View previous topic :: View next topic |
Author |
Message |
IvanZD Apprentice
Joined: 04 Jul 2005 Posts: 166
|
Posted: Mon May 24, 2010 8:27 am Post subject: Root password suddenly refused |
|
|
Hello.
2 days after install, I tried to su, and system refused my root password. Then I tried login to Ctrl-Alt-F2 console as root, again no luck. I'm pretty sure I remember my password and there were nothing like CapsLock on. Also, the system is not hacked.
OK I booted again livecd and fixed root pass, but... the question is, how that happened? This is not my machine but I install it for friend, and he is not very good with linux.. what if system lock him out tomorrow without any apparent reason?
Thx _________________ http://www.meteoadriatic.net/ |
|
Back to top |
|
|
bendeguz Apprentice
Joined: 10 Feb 2010 Posts: 189
|
Posted: Mon May 24, 2010 9:54 am Post subject: |
|
|
maybe something happened with the keyboard layout? |
|
Back to top |
|
|
IvanZD Apprentice
Joined: 04 Jul 2005 Posts: 166
|
Posted: Mon May 24, 2010 10:18 am Post subject: |
|
|
No, I checked that by typing password instead of "root" at login... _________________ http://www.meteoadriatic.net/ |
|
Back to top |
|
|
phajdan.jr Retired Dev
Joined: 23 Mar 2006 Posts: 1777 Location: Poland
|
Posted: Mon May 24, 2010 11:36 am Post subject: |
|
|
If you have captured /etc/shadow from before the breakage, it would be interesting to compare it to the one after the password has been reset. One thing that might cause things like that is a hash format change. _________________ http://phajdan-jr.blogspot.com/ |
|
Back to top |
|
|
IvanZD Apprentice
Joined: 04 Jul 2005 Posts: 166
|
Posted: Mon May 24, 2010 11:52 am Post subject: |
|
|
Thx.. I forgot to save old shadow file, yes it would be interesting to investigate. I did some emerges though... then powered down computer, and tomorrow morning didn't worked root pass... will see if this will happen again, thanks anyway. _________________ http://www.meteoadriatic.net/ |
|
Back to top |
|
|
phajdan.jr Retired Dev
Joined: 23 Mar 2006 Posts: 1777 Location: Poland
|
Posted: Mon May 24, 2010 12:14 pm Post subject: |
|
|
IvanZD wrote: | Thx.. I forgot to save old shadow file, yes it would be interesting to investigate. I did some emerges though... then powered down computer, and tomorrow morning didn't worked root pass... will see if this will happen again, thanks anyway. |
If your /var/log/emerge.log contains the names of installed/updated packages, it may also be some clue. _________________ http://phajdan-jr.blogspot.com/ |
|
Back to top |
|
|
IvanZD Apprentice
Joined: 04 Jul 2005 Posts: 166
|
Posted: Mon May 24, 2010 12:49 pm Post subject: |
|
|
Last I emerged vmware-workstation, and as dependencies, these are also emerged:
dev-lang/python
dev-libs/libsigc++
sys-fs/fuse
dev-cpp/cairomm
dev-cpp/glibmm
dev-cpp/pangomm
dev-cpp/gtkmm
x11-libs/libview
dev-cpp/libsexymm
app-editors/gentoo-editor
dev-cpp/libgnomecanvasmm
x11-libs/libXinerama
dev-python/beautifulsoup
dev-python/lxml
app-admin/sudo ---> hmmm?
x11-libs/libgksu ---> hmmm?
app-emulation/vmware-modules
I think that before this switching to superuser worked... _________________ http://www.meteoadriatic.net/ |
|
Back to top |
|
|
phajdan.jr Retired Dev
Joined: 23 Mar 2006 Posts: 1777 Location: Poland
|
Posted: Mon May 24, 2010 1:19 pm Post subject: |
|
|
Nothing on that list should break logging in. sudo is not used when just logging into the system. Similarly for gksu. _________________ http://phajdan-jr.blogspot.com/ |
|
Back to top |
|
|
IvanZD Apprentice
Joined: 04 Jul 2005 Posts: 166
|
Posted: Mon May 24, 2010 8:56 pm Post subject: |
|
|
I have the same problem again. Root password being refused.... I just turned off computer for few hours...
What now to do?! I'm gonna save shadow file... but I must find cause of problem
Any idea? _________________ http://www.meteoadriatic.net/ |
|
Back to top |
|
|
IvanZD Apprentice
Joined: 04 Jul 2005 Posts: 166
|
Posted: Mon May 24, 2010 9:20 pm Post subject: |
|
|
OK, the shadow file is definitely NOT the same before and after fixing password through livecd!
This is line before fixing:
Code: | root:$6$V.Yenlkm$xLofIzn2JamG/B73kHEdgA3Rqxtj22jDPpS7zW3gPHjW83jXZFECl/3N4CeSLoBcYpYE5TSzU4i/pWeoa9GNx0:14753:0::::: |
And this one is after i fixed it:
Code: | root:$6$w2leD.B8$w.S4VETNuWB7b9tWgwE0lCloo5JbxZGA9Szlk7/hS68kxGhRGLh5U2akPqYYJED1alBOCo7oNgcyT1I/457Qd0:14753:0::::: |
Doesn't look the same for my eyes Of course, I always type in the SAME password. The only logical conclusion is that SOMETHING change my shadow file (that is, the root password, because all other lines in shadow are intact). Looking at timestamp when shadow file is modified last time (before fix) I can only say that it were when I did it today. After that I su-ed many times correctly. Then shut down machine for 2-3 hours and now the password is changed somehow. But looking at shadow timestamp I cannot say that it is modified after I did it myself.
Does this have any sense to you?
Few more details. I installed funtoo stage3, P4 build, ~x86 arch if that means someting useful for the investigation....
What to do now? Erase everything completely and build official Gentoo x86 stable system? Looks the best way... or somebody has better fix?
Thanks _________________ http://www.meteoadriatic.net/ |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10589 Location: Somewhere over Atlanta, Georgia
|
Posted: Mon May 24, 2010 9:26 pm Post subject: |
|
|
It'll always be different. To prevent dictionary attacks, the cleartext password data is "salted" with (pseudo-)random values before encryption; thus each time you set it, you'll get a different value. You need to set it again and save off the shadow file and compare again later to see if it's been altered.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
IvanZD Apprentice
Joined: 04 Jul 2005 Posts: 166
|
Posted: Mon May 24, 2010 9:37 pm Post subject: |
|
|
Aaaa ok, thanks, I'll backup it now.
In this case, shadow is probably not modified after I did it (as mtime say it is not). Then it is time to chase a bug in authentication mechanism?
BTW, I don't use wireless keyboard... _________________ http://www.meteoadriatic.net/ |
|
Back to top |
|
|
tomk Bodhisattva
Joined: 23 Sep 2003 Posts: 7221 Location: Sat in front of my computer
|
Posted: Tue May 25, 2010 7:47 am Post subject: |
|
|
IvanZD wrote: | Few more details. I installed funtoo stage3, P4 build, ~x86 arch if that means someting useful for the investigation.... |
Moved from Networking & Security to Unsupported Software, support questions for Gentoo-derived distributions belong here. _________________ Search | Read | Answer | Report | Strip |
|
Back to top |
|
|
|