Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Root password suddenly refused
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
IvanZD
Apprentice
Apprentice


Joined: 04 Jul 2005
Posts: 166

PostPosted: Mon May 24, 2010 8:27 am    Post subject: Root password suddenly refused Reply with quote

Hello.

2 days after install, I tried to su, and system refused my root password. Then I tried login to Ctrl-Alt-F2 console as root, again no luck. I'm pretty sure I remember my password and there were nothing like CapsLock on. Also, the system is not hacked.

OK I booted again livecd and fixed root pass, but... the question is, how that happened? This is not my machine but I install it for friend, and he is not very good with linux.. what if system lock him out tomorrow without any apparent reason?

Thx
_________________
http://www.meteoadriatic.net/
Back to top
View user's profile Send private message
bendeguz
Apprentice
Apprentice


Joined: 10 Feb 2010
Posts: 189

PostPosted: Mon May 24, 2010 9:54 am    Post subject: Reply with quote

maybe something happened with the keyboard layout?
Back to top
View user's profile Send private message
IvanZD
Apprentice
Apprentice


Joined: 04 Jul 2005
Posts: 166

PostPosted: Mon May 24, 2010 10:18 am    Post subject: Reply with quote

No, I checked that by typing password instead of "root" at login...
_________________
http://www.meteoadriatic.net/
Back to top
View user's profile Send private message
phajdan.jr
Developer
Developer


Joined: 23 Mar 2006
Posts: 1774
Location: Poland

PostPosted: Mon May 24, 2010 11:36 am    Post subject: Reply with quote

If you have captured /etc/shadow from before the breakage, it would be interesting to compare it to the one after the password has been reset. One thing that might cause things like that is a hash format change.
_________________
http://phajdan-jr.blogspot.com/
Back to top
View user's profile Send private message
IvanZD
Apprentice
Apprentice


Joined: 04 Jul 2005
Posts: 166

PostPosted: Mon May 24, 2010 11:52 am    Post subject: Reply with quote

Thx.. I forgot to save old shadow file, yes it would be interesting to investigate. I did some emerges though... then powered down computer, and tomorrow morning didn't worked root pass... will see if this will happen again, thanks anyway.
_________________
http://www.meteoadriatic.net/
Back to top
View user's profile Send private message
phajdan.jr
Developer
Developer


Joined: 23 Mar 2006
Posts: 1774
Location: Poland

PostPosted: Mon May 24, 2010 12:14 pm    Post subject: Reply with quote

IvanZD wrote:
Thx.. I forgot to save old shadow file, yes it would be interesting to investigate. I did some emerges though... then powered down computer, and tomorrow morning didn't worked root pass... will see if this will happen again, thanks anyway.


If your /var/log/emerge.log contains the names of installed/updated packages, it may also be some clue.
_________________
http://phajdan-jr.blogspot.com/
Back to top
View user's profile Send private message
IvanZD
Apprentice
Apprentice


Joined: 04 Jul 2005
Posts: 166

PostPosted: Mon May 24, 2010 12:49 pm    Post subject: Reply with quote

Last I emerged vmware-workstation, and as dependencies, these are also emerged:

dev-lang/python
dev-libs/libsigc++
sys-fs/fuse
dev-cpp/cairomm
dev-cpp/glibmm
dev-cpp/pangomm
dev-cpp/gtkmm
x11-libs/libview
dev-cpp/libsexymm
app-editors/gentoo-editor
dev-cpp/libgnomecanvasmm
x11-libs/libXinerama
dev-python/beautifulsoup
dev-python/lxml
app-admin/sudo ---> hmmm?
x11-libs/libgksu ---> hmmm?
app-emulation/vmware-modules

I think that before this switching to superuser worked...
_________________
http://www.meteoadriatic.net/
Back to top
View user's profile Send private message
phajdan.jr
Developer
Developer


Joined: 23 Mar 2006
Posts: 1774
Location: Poland

PostPosted: Mon May 24, 2010 1:19 pm    Post subject: Reply with quote

Nothing on that list should break logging in. sudo is not used when just logging into the system. Similarly for gksu.
_________________
http://phajdan-jr.blogspot.com/
Back to top
View user's profile Send private message
IvanZD
Apprentice
Apprentice


Joined: 04 Jul 2005
Posts: 166

PostPosted: Mon May 24, 2010 8:56 pm    Post subject: Reply with quote

I have the same problem again. Root password being refused.... I just turned off computer for few hours...

What now to do?! I'm gonna save shadow file... but I must find cause of problem :roll:

Any idea?
_________________
http://www.meteoadriatic.net/
Back to top
View user's profile Send private message
IvanZD
Apprentice
Apprentice


Joined: 04 Jul 2005
Posts: 166

PostPosted: Mon May 24, 2010 9:20 pm    Post subject: Reply with quote

OK, the shadow file is definitely NOT the same before and after fixing password through livecd!

This is line before fixing:
Code:
root:$6$V.Yenlkm$xLofIzn2JamG/B73kHEdgA3Rqxtj22jDPpS7zW3gPHjW83jXZFECl/3N4CeSLoBcYpYE5TSzU4i/pWeoa9GNx0:14753:0:::::


And this one is after i fixed it:
Code:
root:$6$w2leD.B8$w.S4VETNuWB7b9tWgwE0lCloo5JbxZGA9Szlk7/hS68kxGhRGLh5U2akPqYYJED1alBOCo7oNgcyT1I/457Qd0:14753:0:::::


Doesn't look the same for my eyes :P Of course, I always type in the SAME password. The only logical conclusion is that SOMETHING change my shadow file (that is, the root password, because all other lines in shadow are intact). Looking at timestamp when shadow file is modified last time (before fix) I can only say that it were when I did it today. After that I su-ed many times correctly. Then shut down machine for 2-3 hours and now the password is changed somehow. But looking at shadow timestamp I cannot say that it is modified after I did it myself.

Does this have any sense to you?

Few more details. I installed funtoo stage3, P4 build, ~x86 arch if that means someting useful for the investigation....

What to do now? Erase everything completely and build official Gentoo x86 stable system? Looks the best way... or somebody has better fix?

Thanks
_________________
http://www.meteoadriatic.net/
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 9490
Location: Somewhere over Atlanta, Georgia

PostPosted: Mon May 24, 2010 9:26 pm    Post subject: Reply with quote

It'll always be different. To prevent dictionary attacks, the cleartext password data is "salted" with (pseudo-)random values before encryption; thus each time you set it, you'll get a different value. You need to set it again and save off the shadow file and compare again later to see if it's been altered.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
IvanZD
Apprentice
Apprentice


Joined: 04 Jul 2005
Posts: 166

PostPosted: Mon May 24, 2010 9:37 pm    Post subject: Reply with quote

Aaaa ok, thanks, I'll backup it now.

In this case, shadow is probably not modified after I did it (as mtime say it is not). Then it is time to chase a bug in authentication mechanism?

BTW, I don't use wireless keyboard... :)
_________________
http://www.meteoadriatic.net/
Back to top
View user's profile Send private message
tomk
Bodhisattva
Bodhisattva


Joined: 23 Sep 2003
Posts: 7221
Location: Sat in front of my computer

PostPosted: Tue May 25, 2010 7:47 am    Post subject: Reply with quote

IvanZD wrote:
Few more details. I installed funtoo stage3, P4 build, ~x86 arch if that means someting useful for the investigation....


Moved from Networking & Security to Unsupported Software, support questions for Gentoo-derived distributions belong here.
_________________
Search | Read | Answer | Report | Strip
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum