Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi all
I have editted the /etc/passwd file, and I have changed the root entry to admin. I've heard that this way I can increase my server security. But now I can't access my server! When I try to login with root, it says access denied. With admin, Linux says:
Code:
Permissions on the password database may be too restrictive.
Access denied
How can I access my system? The server runs SuSE Linux Enterprise Server 10. And I can access it physically.
Distribution: RHEL 4/5, Fedora 6-9, SuSE 10.1-11, Open Solaris 10.8, WinXP,2003,Vista
Posts: 59
Rep:
You need to boot into single-user or runlevel 1. Do you know how to change into runlevel 3 during boot? If so, just replace the 3 with a 1. From there, you should be able to fix your problem.
You want to change it back. You could try logging in as a regular user with "sudo" privileges and undo your changes. I'm assuming that "sudo" will work by changing the "EUID" to 0 regardless of your changes. Or boot up with a rescue disk or live distro; mount the partition with /etc/ on it and edit /etc/passwd as root.
I don't know why changing the name of root would increase security. True that root is a known name, but so is admin. Also, the /etc/passwd file is world readable, and anyone can look at the file and see what you did. ( grep ':0:0:' /etc/passwd )
IMHO, instead, you could restrict root logins to a security terminal (/etc/securetty), make sure the root password is very strong, and disable ssh root logins. You can also restrict what commands sudoers are allowed to perform, such as allowing rvim but not evim. If you run mysql, did you remember to give the root user a password, delete the anonymous user and the "test" database. Did you search your system for all suid programs. Look at every package you have installed. Are they all necessary. When it comes to security, less is more. (less installed is more secure) Learn how SELinux works so you understand it.
Hi all
I have editted the /etc/passwd file, and I have changed the root entry to admin. I've heard that this way I can increase my server security. But now I can't access my server! When I try to login with root, it says access denied. With admin, Linux says:
Code:
Permissions on the password database may be too restrictive.
Access denied
How can I access my system? The server runs SuSE Linux Enterprise Server 10. And I can access it physically.
That would have worked had you also changed
/etc/shadow to use admin instead of root.
As /usr/darien said: try to boot into single-user
mode specifying /bin/bash as your init on the boot
loader prompt (because these days most distros will
prompt you for a password just the same if you just
go 'single'). Or use a live CD to undo the changes.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.