Fedora11 root password changing automatically ,
not able to login as a root.

One word : rootkit.
Other option : you're not the only Root in the system and someone "bugs" you...
Passwords do not change like that, someone changes passwords. Had the very same issue with a colleague...

I suspect someone in your organisation to sabotage you.

Of course, distilling that from what meager details you provided.

If this does not answer your question, expand with more details so we can help further if need be.

Thor

Is this a server or your home computer ?
Static or Dynamic Ip address ?
Have you changed anything recently or installed new software ?
Have you checked your logs for suspicious activity ?
Has anything been altered apart from the root password ?

We need as much information as possible to help, as this could be a serious problem for you.

Are you yourself a 'sudoer' ?
If you are quickly do a sudo passwd root and take the machine offline, its highly possible that if your root password is changing you've been cracked.

no it is a home computer,
I am added in a sudoer file , still it is not taking passwd, when m trying sudo.

Also , i have reset passwd in the shadow file, means , i stated passwd for root as '*' in the shadower file, & then changed the root passwd from runlevel 1, still it is not logging as root, "Authentication failed" !!!

So you cant even use sudo ? I'm guessing you cant use sudo anymore because you've been wiped off the sudoers file and the root password has been changed.

I would say someone has definitely cracked your machine. Was it up to date with a firewall ? Well doesn't matter now anyway...... If i were you, i would definitely take your machine offline right now (if you haven't already done so) i would then chroot the machine and change the password. You could then get log files, but i doubt they would be there anymore, most probably wiped into cyber oblivion.

Another option would be to chroot and copy all the important files and wipe the system.

Sorry to be the bearer of bad news.
Dont worry though - i became part of Chinese botnet once !!!!

Wait.
So, you are allowed to use sudo? Does your sudo authentication work? It requires your password, not the root's one. (That's one of more differences between su and sudo).
Also, does the password change more times automatically, or just once after your change?

Now, in case that sudo does not work, to regain root access, you can try this:

1. Disable network on machine (the best approach is to plug out network cable).
2. Check root's password hash in shadow file.
3. Change root's password to something simple.
4. Did hash change? Can you log in now?

5. If not, try to encrypt your password the system way by yourself, and compare it with the hash in shadow file. Do they match?

As other stated, it is possible that there is another root person at that computer (possibly just trying to figure out what is happening to root password). Rootkit/&etc is also possible. The bad thing is, that if it's really something like that, you can't trust what you see. Try booting different kernel then.


Skyer

Trinity Rescue Kit includes rootkit hunters.

http://trinityhome.org/Home/index.ph...g=en&locale=en

TRK is designed primarily for Windows, but the rootkit hunters should also work on Linux.

Look into the /etc/passwd file, what other users have root rights, you could for startersd wipe that line...

Just rambling...