Hi Everyone,

I am using SuSe Linux enterprise server 10 as a telephony server. I was doing some activity on the server. I don't know what happened, root user got deleted on the system. Now if I am trying to login through root it is saying root user does not exist. If I am trying to do "sudo" it is saying root user does not exist. Even the home directory of root(/root) is not there anymore. Can I get it back somehow, can someone help me with that.


Thanks

Hi,

have a look at /etc/passwd

you can even paste it here, there is no password there

No idea, since you don't say what the "some activity" you were doing was. If you don't have a root user, you won't be able to edit secure files like /etc/passwd.

You're using Suse Enterprise...which means you're paying for support from Novell, so I'd call them. You can also boot from CD/DVD, go into rescue mode, mount your hard drive, and edit the /etc/passwd and /etc/shadow files from there, taking those lines from the files on the rescue DVD. Pay VERY close attention to file permissions, and also recreate the users /root home directory. Then try to log in again. Your only other choice is to reload the system from backups, but even that may not work...lots of things depend on the root user being there and having permissions...your backup utility may be one.

1 members found this post helpful.

Hi Guys,

Thanks for your reply.

The server is SLES10 and a telephony server application is running on it. Aastra technologies provides this whole setup. So I can not go to Novell, I will have to go to Aastra. But the server is not in production, it's a lab machine and running on trial license, so even aastra can not help me. Moreover I am sitting in Delhi, India and server is lying in Stockholm, Sweden, So I can not put a recovery DVD in it. I can only access it via ssh.
When I met with the problem, I was installing the application provided by aastra, but it got stuck. So I killed the two processes running by this application (using kill -9) and restarted the server. Guess what happened I can not find root user anymore.

/etc/passwd and /etc/shadow both files are there. I can get into passwd but not in the shadow with current user. I can see in passwd file "root" line is not there. Can I get get something by editing this file.


Thanks.

May be I am missing a point, but if this is a lab machine on a testing license, not a production machine, why do you actually care? Just re-install the system (not mentioning to just restore your backup) and try it again.

Hi,

You are not getting the point. This is a Lab machine, but I can not reinstall the linux because I am not in front of the machine, it is lying in Stockholm and I am sitting in Delhi. To reinstall the machine I have to be physically available in front of the machine.

I have edited the /etc/passwd file now and added the root user line. Now If I am doing "su" it is asking for password but it is not taking the password because I can not get into the /etc/shadow and from shadow file it takes the password.

Can we do something about it. Can I edit something in passwd file so it won't ask for password anymore.

Thanks

init=/bin/bash and you got your root access.

put in /etc/passwd file
root:x:0:0:root:/root:/bin/bash

and in /etc/group
root:x:0:root


and save it.

I tried it but not working. it is saying "incorrect password". When the user got deleted password details from /etc/shadows must have got deleted at the same time. So it is not able to access the password I guess.

Any other idea!

You need a proper line in /etc/shadow too. Either create/copy a hash value from another line therein from which you know the password (and as you can log in there it should be possible), or set it to an empty one. In the latter case it might be necessary to set in one of the PAM files to allow empty passwords:

Hi

Sorry, I didn't understand. Can you elaborate it a bit. I am not an expert of Linux.

Well, we've been very clear...what don't you understand? You deleted the root user...you now have NO PERMISSIONS to edit those files. Your only choices remain:

• Boot from CD/DVD, mount the hard drive manually and edit the files
• Restore things from your backups
• Reboot the system into single-user mode, and HOPE that you have root access to edit the files

Doesn't get much simpler than that. Also, above, it was suggested that you use "init=/bin/bash"...did you try that? You already KNOW you can't edit that file with the system booted. You are going to HAVE TO take other action, period. Doesn't matter where you are, or where the server is...YOU are the administrator, and it's up to YOU to make it right. You've been given the options how...it's up to you to figure out which is best for you, and make them work.