SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
still looks awkward to me - first you can mount it from Knoppix - and now suddenly the filesystem is not supported anymore? With the same CD? Not possible!
And yes - it should be the same - but then at least I had to assume instead of knowing how this one works.
-edit-
and knoppix does not need to be slow on you - just boot it without the graphics into text mode
F1 F2 F3 on boot explains what boot-options to specify to do this - you will save the time it takes to load all the Graphics stuff we do not even need here
Distribution: Debian AMD 64 Testing, Sabayon Linux x86-64 3.4, and Ubuntu AMD 64 7.04
Posts: 235
Original Poster
Rep:
Quote:
Originally Posted by jomen
still looks awkward to me - first you can mount it from Knoppix - and now suddenly the filesystem is not supported anymore? With the same CD? Not possible!
And yes - it should be the same - but then at least I had to assume instead of knowing how this one works.
-edit-
and knoppix does not need to be slow on you - just boot it without the graphics into text mode
F1 F2 F3 on boot explains what boot-options to specify to do this - you will save the time it takes to load all the Graphics stuff we do not even need here
I don't think that's possible either. However I used the Sys Res CD to do the same thing and the files 'passwd' and 'shadow' were edited as I had done from console in Knoppix:
passwd & passwd.YaST2save:
root::0:0:root:/root:/bin/bash
and in shadow & shadow.YaST2save:
root::::::::
I then executed:
chroot /mnt/suse /bin/bash
and I was able to successfully change or reset my root PW w/ 'passwd root. Nothing has yet changed in suse. I think I know why. The link I've been following to edit these files is designed to solve a problem by allowing one to login into suse as root without PW. I can't do that. I think if I go back and check w/ sys res cd I'll find passed is same but shadow now has encrypted values as a set a new PW. I think I need to add the x back into passwd so it will ask for my PW. I'll try that and let you know.
Distribution: Debian AMD 64 Testing, Sabayon Linux x86-64 3.4, and Ubuntu AMD 64 7.04
Posts: 235
Original Poster
Rep:
Ok, now that, doing what I said I would do in the above post did something. By adding x to passwd and passwd.YaST2save the system will now ask for a pw. Then I get the original error, from terminal:
kkkkkk@mmmmmm:~> su -
Password:
Permissions on the password database may be too restrictive.
su: incorrect password
From the YaST gui:
Incorrect Password
I think the problem is a permissions problem not a password problem from the line in terminal:
Permissions on the password database may be too restrictive.
Now the question is being a noob I don't know what to do yet???
Permission-problems are not existent for root!
But you cannot get root.
And this is a problem which has to do how the password is checked and verified.
We tried to solve the issue by deleting it - but suse seems to have implemented additional ways...
Quote:
I then executed:
chroot /mnt/suse /bin/bash
and I was able to successfully change or reset my root PW w/ 'passwd root
That would indicate that it worked as was to be expected - kill the password - get into the system and set a new one and no error.
Quote:
I have done these same steps before when I DID chroot /mnt/suse and set new root password. It made no difference when I logged into suse. I get same error messages either way.
that would lead me to the next suggeston I made:
renaming passwd.YaST2save and shadow.YaST2save
other than that - I have NO idea.
Suse must have a password database stored somewhere else and because of the change you did it is (at least not only) using the usual candidates but another set of files additionaly - and the above mentioned look as they would fit this description...
something to add:
The x in /etc/passwd is only there if you use shadow-passwords - in that case the encrypted password is in /etc/shadow
It is also possible to set up a system without the use of shadowed passwords - in that case /etc/shadow would not exist and the passwords were stored in encrypted form in /etc/password
Because you use shadowed passwords you need to edit BOTH files to achieve what you want - an empty password - leaving the x in /etc/passwd indicates: there is a password - look into /etc/shadow - but there is none ... only more confusion...
Distribution: Debian AMD 64 Testing, Sabayon Linux x86-64 3.4, and Ubuntu AMD 64 7.04
Posts: 235
Original Poster
Rep:
Quote:
Originally Posted by jomen
Permission-problems are not existent for root!
But you cannot get root.
And this is a problem which has to do how the password is checked and verified.
We tried to solve the issue by deleting it - but suse seems to have implemented additional ways...
That would indicate that it worked as was to be expected - kill the password - get into the system and set a new one and no error.
that would lead me to the next suggeston I made:
renaming passwd.YaST2save and shadow.YaST2save
other than that - I have NO idea.
Suse must have a password database stored somewhere else and because of the change you did it is (at least not only) using the usual candidates but another set of files additionaly - and the above mentioned look as they would fit this description...
something to add:
The x in /etc/passwd is only there if you use shadow-passwords - in that case the encrypted password is in /etc/shadow
It is also possible to set up a system without the use of shadowed passwords - in that case /etc/shadow would not exist and the passwords were stored in encrypted form in /etc/password
Because you use shadowed passwords you need to edit BOTH files to achieve what you want - an empty password - leaving the x in /etc/passwd indicates: there is a password - look into /etc/shadow - but there is none ... only more confusion...
I have renamed /etc/passwd.YaST2save and /etc/shadow.YaST2save and that didn't help either. As to the last paragraph I certainly have learned a lot through this exercise. Unfortunatly I haven't corrected my problem. Using Midnight Commander to edit files is slicker than "molybdenum"!
Distribution: Debian AMD 64 Testing, Sabayon Linux x86-64 3.4, and Ubuntu AMD 64 7.04
Posts: 235
Original Poster
Rep:
Ok, here's the deal. I think. Somewhere in Suse in some file there are 'permissions' that are set to 1 of 3 settings:
easy
secure
paranoid
I set it to paranoid and now I can't gain root access in Suse. So I need to use 'System Rescue CD' to find that file and change that setting. I'm a bleepin newbie so I need help. I just was there and looking around but haven't figured out where or what to do. Send Help!
This setting you changed through Yast2 (by using it...).
If it is as simple as changing some enty in a file from "paranoid" back to "secure" or "easy" then search for it.
mc can search for you for this expression in any file in any directory or even the whole filesystem (F9 -> command -> find file)
I doubt that it is that easy - but would be nice in this case. I suspect that yast uses some database to store the settings - you cannot just change that like a normal config-file.
Just try.
One more thing - do you have important data on that machine?
If it was just an experiment to see how things work - the point to throw in the towel and just reinstall would now really be reached for me. It would take half an hour and everything is back in order.
You can even back up some config-files which would take you some time to get right from scratch again before you do that...
Distribution: Debian AMD 64 Testing, Sabayon Linux x86-64 3.4, and Ubuntu AMD 64 7.04
Posts: 235
Original Poster
Rep:
I spoke to soon. Adding root and username to wheel group allowed me to login as root and change setting in '>YaST2>Security>Local' from paranoid to secure. I now have root access in Suse. Problem solved as per suggestion #2 below. This came from Lugoj.org [Linux Users Group of Jackson, Mississippi, USA]
Thanks especially jomen and pjvaldez for the help. Learned a lot. Suse users don't be "paranoid". I need to run mc and see if I can find how/where to change the same setting that way.
Jared Breland wrote:
> I can offer two suggestions, though I don't believe I've ever seen that
> error message, so I'm not certain if they'll work.
>
> 1. Make sure that your regular user can read /etc/passwd. If not, as root
> run 'chmod 644 /etc/passwd'. There may be a better way of doing this to
> allow the end-user to access passwd through su but not read it directly, but
> this will at least help with troubleshooting.
>
> 2. Some distros only allow users in the wheel group to use su. As root run
> vigr, find the wheel group, then append your username to the end of that
> line (prepend a comma if root's already listed there)
>
> --
> Jared Breland
that is a lot better and easier than my suggestion of a reinstall of course...and thats why I insisted that you should log in as root from a console (CTRL+ALT+F1...) and not "su" to root from a terminal while being logged in as a "normal" user - I'm glad it is fixed finally!
(I could not read this file because I'm not running suse...)
Distribution: Debian AMD 64 Testing, Sabayon Linux x86-64 3.4, and Ubuntu AMD 64 7.04
Posts: 235
Original Poster
Rep:
Quote:
Originally Posted by jomen
that is a lot better and easier than my suggestion of a reinstall of course...and thats why I insisted that you should log in as root from a console (CTRL+ALT+F1...) and not "su" to root from a terminal while being logged in as a "normal" user - I'm glad it is fixed finally!
(I could not read this file because I'm not running suse...)
Thanks, I appreciate the help. Learned a lot which is at LEAST equally important to solving the problem.
I did this but with SUSE recovery instead of Knoppix. It took passwd root ok and accepted my new password, but then when I rebooted and tried to log in as root it never let me enter a password in, it just said right away "Authentication failed. Letter must be typed in the correct case."
In /etc/passwd my root entry is:
Code:
root::0:0:root:/root:/bin/bash
Quote:
Originally Posted by jomen
Boot Knoppix CTRL+ALT+1 (does not have to be 1 - any number between 1 and 6 will do) takes you to a console (just a command-line)
where you already are logged in as root
Is /dev/hda2 your partition? which filesystem is it? Lets find out.
type cfdisk - and you see the partitions on that disk along with the filesystem-type
"q" (without the qoutes) ends the program and gets you back where you were
type mount - to see if the partition is already mounted - if it is - unmount it (because we need to be sure it is mounted readable and writable)
umount /mnt/_mountpoint_ (substitute this for the real one...)
make a mount-point e.g. mkdir /mnt/suse
then mount the partiton: mount -t reiserfs /dev/hda2 /mnt/suse
(replace the filesystem-type with the real one - this is an assumption - but suse uses reiserfs as the standard...)
Then you can make it easy on you - use mc to navigate and edit - you will figure it out - F4 on a file opens an editor with that file loaded - its easier than vi ...
Code:
cd /mnt/suse
mc
go to /etc and look into the files: passwd shadow securetty passwd has an x for the password between the first two columns - take it out - there need to be two columns with no space or other caracter between them after the user name root shadow has the encrypted password there - take it out - the same as above
look into: securetty
NOW there IS NO password anymore - and now you can do: chroot /mnt/suse /bin/bash
and then: passwd root
and set a new one
I'm pretty new too and suggestion 2 doesn't compute (as in I have no clue how do this). anyone able to give me a step by step?
Quote:
Originally Posted by Red Knuckles
I spoke to soon. Adding root and username to wheel group allowed me to login as root and change setting in '>YaST2>Security>Local' from paranoid to secure. I now have root access in Suse. Problem solved as per suggestion #2 below. This came from Lugoj.org [Linux Users Group of Jackson, Mississippi, USA]
Thanks especially jomen and pjvaldez for the help. Learned a lot. Suse users don't be "paranoid". I need to run mc and see if I can find how/where to change the same setting that way.
Jared Breland wrote:
> I can offer two suggestions, though I don't believe I've ever seen that
> error message, so I'm not certain if they'll work.
>
> 1. Make sure that your regular user can read /etc/passwd. If not, as root
> run 'chmod 644 /etc/passwd'. There may be a better way of doing this to
> allow the end-user to access passwd through su but not read it directly, but
> this will at least help with troubleshooting.
>
> 2. Some distros only allow users in the wheel group to use su. As root run
> vigr, find the wheel group, then append your username to the end of that
> line (prepend a comma if root's already listed there)
>
> --
> Jared Breland
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.