Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently shutdown and restarted my server which is part of my regular maintenance routine. However, the X server gave me "Login Failed" when I attempted to log back in as root. So I attempted to login to my user account and I was successful. My user account doesn't have superuser access however. It seems that the root password has been changed somehow. Thats the only way I can see how the root login would fail.
The root login fails across the board. That means that no matter where the login is attempted from (X server, failsafe mode or a su command from an existing session. etc) it always fails.
So I got my installation disk and ran "Rescue". Rescue logged me in as root without the need for password authentication. So through Rescue I was able to access the root account. Once I was in, I ran the "passwd" command at the "#" prompt. I figured that I had repaired the password problem so I logged out and tried to start the X server again. I got "Login Failed" once again. Root logins continue to fail in the other places I've mentioned as well,
It's as if my password reset didn't take. What must I do? Please help.
Well, I'm not sure how your rescue works, but it's possible you needed to 'chroot' into your installation. From rescue, can you see /etc/passwd with all the proper accounts?
The rescue disk would only deal with the cd unless as mentioned above you chrooted to your installation. You can boot up in single mode which loads up the root prompt straight away, which from there you could
Code:
passwd
I think you do this by adding the work 'single' to your bootup line
eg
Code:
# (2) Slackware 10.1
title Slackware 10.1 single
root (hd0,0)
kernel (hd0,0)/vmlinuz-2.6.11.10-ev1 vga=0x317 root=/dev/hda5 devfs=nomount ro splash=verbose single
fantastic instructions for chrooting are within the Gentoo installation guide.
Last edited by aikidoist72; 07-27-2005 at 12:30 AM.
Hi Matir, I think you are right. I was about to try it then. Do you know of what needs to go into that line to start as root without logging in? I have read this previously, but when I need to find the reference........
Yes /etc/password is there with the accounts inside. My rescue is on the OS installation CD. It simply lets me login through a shell in character mode. Once rescue is initialized it prompts me to login. If I use the userid root then rescue skips the password prompt and lets me in. From there I can do root level maintenance.
I normally close all my ports except for http on port 80 and 8080. I have 443 open for an SSL secure server. The DNS port is open as well. Other services are turned off to reduce the exposure of the server to malicious usage. I guess I should not be using root in X. Naughty me!
Nevertheless, I should think that once rescue allowed me to login as root, that I should be able to reset the password. Since the password reset didn't work, this leads me to think that there is something wrong with the OS. So what should I try next?
This should be easy with a rescue CD, for example when I've had to do it with the Redhat machines here it mounts their / paritions under /mnt/sysimage, so:
Code:
vi /mnt/sysimage/etc/shadow
Now copy the password hash from your working user's login to the root login, reboot and login as root with your users password.
I'm not familiar with that particular message, but the sound of it isn't making me shriek in terror. A quick advanced-search of Google for the phrase says, e.g...
Quote:
You should expect "ls -l /boot" to show the file, System.map, as a symbolic link to some other file that exists. For example, on my computer I see "... System.map -> System.map-2.4.9-21smp". Perhaps you either lack an analogous link, or the file to which the symbolic link points doesn't exist. (citation: https://www.redhat.com/archives/redh.../msg00286.html)
This does not sound like an issue that is terribly earth-shattering, nor one that has direct relevance to your immediate problem.
You should find several previous "messages" files in /var/log and you should review them all. When the system started "going south," log-file entries should have been created at that time which should suggest the nature of the problem.
Last edited by sundialsvcs; 07-27-2005 at 06:04 PM.
You know what? I think I should just take my application and user acct backups and reinstall the OS. The OS resides on its own device. It mostly contains my user acct and software that I have installed like the JDK. I can download that stuff any time. My server apps reside on a separate physical device (IDE RAID 5).
If I reinstall the OS then that should not impact the RAID device right? I mean after the reinstall the OS should still be able to mount the RAID if it was untouched right? The RAID is where most of the important stuff resides. Not on the boot partition.
I think you'd be better off trying to figure out what's wrong. "Reinstalling the operating system" seems like a knee-jerk sort of response, and one that may not actually work if the problem turns out to be some glitch, either in the filesystem or in some configuration-file that a "reinstall" won't replace.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.