Hi Tink,

I think I have a majoy problem here!

I looked around in the various directories (i.e. /home and /usr etc. etc.), I found most of these directories are empty. My biggest worry here is that I have some very important files saved under the /usr direcotry and where did they go?!?

Did these files get deleted by some processes that I am not aware of or is it because I "Linux init=/bin/bash" at Lilo and as a result, Linux hid them on me? I am very worry now, what have I done...

By the way, you asked me to "egrep -A 50 "^root:[^:]+:.*$" /dev/hda1"; after I issued the command, the cursor went away for anout 5 seconds, it then came back with no results... I gues that means it didn't find anything then?

Cheers!

FY

They didn't disappear; they're just not being mounted in your
emergency boot mode.
are invisible.

Tink, thank you, thank you, thank you for that comment. At least I can sleep tonight!!!

If this helps...

http://www.debuntu.org/recover-root-...-mode-and-grub

http://nixcraft.com/linux-software/2...user-mode.html

The operative search term is single user mode.

That needs a fsck I'd say. Toying with it in the interim would likely only cause more problems

Hi syg00,

Thanks for your comment. I have done a "fsck -n -v", here is what it came back with:

root@(none):/# fsck -n -v
fsck 1.37 (21-Mar-2005)
e2fsck 1.37 (21-Mar-2005)
/: clean, 14989/136544 files, 179264/273073 blocks
e2fsck 1.37 (21-Mar-2005)
/home: clean, 28635/8634368 files, 115115294/17261834 blocks
e2fsck 1.37 (21-Mar-2005)
/tmp: clean, 13/192768 files, 32460/393217 blocks
e2fsck 1.37 (21-Mar-2005)
/usr: clean, 110126/610432 files, 583029/1220932 blocks
e2fsck 1.37 (21-Mar-2005)
/var: clean, 11018/366528 files, 82957/732957 blocks
root@(none):/#

Everything seems clean... (I think?)...

Any comments? Thanks!

FY

Hi thorkelljarl, thanks for the links. Unfortunately, those were the first ones I tried but I couldn't even get to the change "passwd" command. My system reports "bash: passwd: command not found" error. Any new thoughts?

Thanks!

FY

As I said in a previous post: you'll need to specify the full path to
passwd or set the PATH environment variable since you're in rescue
mode (single user, init=/bin/bash), and the box knows nothing about
how to FIND those executables.


But given the fact that we hope to restore the shadow file at some
stage it may not be prudent to let loose the passwd command now, since
in the absence of shadow it will put the hash directly into /etc/passwd
which is a MAJOR security risk. passwd needs to be world readable (otherwise
no ordinary users could log in), but if it's world-readable and has the
password hash(es) anyone with access to it could use something like John
the ripper to run a dictionary or brute force password cracking attack.

Is there ANY older backup with an existing shadow file in place available?




Cheers,
Tink

Hi Tink,

Coming from the Windows world, I can appreciate how the PATH variable work - thanks for the clarifications and reminder.

Sorry for not making this clearer in the past. Although there other users on the passwd list (not many, just a handful), none are of them currently works here so there is no problem with them wanting to access the linux box anymore. Further more, only I have physical access to this linux box and, if you want, I can disconnect it from the network within 5 seconds or less. So there should be no worry about John the Ripper coming unexpectedly. Does this help?

I tried looking for a backup copy everywhere, unfortunately, I was unable to do so. (the guys who left is nowhere to be found also...)

Thanks!

FY

Hi Tink,

Is there a way that I can make an image of my hard disk in case I do more things to screw it up further? I read about the dd & dump commands, can they be used? Also, is it possible to mount an external USB drive to copy this image? Thanks!

FY

You could use dd, but it's probably easier to use rsync or even tar (depending
on whether you've mounted the other file-systems manually after logging in,
that is).

Yes, mounting an external USB drive should be no problem as root.

Create a temporary mount-point (e.g. mkdir /tmp/usb).
Plug the USB drive in, look at the output of dmesg after maybe
5 - 10 seconds - you should see a new scsi-disk being detected,
use it's ID in the mount command ...
e.g.
mount -t auto /dev/sda1 /tmp/usb

If the external device is bigger than the built-in HDD you can
actually quite easily then do
dd if-=/dev/hda of=/tmp/usb/server_hd.img bs=4096




Cheers,
Tink

Sorry about the long time between posts, got really busy. Anyways not all pcs use the Function keys to get to bios. Some use ESC or DEL to enter bios. Might need to check out the pc's docs to find out what the combo is to enter bios. My sony vaio uses f11 and f2 one changes the boot order for just that boot, the other goes to bios.

Also I am a big fan of the 5.1 Knoppix, it is a slightly older kernel and still has alot of legacy support which is what I like, plus it comes with a cd image which is smaller. I have not tried v6 yet so no input on it.

Hi murankar, many thanks for your suggestion. And you are right! The key to get into the Bios on my Linux box is the <delete> key! I am now able to boot the Linux box with a Knoppix CD! As such, I am now studying http://linux.suramya.com/tutorials/ResetPassword/ to see if I can reset my password...

Thanks again.

FY