Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Beno on February 04, 2002, 03:53:53 AM
-
Help........
Had to change password as old pass was disclosed. I have now lost the new password.
Is there anything that can be done??????
Beno
-
Yes there is.
I read a howto from a link at slashdot, but I can't remember how to do it.
It described the process of power cycling the machine (you can't tpye "reboot" if you're not logged on).
You then hit two keys to get it into a special mode as it boots. The mode doesn't ask you for a root password. You then create a root2 user, ect, go back and delete the old root a/c, ect.
If you search for it you will find it... sorry I can't be of more help.
It was regarding the fact that you CAN beat the (security) root logon if you have physical access to the machine.
-
I found this for you.
"umm yeah its very easy ...
get a bootdisk (or a boot cdrom)
boot into single user mode ... mount the root partition and then edit the /etc/shadow file to be blank (ie no passwd).
btw this works for sun as well - its how you "recover" root - same thing can be done w/ windows (linux bootdisk, mount the fat/ntfs system) and then find your favourtie crack (l0pht made one? - i aint sure, don't deal with it much)
so if they have physical access - they have root
hope that helps,"
and this too,
"the process you are describing is entering into single-user mode linux. it is easily avoided however.
basically if you have physical access to the machine then u can reboot it, and when you get to the LILO prompt, type in 'linux single'. this mode does not require a password to get access to the root account, and is commonly used to reset the password if forgotten.
however if the machine has a LILO password configured, this password is needed to get access to any mode of the linux machine. the password can be added by editing /etc/lilo.conf. check 'man lilo.conf' for the exact setting.
in short, if the administrator of the linux machine is any good, then linux is rock solid. "
I hope that gets you out of trouble.
-
I think im in trouble.....
I dont have a boot diac.
Can i use the original installer disc?
or can i make a boot disc somehow???
I appreciate your help.
Ben
-
Why don't you put the drive in another machine and mount the file system that way.
Copy the needed data, then put it back in the server and try a upgrade from the E-Smith install disc.
or get the password files from the "data copy" and crack them with Loftcrack....
-
Reboot your server. (power off and on is simple)
When you see the graphical lilo prompt (that only offers e-smith)
(which normally appears and disappears very quickly),
hit ALT-X. This puts it into lilo text input mode.
Type:
esmith single
This boots e-smith into single user mode.
This logs you on without a root password but with SU powers!
Now type
passwd root
Now enter the new root password and confirm.
Then type
init 7
You are now cooking with gas.
Ahh the power. Now if lilo has a password then your stuffed.
There are clever ways around lilo passwords that involve using a bootdisk
like Toms Boot Disk (God bless Tom) at http://www.toms.net/rb/
but my methods simpler.
-
Crtl-Alt-Delete is a cleaner way to reboot. This will cleanly unmount all drives.
-
I have tryed the ALT-X on a sme 5.0. When the e-smith screen and I hit ALT-X the screen just stops. I then type esmith single with the e-smith graphic image still up and then hit enter it still boots up in normal mode. Am I doing somthing wrong.
Thanks
Doyle Glaze
-
I think it should be CTRL-X, not ALT.
-
hit CTL-X when the esmith grphic comes up. This puts it into lilo text input mode.
Type:
esmith single
This boots e-smith into single user mode.
This logs you on without a root password but with SU powers!
Now type
passwd root
Now enter the new root password and confirm.
Then type
init 7
Thanx..... This works for root.
Now how do i edit my esmith admin password???
-
Hi Beno,
Once you are logged on as root you can change anyones password.
For admin you simply enter the command:
passwd admin
Root and admin do not have to have the same password.