to the root account. Means, I can loging to the root account with the root password in GUI.

I would really appreciate for your valuable comments.

tronayne 02-28-2013 10:36 AM

You may have made a mess (or, maybe not). You'll need to be logged in as root to do the following: Be Careful! It would be a good idea to put the system in runlevel 3 (console, no X running); you can do that as in a terminal emulator (if X is running) with
Code:

su -
init 3

That will cause a shutdown and restart and you'll come up running in the console (no X, all command line).

/etc/passwd should be
Code:

ls -al /etc/passwd
-rw-r--r-- 1 root root 1263 Oct 19 13:09 /etc/passwd

That's owner root, group root and mask 644 (chmod 644 /etc/passwd if it's not).

/etc/shadow should be
Code:

ls -al /etc/shadow
-rw-r----- 1 root shadow 741 Oct 19 13:09 /etc/shadow

That's owner root, group shadow and mask 640 (chmod 640 /etc/shadow if it's not).

(/etc/shadow is where the actual password are stored, not in /etc/passwd).

Take a look at /etc/passwd, there should not be any encrypted passwords in it (you may have inadvertently created a password in there -- or not, but look anyway). See below for what an encrypted password in /etc/shadow looks like.

If there is a password in /etc/passwd, you're going to need to remove that field (only that field, not the entire line!), replace the encrypted password with an x, and then execute the passwd utility to set a password, which will get written into /etc/shadow where it belongs.

Your /etc/passwd file should look a lot like this (not exactly, but real similar -- don't edit it and try to make it look exactly like this, yours will probably be different -- what you're looking for is a password in there, if there isn't one, you're good to go); don't forget that every account is followed by ":x:" and that "x" has to be there:
Code:

cat /etc/passwd
root:x:0:0::/root:/bin/ksh
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/log:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0:operator:/root:/bin/bash
games:x:12:100:games:/usr/games:/bin/false
ftp:x:14:50::/home/ftp:/bin/false
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false
rpc:x:32:32:RPC portmap user:/:/bin/false
sshd:x:33:33:sshd:/:/bin/false
gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
oprofile:x:51:51:oprofile:/:/bin/false
apache:x:80:80:User for Apache:/srv/httpd:/bin/false
messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
pop:x:90:90:POP:/:/bin/false
nobody:x:99:99:nobody:/:/bin/false
<user accounts start here>

Your /etc/shadow file should look a lot like this (ditto the above caution). Do NOT edit anything in this file:
Code:

cat /etc/shadow
root:$1$a7IEQ/cm$N33kwrt.F6iuXHEKq5/NS/:15106:0:::::
bin:*:9797:0:::::
daemon:*:9797:0:::::
adm:*:9797:0:::::
lp:*:9797:0:::::
sync:*:9797:0:::::
shutdown:*:9797:0:::::
halt:*:9797:0:::::
mail:*:9797:0:::::
news:*:9797:0:::::
uucp:*:9797:0:::::
operator:*:9797:0:::::
games:*:9797:0:::::
ftp:*:9797:0:::::
smmsp:*:9797:0:::::
mysql:*:9797:0:::::
rpc:*:9797:0:::::
sshd:*:9797:0:::::
gdm:*:9797:0:::::
oprofile:*:9797:0:::::
pop:*:9797:0:::::
apache:*:9797:0:::::
messagebus:*:9797:0:::::
haldaemon:*:9797:0:::::
nobody:*:9797:0:::::
<user account passwords start here>

Notice that the root line in /etc/passwd looks like
Code:

root:x:0:0::/root:/bin/ksh
and in /etc/shadow:
Code:

root:$1$a7IEQ/cm$N33kwrt.F6iuXHEKq5/NS/:15106:0:::::
In /etc/passwd the "x" in the second field (the first field contains root and the fields are separated by colons). The second field in /etc/shadow is the same format and the password is $1$a7IEQ/cm$N33kwrt.F6iuXHEKq5/NS/; it's encrypted, yours will not be the same.

In runlevel 3 you can reset things like they need to be; simply execute passwd and set a new root password (or set it to what it was, doesn't matter).

If you had encrypted passwords in /etc/passwd, you'll need to remove the second field from each account line, save the file and then create new passwords. Remember that you have to have the account name, colon, x, colon as the first two fields. Then, use passwd to set passwords and tell the users to change 'em (use something like "today28" for an initial user password and insist that they change it to what they want).

If there weren't any encrypted passwords in /etc/passwd, you may be able to fix things by simply using the passwd utility and reset every password on the system (that'll give you a clean /etc/shadow). Set the root password to what you want, set all the user password to "today28" (or whatever) and have you users change that to whatever they want.

I have seen the condition happen one time in over 30 years (from Unix System 3, through Unix SVR4, through Solaris to Linux) -- and that one time was about four years ago. Don't know why, not real sure what caused it, but this is one way to clean it up if you somehow managed to get passwords in /etc/passwd.

You may -- may! -- need to do some editing in your boot loader (I know nothing about GRUB and can't help with that).

Hope this helps some.

Forgot to mention -- you probably do not want to ever do this again, eh?

Randicus Draco Albus 03-01-2013 03:06 AM

Quote:

Originally Posted by Prabhu.Are (Post 4901079)
I did a test by moving /etc/passwd file to desktop

Why on Earth would you even think of such a thing? The files that are in /, /etc, /bin, /sys, /boot, et cetera, are there for a reason. I do not intend to rub salt in the wound, but before you do any more "testing", I recommend you do some research on the Linux file system and how it relates to shell commands. Otherwise, you will have more "critical situations" in the future.

And good luck sorting this problem out.


All times are GMT -5. The time now is 10:12 PM.