LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices

Reply
 
Search this Thread
Old 02-27-2013, 02:10 PM   #1
Prabhu.Are
LQ Newbie
 
Registered: Oct 2012
Posts: 24

Rep: Reputation: Disabled
User account issue after moving passwd file


Hi

I'm running into a critical situation with my ubuntu12.04 OS. I did a test by moving /etc/passwd file to desktop, after a restart it got strucked up in GRUB menu without booting in. After that I replaced the passwd file into /etc folder by taking the root access through GRUB menu (by chaning the init).

Now I'm unable to login to the Administrator account through GUI (Graphical User login), but I'm able to access my Administrator account through terminal. simillarly it happens to the standered users also. But not to the root account. Means, I can loging to the root account with the root password in GUI.

I would really appreciate for your valuable comments.
 
Old 02-28-2013, 10:36 AM   #2
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,008

Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742
You may have made a mess (or, maybe not). You'll need to be logged in as root to do the following: Be Careful! It would be a good idea to put the system in runlevel 3 (console, no X running); you can do that as in a terminal emulator (if X is running) with
Code:
su -
init 3
That will cause a shutdown and restart and you'll come up running in the console (no X, all command line).

/etc/passwd should be
Code:
ls -al /etc/passwd
-rw-r--r-- 1 root root 1263 Oct 19 13:09 /etc/passwd
That's owner root, group root and mask 644 (chmod 644 /etc/passwd if it's not).

/etc/shadow should be
Code:
ls -al /etc/shadow
-rw-r----- 1 root shadow 741 Oct 19 13:09 /etc/shadow
That's owner root, group shadow and mask 640 (chmod 640 /etc/shadow if it's not).

(/etc/shadow is where the actual password are stored, not in /etc/passwd).

Take a look at /etc/passwd, there should not be any encrypted passwords in it (you may have inadvertently created a password in there -- or not, but look anyway). See below for what an encrypted password in /etc/shadow looks like.

If there is a password in /etc/passwd, you're going to need to remove that field (only that field, not the entire line!), replace the encrypted password with an x, and then execute the passwd utility to set a password, which will get written into /etc/shadow where it belongs.

Your /etc/passwd file should look a lot like this (not exactly, but real similar -- don't edit it and try to make it look exactly like this, yours will probably be different -- what you're looking for is a password in there, if there isn't one, you're good to go); don't forget that every account is followed by ":x:" and that "x" has to be there:
Code:
cat /etc/passwd
root:x:0:0::/root:/bin/ksh
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/log:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0:operator:/root:/bin/bash
games:x:12:100:games:/usr/games:/bin/false
ftp:x:14:50::/home/ftp:/bin/false
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false
rpc:x:32:32:RPC portmap user:/:/bin/false
sshd:x:33:33:sshd:/:/bin/false
gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
oprofile:x:51:51:oprofile:/:/bin/false
apache:x:80:80:User for Apache:/srv/httpd:/bin/false
messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
pop:x:90:90:POP:/:/bin/false
nobody:x:99:99:nobody:/:/bin/false
<user accounts start here>
Your /etc/shadow file should look a lot like this (ditto the above caution). Do NOT edit anything in this file:
Code:
cat /etc/shadow
root:$1$a7IEQ/cm$N33kwrt.F6iuXHEKq5/NS/:15106:0:::::
bin:*:9797:0:::::
daemon:*:9797:0:::::
adm:*:9797:0:::::
lp:*:9797:0:::::
sync:*:9797:0:::::
shutdown:*:9797:0:::::
halt:*:9797:0:::::
mail:*:9797:0:::::
news:*:9797:0:::::
uucp:*:9797:0:::::
operator:*:9797:0:::::
games:*:9797:0:::::
ftp:*:9797:0:::::
smmsp:*:9797:0:::::
mysql:*:9797:0:::::
rpc:*:9797:0:::::
sshd:*:9797:0:::::
gdm:*:9797:0:::::
oprofile:*:9797:0:::::
pop:*:9797:0:::::
apache:*:9797:0:::::
messagebus:*:9797:0:::::
haldaemon:*:9797:0:::::
nobody:*:9797:0:::::
<user account passwords start here>
Notice that the root line in /etc/passwd looks like
Code:
root:x:0:0::/root:/bin/ksh
and in /etc/shadow:
Code:
root:$1$a7IEQ/cm$N33kwrt.F6iuXHEKq5/NS/:15106:0:::::
In /etc/passwd the "x" in the second field (the first field contains root and the fields are separated by colons). The second field in /etc/shadow is the same format and the password is $1$a7IEQ/cm$N33kwrt.F6iuXHEKq5/NS/; it's encrypted, yours will not be the same.

In runlevel 3 you can reset things like they need to be; simply execute passwd and set a new root password (or set it to what it was, doesn't matter).

If you had encrypted passwords in /etc/passwd, you'll need to remove the second field from each account line, save the file and then create new passwords. Remember that you have to have the account name, colon, x, colon as the first two fields. Then, use passwd to set passwords and tell the users to change 'em (use something like "today28" for an initial user password and insist that they change it to what they want).

If there weren't any encrypted passwords in /etc/passwd, you may be able to fix things by simply using the passwd utility and reset every password on the system (that'll give you a clean /etc/shadow). Set the root password to what you want, set all the user password to "today28" (or whatever) and have you users change that to whatever they want.

I have seen the condition happen one time in over 30 years (from Unix System 3, through Unix SVR4, through Solaris to Linux) -- and that one time was about four years ago. Don't know why, not real sure what caused it, but this is one way to clean it up if you somehow managed to get passwords in /etc/passwd.

You may -- may! -- need to do some editing in your boot loader (I know nothing about GRUB and can't help with that).

Hope this helps some.

Forgot to mention -- you probably do not want to ever do this again, eh?

Last edited by tronayne; 03-01-2013 at 06:06 AM.
 
Old 03-01-2013, 03:06 AM   #3
Randicus Draco Albus
Senior Member
 
Registered: May 2011
Location: Sitting in front of my computer.
Distribution: Debian
Posts: 1,009
Blog Entries: 2

Rep: Reputation: 254Reputation: 254Reputation: 254
Quote:
Originally Posted by Prabhu.Are View Post
I did a test by moving /etc/passwd file to desktop
Why on Earth would you even think of such a thing? The files that are in /, /etc, /bin, /sys, /boot, et cetera, are there for a reason. I do not intend to rub salt in the wound, but before you do any more "testing", I recommend you do some research on the Linux file system and how it relates to shell commands. Otherwise, you will have more "critical situations" in the future.

And good luck sorting this problem out.
 
  


Reply

Tags
passwd, ubuntu 12.04, user actions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving user account to new install of Linux? taylorkh Linux - Newbie 4 05-17-2010 04:14 PM
user can't change user account passwd rcmonroig Linux - Newbie 3 11-09-2009 09:44 PM
Moving user accounts between computers (Something wrong with passwd, shadow, etc.) Lionhard Linux - Software 5 01-18-2008 08:53 PM
Moving passwd file to new server rtcary Linux - Newbie 5 07-20-2005 01:58 AM
Disable passwd change for user account sodhilogin Linux - General 6 09-01-2004 12:43 AM


All times are GMT -5. The time now is 02:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration