| View previous topic :: View next topic |
| Author |
Message |
SiKing
n00b
Joined: 05 Mar 2007
Posts: 23
Location: California
|
 Posted: Mon Apr 30, 2007 8:28 am Post subject: [SOLVED] Help, I messed up -> root password |
 |
|
Hi all,
I installed a new Gentoo box, and after rebooting the first time and trying to log in it told me that I am giving it the wrong root password!?!?
I thought I could changed it with:
reboot with the CD (I am using Knoppix, BTW)
remount the partitions
chroot
passwd
I was expecting that when I tried to change the password this way, it would ask me for the "old" one, but not so. After changing it, and rebooting again, still nothing.
Any guess what I could have done wrong? Do I have any hope of fixing this?
I suspect the answer is no, in which case I have to reinstall the system, right? 
TIA.
Last edited by SiKing on Tue May 01, 2007 2:52 pm; edited 1 time in total |
|
| Back to top |
|
 |
elgato319
Guru
Joined: 15 Sep 2005
Posts: 536
|
| Posted: Mon Apr 30, 2007 8:39 am Post subject: |
|
|
I did this a couple of times (cd-boot with gentoo cd, chroot, passwd). Worked flawlessly so far.
did you try to add a new user and log in with this user, than use "su" to become root |
|
| Back to top |
|
|
JeroenV
Guru
Joined: 16 Jul 2002
Posts: 446
Location: Amsterdam / Hamburg
|
| Posted: Mon Apr 30, 2007 8:45 am Post subject: |
|
|
assuming that indeed there's nothing wrong with your mounting and chrooting, maybe you could check the systemlogs for more info.
(i.e. that means:
1) boot normally
2) do your (failed) login attempts
3) reboot with live CD and chroot
4) check the syslog that was written during (2)
Another possibility is that there's something wrong with e.g. pam (you could try remerging and etc-updating it in your chroot and then reset your password again)
_________________
Cheers 
Jeroen
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
May The Source be with you! |
|
| Back to top |
|
|
SiKing
n00b
Joined: 05 Mar 2007
Posts: 23
Location: California
|
| Posted: Mon Apr 30, 2007 10:19 am Post subject: |
|
|
| elgato319 wrote: | | I did this a couple of times (cd-boot with gentoo cd, chroot, passwd). Worked flawlessly so far. |
Am I correct, that every time you run passwd, it should ask you for the "old" password? In my case it does not - if I were able to change the root password this easily, that would seem like a security hole to me, therefore I suspect that something has gone wrong. Just no idea what.
Actually now that I think about it, I think I forgot to set the root password during the install. Am I correct that empty root password is not allowed? Is there some default if you forget to change / set it?
| elgato319 wrote: | | did you try to add a new user and log in with this user, than use "su" to become root |
Yes, it wants the root password in order to su. I even created the user with useradd -g 0 (from the chrooted environment), then then tried passwd root from that user account. No good. At least I feel pretty confident that the box is pretty hacker-proof. :p |
|
| Back to top |
|
|
SiKing
n00b
Joined: 05 Mar 2007
Posts: 23
Location: California
|
| Posted: Mon Apr 30, 2007 10:38 am Post subject: |
|
|
| JeroenV wrote: | assuming that indeed there's nothing wrong with your mounting and chrooting, maybe you could check the systemlogs for more info.
(i.e. that means:
1) boot normally
2) do your (failed) login attempts
3) reboot with live CD and chroot
4) check the syslog that was written during (2)
Another possibility is that there's something wrong with e.g. pam (you could try remerging and etc-updating it in your chroot and then reset your password again) |
| Code: | Apr 30 08:17:54 thetao login(pam_unix)[5348]: authentication failure; logname= uid=0 euid=0 tty=tty1 ruser= rhost= user=root
Apr 30 08:17:57 thetao login[5348]: FAILED LOGIN (1) on `tty1' FOR `root', Authentication failure
Apr 30 08:18:05 thetao login[5348]: FAILED LOGIN (2) on `tty1' FOR `root', Authentication failure
Apr 30 08:18:23 thetao login[5348]: TOO MANY LOGIN TRIES (3) on `tty1' FOR `root'
Apr 30 08:18:23 thetao login(pam_unix)[5348]: session closed for user root
Apr 30 08:18:23 thetao login[5348]: PAM pam_putenv: delete non-existent entry; MAIL |
How the !"$"!£%!$ did that happen? |
|
| Back to top |
|
|
Karsten from Berlin
Guru
Joined: 28 Feb 2004
Posts: 436
Location: Berlin/Germany
|
| Posted: Mon Apr 30, 2007 12:38 pm Post subject: |
|
|
If passwd is called from user root, it never asks for the old password.
Why? Because...
...a system admin in a company has to change a forgotten user's password without to know the old password.
...root is allowed to do everything, even to change his own password.
...a server in my company has switched off the possibility to boot from cdrom and a password locked bios (although someone with physical access can go around this and flash the bios; but see next point...)
...a company's server is in a locked server room, behind the door of a locked server case. Only authorized personal has the keys.
...ssh-connections are only allowed as normal user with ssh-keys with secure passwords. Every admin has it's own key-pair. ssh as root is switched off.
So you're right, in a "normal" private setup, where your box is in your living-room, it's a security risc (not a whole, because it's wanted) to be able to boot with a live-cd, chroot and change the password. But in company's it is not. There are some more obstacles to overcome before a cracker/hacker/intruder can change the password.
_________________
Heaven: The police are British, the chefs Italian, the mechanics German, the lovers French and it's organized by the Swiss.
Hell: The police are German, the chefs British, the mechanics French, the lovers Swiss and it's organized by the Italians. |
|
| Back to top |
|
|
JeroenV
Guru
Joined: 16 Jul 2002
Posts: 446
Location: Amsterdam / Hamburg
|
| Posted: Mon Apr 30, 2007 2:11 pm Post subject: |
|
|
| Quote: | | How the !"$"!£%!$ did that happen? |
Eh, what? I just see a confirmation of what you already said, i.e. that your login fails, probably the same you see when you enter a wrong password 
Maybe you could do more logging to find the cause of the problem, which as I see it could be either
1) the password is not changed when you try to
2) the password is not correctly retrieved during authentication
3) both of the above
When I change my root-pass I see this:
| Code: |
Apr 30 21:03:14 ahorn passwd(pam_unix)[30531]: password changed for root
|
so you could first check if you do too
And maybe there are options possible to set pam logging more verbose
I would remerge pam anyway, it doesn't harm you and just might help if you get really lucky 
I suppose that your /etc/passwd does contain
| Code: |
root:x:0:0:root:/root:/bin/bash
|
(otherwise something really got screwed up)
*or*: did you by any chance fiddle with /etc/nsswitch.conf
_________________
Cheers
Jeroen
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
May The Source be with you! |
|
| Back to top |
|
|
kernelOfTruth
Veteran
Joined: 20 Dec 2005
Posts: 3722
Location: Vienna, Austria; Germany; hello world :)
|
|
| Back to top |
|
|
Code_Man65
n00b
Joined: 15 Jul 2004
Posts: 16
|
| Posted: Tue May 01, 2007 2:17 pm Post subject: |
|
|
Here is an easier way to change the root password
When GRUB loads hit e on the kernel you boot on, edit the kernel line and add single to the end
For example:
/TestKernel single
That will boot the system in single user mode (where you are root by default) and you can change the password that way. |
|
| Back to top |
|
|
SiKing
n00b
Joined: 05 Mar 2007
Posts: 23
Location: California
|
| Posted: Tue May 01, 2007 2:50 pm Post subject: |
|
|
| kernelOfTruth wrote: | | make sure you have the right keymaps set up in /etc/conf.d/keymaps |
Oh my gawd, I feel so stupid. 
But thanx everyone else for the ideas, at least I learned some new stuff. |
|
| Back to top |
|
|
kernelOfTruth
Veteran
Joined: 20 Dec 2005
Posts: 3722
Location: Vienna, Austria; Germany; hello world :)
|
|
| Back to top |
|
|
|
Installing Gentoo
