[isp-linux] Re: lost root by mistake - ISP-Linux Archive

Get your
ISP-News
courtesy of
internetnews.com

Search ISP-Lists

ISP Channel

CLEC-Planet
ISP Glossary
ISP News
ISP-Planet
ISP-Lists
E-mail Newsletters
Opt-in Announcements
Discussion Forums

internet.com

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

<- Previous Message | Next Message ->
Thread Index

[isp-linux] Re: lost root by mistake

To: isp-linux@isp-linux.com
Subject: [isp-linux] Re: lost root by mistake
From: Phil Howard <phil-isp-linux@...
Date: Mon, 23 Jun 2003 18:54:03 -0500

On Tue, Jun 24, 2003 at 12:50:37AM +0400, George Chelidze wrote: | stupid situation: I was editing /etc/passwd file and inserted '5' by | mistake. Now this file contains line starting with '5root' instead of | 'root'. /ets/shadow doesn't contain entry for '5root', so I am unable to get | root. Any way to get root withour booting in single mode. I'd like to solve | the problem without the reboot. Thanks in advance. I don't know if there is much of a solution. Maybe if you had set up "sudo" as someone else suggested. I tried the same thing on one of my machines and tried a number of things (besides my backdoor) to get in. Maybe some exploit exists, but I don't have any "kits" handy to try. In much the same way that people learn to do backups _after_ they lose some valuable data, you might want to consider installing one or more backdoors. The backdoors I have are simply some alternate usernames that are set up with UID 0 and GID 0. I have one for each of three different shells. I did it that way because the mistake I made many years ago to lock myself out was hosing the login shell root uses. Be sure at least one of them is linked entirely statically in case you mess up shared libraries. Having the busybox set of utilities in an extra directory can also help you recover from mistakes. And when things get really bad and you must reboot, rescue disks always come in handy. But one trick I've been doing for several years now is to set up a rescue partition in case the main root partition is hosed up. On my systems, hda1 is the boot+rescue partition whereas hda2 is mounted by default. The lilo boot image and kernel live in hda1 which is not mounted on the running system (which means when I need to update lilo or the kernel I have to go mount it). The lilo config has entries for the main system I call "prime" and the rescue system I call "admin" which differ in which partition is mounted as root. The rescue partition has more stuff than would normally be found in single user mode without /usr mounted. It's about 250MB in size. And for backups, a 2nd drive with the same partition layout is present. The first few sectors and hda1 are copied sector by sector so I can even boot from that disk if needed. The other partitions are backed up daily using rsync. Here's a peek at one server showing how it is organized based on experiences I've had in system administration of various systems since I started on IBM mainframes in 1979. ============================================================================= (root)@... 160> fdisk -lu /dev/hda Disk /dev/hda: 80.0 GB, 80054059008 bytes 255 heads, 63 sectors/track, 9732 cylinders, total 156355584 sectors Units = sectors of 1 * 512 = 512 bytes Device Boot Start End Blocks Id System /dev/hda1 64 514079 257008 83 Linux /dev/hda2 514144 1028159 257008 83 Linux /dev/hda3 1028160 13880159 6426000 5 Extended /dev/hda4 13880160 156344579 71232210 83 Linux /dev/hda5 1028224 2056319 514048 83 Linux /dev/hda6 2056384 3598559 771088 83 Linux /dev/hda7 3598624 7711199 2056288 83 Linux /dev/hda8 7711264 9767519 1028128 83 Linux /dev/hda9 9767584 13880159 2056288 82 Linux swap (root)@... 