Lost password

rushenas · 09-02-2008, 10:27 PM

Hi all
I have editted the /etc/passwd file, and I have changed the root entry to admin. I've heard that this way I can increase my server security. But now I can't access my server! When I try to login with root, it says access denied. With admin, Linux says:

Code:

Permissions on the password database may be too restrictive.

Access denied

How can I access my system? The server runs SuSE Linux Enterprise Server 10. And I can access it physically.

/usr/darien · 09-02-2008, 10:42 PM

You need to boot into single-user or runlevel 1. Do you know how to change into runlevel 3 during boot? If so, just replace the 3 with a 1. From there, you should be able to fix your problem.

jschiwal · 09-02-2008, 10:44 PM

You want to change it back. You could try logging in as a regular user with "sudo" privileges and undo your changes. I'm assuming that "sudo" will work by changing the "EUID" to 0 regardless of your changes. Or boot up with a rescue disk or live distro; mount the partition with /etc/ on it and edit /etc/passwd as root.

I don't know why changing the name of root would increase security. True that root is a known name, but so is admin. Also, the /etc/passwd file is world readable, and anyone can look at the file and see what you did. ( grep ':0:0:' /etc/passwd )

IMHO, instead, you could restrict root logins to a security terminal (/etc/securetty), make sure the root password is very strong, and disable ssh root logins. You can also restrict what commands sudoers are allowed to perform, such as allowing rvim but not evim. If you run mysql, did you remember to give the root user a password, delete the anonymous user and the "test" database. Did you search your system for all suid programs. Look at every package you have installed. Are they all necessary. When it comes to security, less is more. (less installed is more secure) Learn how SELinux works so you understand it.

Tinkster · 09-03-2008, 04:13 AM

Quote:

Originally Posted by rushenas

Hi all
I have editted the /etc/passwd file, and I have changed the root entry to admin. I've heard that this way I can increase my server security. But now I can't access my server! When I try to login with root, it says access denied. With admin, Linux says:

Code:

Permissions on the password database may be too restrictive.

Access denied

How can I access my system? The server runs SuSE Linux Enterprise Server 10. And I can access it physically.

That would have worked had you also changed
/etc/shadow to use admin instead of root.

As /usr/darien said: try to boot into single-user
mode specifying /bin/bash as your init on the boot
loader prompt (because these days most distros will
prompt you for a password just the same if you just
go 'single'). Or use a live CD to undo the changes.

Cheers,
Tink