I recently shutdown and restarted my server which is part of my regular maintenance routine. However, the X server gave me "Login Failed" when I attempted to log back in as root. So I attempted to login to my user account and I was successful. My user account doesn't have superuser access however. It seems that the root password has been changed somehow. Thats the only way I can see how the root login would fail.

The root login fails across the board. That means that no matter where the login is attempted from (X server, failsafe mode or a su command from an existing session. etc) it always fails.

So I got my installation disk and ran "Rescue". Rescue logged me in as root without the need for password authentication. So through Rescue I was able to access the root account. Once I was in, I ran the "passwd" command at the "#" prompt. I figured that I had repaired the password problem so I logged out and tried to start the X server again. I got "Login Failed" once again. Root logins continue to fail in the other places I've mentioned as well,

It's as if my password reset didn't take. What must I do? Please help.

Thanks

Well, I'm not sure how your rescue works, but it's possible you needed to 'chroot' into your installation. From rescue, can you see /etc/passwd with all the proper accounts?

Also, why are you logging in to X as root?

The rescue disk would only deal with the cd unless as mentioned above you chrooted to your installation. You can boot up in single mode which loads up the root prompt straight away, which from there you could
I think you do this by adding the work 'single' to your bootup line
eg


fantastic instructions for chrooting are within the Gentoo installation guide.

'single' very often requires the root password (at least on my boxes it does)

Hi Matir, I think you are right. I was about to try it then. Do you know of what needs to go into that line to start as root without logging in? I have read this previously, but when I need to find the reference........

Here is a quick one. May help you out!

Bootloader Recovery

In a well-secured box, you should not be able to get in without the root password.

Try the rescue cd again and try chrooting in if it does not automatically do so.

Yes /etc/password is there with the accounts inside. My rescue is on the OS installation CD. It simply lets me login through a shell in character mode. Once rescue is initialized it prompts me to login. If I use the userid root then rescue skips the password prompt and lets me in. From there I can do root level maintenance.

I normally close all my ports except for http on port 80 and 8080. I have 443 open for an SSL secure server. The DNS port is open as well. Other services are turned off to reduce the exposure of the server to malicious usage. I guess I should not be using root in X. Naughty me!

Nevertheless, I should think that once rescue allowed me to login as root, that I should be able to reset the password. Since the password reset didn't work, this leads me to think that there is something wrong with the OS. So what should I try next?

SUSE 8.0

Thanks

It could be an issue with pam or something like that.

To make sure the password change works, try "cat /etc/shadow | grep root" before and after doing a 'passwd' and make sure it is different.

This should be easy with a rescue CD, for example when I've had to do it with the Redhat machines here it mounts their / paritions under /mnt/sysimage, so:

Now copy the password hash from your working user's login to the root login, reboot and login as root with your users password.

or

Right now it feels like a malfunction, not a hack. What does /var/log/messages say?

/var/log/messages says the following:

[current date] Rescue Syslogd 1.4.1: Restart.
[current date] Rescue Kernel: klogd 1.4.1, log source = /proc/kmsg started
[current date] Rescue Kernel: Cannot find map file
[current date] Rescur Kernel: Loaded 260 symbols from 13 modules


Line three is the only thing that look interesting to me. Does this suggest the problem?

Thanks

I'm not familiar with that particular message, but the sound of it isn't making me shriek in terror. A quick advanced-search of Google for the phrase says, e.g... This does not sound like an issue that is terribly earth-shattering, nor one that has direct relevance to your immediate problem.

You should find several previous "messages" files in /var/log and you should review them all. When the system started "going south," log-file entries should have been created at that time which should suggest the nature of the problem.

You know what? I think I should just take my application and user acct backups and reinstall the OS. The OS resides on its own device. It mostly contains my user acct and software that I have installed like the JDK. I can download that stuff any time. My server apps reside on a separate physical device (IDE RAID 5).

If I reinstall the OS then that should not impact the RAID device right? I mean after the reinstall the OS should still be able to mount the RAID if it was untouched right? The RAID is where most of the important stuff resides. Not on the boot partition.

Thanks

I think you'd be better off trying to figure out what's wrong. "Reinstalling the operating system" seems like a knee-jerk sort of response, and one that may not actually work if the problem turns out to be some glitch, either in the filesystem or in some configuration-file that a "reinstall" won't replace.