You may have made a mess (or, maybe not). You'll need to be logged in as root to do the following: Be Careful! It would be a good idea to put the system in runlevel 3 (console, no X running); you can do that as in a terminal emulator (if X is running) with
That will cause a shutdown and restart and you'll come up running in the console (no X, all command line).
ls -al /etc/passwd
-rw-r--r-- 1 root root 1263 Oct 19 13:09 /etc/passwd
That's owner root, group root and mask 644 (chmod 644 /etc/passwd
if it's not).
ls -al /etc/shadow
-rw-r----- 1 root shadow 741 Oct 19 13:09 /etc/shadow
That's owner root, group shadow and mask 640 (chmod 640 /etc/shadow
if it's not).
is where the actual password are stored, not
Take a look at /etc/passwd
, there should not be any encrypted passwords in it (you may
have inadvertently created a password in there -- or not, but look anyway). See below for what an encrypted password in /etc/shadow
If there is a password in /etc/passwd
, you're going to need to remove that field (only
that field, not the entire line!), replace the encrypted password with an x, and then execute the passwd
utility to set a password, which will get written into /etc/shadow
where it belongs.
file should look a lot like this (not exactly, but real similar -- don't edit it and try to make it look exactly like this, yours will probably be different -- what you're looking for is a password in there, if there isn't one, you're good to go); don't forget that every account is followed by ":x:" and that "x" has to be there:
rpc:x:32:32:RPC portmap user:/:/bin/false
apache:x:80:80:User for Apache:/srv/httpd:/bin/false
messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
<user accounts start here>
file should look a lot like this (ditto the above caution). Do NOT
edit anything in this file:
<user account passwords start here>
Notice that the root line in /etc/passwd
and in /etc/shadow
the "x" in the second field (the first field contains root
and the fields are separated by colons). The second field in /etc/shadow
is the same format and the password is $1$a7IEQ/cm$N33kwrt.F6iuXHEKq5/NS/
; it's encrypted, yours will not
be the same.
In runlevel 3 you can reset things like they need to be; simply execute passwd
and set a new root password (or set it to what it was, doesn't matter).
If you had encrypted passwords in /etc/passwd
, you'll need to remove the second field from each account line, save the file and then create new passwords. Remember that you have to have the account name, colon, x, colon as the first two fields. Then, use passwd
to set passwords and tell the users to change 'em (use something like "today28" for an initial user password and insist that they change it to what they want).
If there weren't any encrypted passwords in /etc/passwd
, you may be able to fix things by simply using the passwd
utility and reset every password on the system (that'll give you a clean /etc/shadow
). Set the root password to what you want, set all the user password to "today28" (or whatever) and have you users change that to whatever they want.
I have seen the condition happen one time in over 30 years (from Unix System 3, through Unix SVR4, through Solaris to Linux) -- and that one time was about four years ago. Don't know why, not real sure what caused it, but this is one way to clean it up if you somehow managed to get passwords in /etc/passwd
You may -- may! -- need to do some editing in your boot loader (I know nothing about GRUB and can't help with that).
Hope this helps some.
Forgot to mention -- you probably do not want to ever do this again, eh?