161> df Filesystem 1k-blocks Used Available Use% Mounted on rootfs 256996 73804 183192 29% / /dev/root 256996 73804 183192 29% / /dev/hda5 514028 46052 467976 9% /var /dev/hda6 771060 32960 738100 5% /tmp /dev/hda7 2056220 92596 1963624 5% /var/log /dev/hda8 1011928 649440 362488 65% /usr /dev/hda4 71230028 57448112 13781916 81% /home tmpfs 147456 0 147456 0% /dev/shm tmpfs 8192 4 8188 1% /var/lock tmpfs 8192 68 8124 1% /var/run (root)@... 162> cat /etc/fstab /dev/hda2 / reiserfs defaults,atime 1 0 /dev/hda1 /admin ext2 defaults,noatime,noauto 0 0 /dev/hda5 /var reiserfs defaults,noatime 1 0 /dev/hda6 /tmp reiserfs defaults,noatime 1 0 /dev/hda7 /var/log reiserfs defaults,noatime 1 0 /dev/hda8 /usr ext2 defaults,noatime,ro 1 0 /dev/hda4 /home reiserfs defaults,noatime 1 0 tmpfs /dev/shm tmpfs defaults,noatime,size=144m 0 0 tmpfs /var/lock tmpfs defaults,noatime,size=8m 0 0 tmpfs /var/run tmpfs defaults,noatime,size=8m 0 0 proc /proc proc defaults 0 0 devpts /dev/pts devpts mode=0622 0 0 /dev/hda9 swap swap defaults 0 0 /dev/fd0 /mnt/floppy auto noauto 0 0 /dev/cdrom /mnt/cdrom iso9660 noauto,ro 0 0 (root)@... 163> mount -r /dev/hda1 /admin (root)@... 164> cat /admin/etc/fstab /dev/hda1 / ext2 defaults,atime 1 0 /dev/hda2 /mnt/hda2 reiserfs defaults,noauto,ro,atime 1 0 /dev/hda5 /mnt/hda2/var reiserfs defaults,noauto,ro,noatime 1 0 /dev/hda6 /mnt/hda2/tmp reiserfs defaults,noauto,ro,noatime 1 0 /dev/hda7 /mnt/hda2/var/log reiserfs defaults,noauto,ro,noatime 1 0 /dev/hda8 /mnt/hda2/usr ext2 defaults,noauto,ro,noatime 1 0 /dev/hda4 /mnt/hda2/home reiserfs defaults,noauto,ro,noatime 1 0 tmpfs /dev/shm tmpfs defaults,noatime 0 0 tmpfs /var/lock tmpfs defaults,noatime 0 0 tmpfs /var/run tmpfs defaults,noatime 0 0 proc /proc proc defaults 0 0 devpts /dev/pts devpts mode=0622 0 0 /dev/hda9 swap swap defaults 0 0 /dev/fd0 /mnt/floppy auto noauto 0 0 /dev/cdrom /mnt/cdrom iso9660 noauto,ro 0 0 (root)@... 165> fdisk -lu /dev/hdb Disk /dev/hdb: 81.9 GB, 81964302336 bytes 255 heads, 63 sectors/track, 9964 cylinders, total 160086528 sectors Units = sectors of 1 * 512 = 512 bytes Device Boot Start End Blocks Id System /dev/hdb1 64 514079 257008 83 Linux /dev/hdb2 514144 1028159 257008 83 Linux /dev/hdb3 1028160 13880159 6426000 5 Extended /dev/hdb4 13880160 156344579 71232210 83 Linux /dev/hdb5 1028224 2056319 514048 83 Linux /dev/hdb6 2056384 3598559 771088 83 Linux /dev/hdb7 3598624 7711199 2056288 83 Linux /dev/hdb8 7711264 9767519 1028128 83 Linux /dev/hdb9 9767584 13880159 2056288 82 Linux swap (root)@... 166> ============================================================================= -- ----------------------------------------------------------------- | Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ | | phil-nospam@ipal.net | Texas, USA | http://ka9wgn.ham.org/ | ----------------------------------------------------------------- ------------------------ANNOUNCEMENT--------------------------------- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- ** 802.11 Planet ** The business of hot spots. Wireless ISP business plans. Wireless network certifications. High-gain antenna design. Site survey techniques. June 25 - 27, Boston, MA http://www.jupiterevents.com//80211/spring03 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

Replies

[isp-linux] Re: lost root by mistake, David A. Bandel

Replies

[isp-linux] lost root by mistake, George Chelidze

<- Previous Message | Next Message ->
Thread Index

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Whitepapers and eBooks

Helpful Cloud Computing Resources

MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Demo: Google Site Search
Virtual Event: Master Essential Techniques for Leveraging the Cloud
Article: Explore Application Lifecycle Management Tools in Visual Studio 2010
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products

New Security Solutions Using Intel(R) vPro(TM) Technology
All About Botnets
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES