[ale] passwd and shadow

Michael H. Warfield mhw at WittsEnd.com
Tue Jun 17 13:17:00 EDT 2008 

On Tue, 2008-06-17 at 12:18 -0400, Terry Bailey wrote:
> I have a server in a data center and am not allowed to login with 
> root because the password has been corrupted.  I thought that if 
> these files were cached, then a power down and reboot would fix it.

	Ah...  I see.  Maybe.  Probably not very likely at this point.  Data
would have been synced to disk and you're done.

	Can you not boot up run level "S"?  S will take you into single user
mode (not to be confused with run level 1 which will prompt you for a
password).  From the grub prompted edit (e) the boot command and then
edit the options line, add "S" to the end and enter to make the change.
Then hit b to boot the custom options.

	Other option is to throw in an nst (Network Security Toolkit) distro
and boot from that, mount your drives, chroot to them, and change the
password.  I actually keep an nst CD in all my remote systems with a
default chain load to the hard drive so I can interrupt a bootup and
take control of the machine from the CD rom and do what ever forensics
or maintenance I need to do or just let it boot normally through the
chain load.

	Mike

> At 11:36 AM 6/17/2008, you wrote:
> >On Tue, 2008-06-17 at 11:09 -0400, Terry Bailey wrote:
> > > Hi,
> >
> > > After booting, do copies of the passwd and shadow files reside in RAM?
> >
> >         Meaning leftovers from the previous boot or what?
> >
> >         In principle, sure.  They are simple files which will be 
> > cached by the
> >file system when they are accessed.  The passwd file itself isn't
> >particularly sensitive.  The shadow file could be sensitive but, as long
> >as people are using and enforcing strong passwords, that should be too
> >bad since only root can access kmem on the running system.  Anyone with
> >access to kmem can be presumed to have access to shadow.
> >
> >         What's the problem that is concerning you?
> >
> > > Thanks,
> >
> > > Terry Bailey
> >
> >         Mike
> >--
> >Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
> >    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
> >    NIC whois: MHW9          | An optimist believes we live in the best of all
> >  PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!
> >
> >
> >
> >_______________________________________________
> >Ale mailing list
> >Ale at ale.org
> >http://mail.ale.org/mailman/listinfo/ale
> 
> 
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20080617/08a04f40/attachment.bin

More information about the Ale mailing list