Messed up password

Linux and Unix-Like Ubuntu
1

I am unable to change my password even in root (recovery mode), or to unlock it. I can still access my account, but without password protection. In GUI Administrator account 'disabled' is displayed.

This is what I have done so far:

In root:

#usermod -U roy 
usermod:cannot lock /etc/passwd; try again later

~#passwd roy 
Enter new Unix password:done
Retype new Unix password:done
passwd:Authentication token manipulation error
passwd: password unchanged

passwd -a -S 
roy L 09/05/2012 0 99999 7 -1

passwd -d roy
passwd:cannot lock /etc/shadow; try again later

Two days later again root shell:

<mount -o rw,remount /

chmod 0440 /etc/sudoers
ls -l /etc/sudoers
-r--r----- 1 root root 574 2011-09-11 (todays date is 2012-09-07)

I think that I have to admit that "I am in out of my depth".

Would anyone please help?? :slight_smile:

2

It looks like a usermod or useradd command aborted somehow and left locks on files.
Use the lsof command to see what is going on with /etc/passwd and /etc/shadow.

You may have to reboot into single user mode to fix your problems, but try lsof first.

3

Thanks Jim,

Here are the results of your suggestion:

lsof /etc/passwd
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
gnome-set 1449  roy   17r   REG    8,1     1997 2260 /etc/passwd
applet.py 2218  roy   11r   REG    8,1     1997 2260 /etc/passwd

roy@roy-desktop:~$ lsof /etc/shadow
roy@roy-desktop:~$

However, since posting my original, I did:

cp /etc/shadow /etc/shadow.bak2

Then:

cp /etc/shadow.bak /etc/shadow

As a result please note in the following that the date of shadow is now current.

roy@roy-desktop:~$ ls -l /etc/shadow*
-rw-r----- 1 roy roy  968 'some earlier date' /etc/shadow
-rw------- 1 roy roy 1296 2012-09-05 13:55 /etc/shadow-
-rw------- 1 roy roy 1002 2012-01-24 18:19 /etc/shadow-~
-rw-r----- 1 roy roy  968 2012-01-24 18:21 /etc/shadow.bak

Would you not think that the culprit here is : shadow- dated 2012-09-05?

roy@roy-desktop:~$ ls -l /etc/shadow*
-rw-r----- 1 roy roy  968 2012-09-07 17:07 /etc/shadow
-rw------- 1 roy roy 1296 2012-09-05 13:55 /etc/shadow-
-rw------- 1 roy roy 1002 2012-01-24 18:19 /etc/shadow-~
-rw-r----- 1 roy roy  968 2012-01-24 18:21 /etc/shadow.bak
-rw-r----- 1 roy roy 1297 2012-09-07 17:06 /etc/shadow.bak2

I doubt that I would know where to start to boot into single user mode?:frowning:

4

a) Why does /etc/passwd belong to roy roy, and not to root shadow?
This is really unsafe.

b) Do you see that "L" here above?
Your account looks locked.
From man passwd:

This should explain why here below you have two r, instead of a w and a u:

To confirm, could you post the output of:
# grep roy /etc/shadow ?

No fear: you're there, you have physical access to the system, so you can do anything. This problem will be solved. :slight_smile:
--
Bye

5

Here you are Lem and thanks:

roy@roy-desktop:~$ grep roy /etc/shadow
roy::15323:0:99999:7:::

I have been duplicating your comments on a second computer and can now see the differences for myself.

I cannot explain what may have caused these errors, but I assume they can easily be corrected from root shell, or are you suggesting the use of expiredate 1 below?

I certainly have read the above many times, but did not feel happy to try the -l option for passwd as I have no idea what an SSH key is. Also I did read man usermod for expiredate 1, but thought I might be opening another "can of worms"?

I can see that the end is nigh, as I will have full confidence with expert guidance and it is a great way to learn!:cool:

6

Ok, I see again something strange here. Since your second field in /etc/shadow, after roy, is empty

AFAIK you should read:

passwd -a -S 
roy NP 09/05/2012 0 99999 7 -1

NP stands for NoPassword, AFAIK. You read instead L (Locked), but a locked account should have its second field in /etc/password containing at least and invalid char, like ! or * . :-o

However you can login without password, and this is consistent with an NP account (you couldn't login with a locked account).
With an NP account (empty password), roy cannot change its password, but surely root should be able to do it.

Let's try something.

I'm sure that your filesystem cannot be full, since you've been able to copy a file. So this isn't your problem.

From what you've already posted, I'm sure you don't have these files:

/etc/passwd.lock /etc/shadow.lock /etc/group.lock /etc/gshadow.lock

If they exist, they should be deleted and this should solve the problem, but if you don't have them...

Let's make an attempt rebooting this way:

1) # shutdown -r now
2) At boot time, press any key to have the grub2 menu showing up; at the grub2 menu select the kernel you usually boot (most probably the first of the list), but don't press ENTER, just press E (editing)
3) go at the end of the line beginning with "linux", press SPACE and then insert this string: init=/bin/bash . Be careful: grub2 thinks you're using an English keyboard. With a different keyboard you should type something a bit different (with an italian keyboard I should type "init�-bin-bash") to get "init=/bin/bash" on screen
4) press CTRL+X to boot (I guess it's CTRL+X, follow on screen instructions)
5) now you're in the system and - this is the funny thing - you're root without even knowing root's password (you can save this trick for the future), and you do this:

# mount -o remount,rw /
# passwd roy

Now insert your new password, and then of course insert it again.

# sync; sync
# mount -o remount,ro /
# reboot -f

After the reboot, you're back in your standard system. Is it solved?
--
Bye

7

Right then Lem. Here is the latest:

roy@roy-desktop:~$ passwd -S roy
roy NP 12/15/2011 0 99999 7 -1

So the password is NOW unlocked and has been since I

cp /etc/shadow /etc/shadow.bak2

and

cp /etc/shadow.bak /etc/shadow

I presume that I can login without password because mine is the Admin account and otherwise the whole system would be inoperable?

I can confirm that there are currently NO

passwd.lock shadow.lock gshadow.lock group.lock

There may have been before the above?

NOW AFTER TAKING A BREAK

Success - I have succeeded in changing my password in root and now have access to sudo and this is how it was done!

roy@roy-desktop:~$ sudo passwd roy -S
[sudo] password for roy: 
roy P 09/10/2012 0 99999 7 -1

However, a user account is still locked.

roy@roy-desktop:~$ sudo passwd robyn -S
robyn L 12/15/2011 0 99999 7 -1
roy@roy-desktop:~$ sudo passwd robyn
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
robyn L 12/15/2011 0 99999 7 -1
roy@roy-desktop:~$ sudo passwd -u robyn
passwd: password expiry information changed.
roy@roy-desktop:~$ sudo passwd robyn -S
robyn P 09/10/2012 0 99999 7 -1

roy@roy-desktop:~$ ls -l /etc/shadow
-rw-r----- 1 roy roy 1066 2012-09-10 14:07 /etc/shadow
roy@roy-desktop:~$ ls -l /etc/shadow*
-rw-r----- 1 roy roy 1066 2012-09-10 14:07 /etc/shadow
-rw------- 1 roy roy 1066 2012-09-10 14:07 /etc/shadow-
-rw------- 1 roy roy 1002 2012-01-24 18:19 /etc/shadow-~
-rw-r----- 1 roy roy  968 2012-01-24 18:21 /etc/shadow.bak
-rw-r----- 1 roy roy 1297 2012-09-07 17:06 /etc/shadow.bak2
roy@roy-desktop:~$ ls -l /etc/passwd*
-rw-r--r-- 1 roy roy 1997 2012-09-10 14:07 /etc/passwd
-rw------- 1 roy roy 1997 2012-09-10 14:07 /etc/passwd-
roy@roy-desktop:~$ sudo chown root:root /etc/shadow*
roy@roy-desktop:~$ ls -l /etc/shadow*
-rw-r----- 1 root root 1066 2012-09-10 14:07 /etc/shadow
-rw------- 1 root root 1066 2012-09-10 14:07 /etc/shadow-
-rw------- 1 root root 1002 2012-01-24 18:19 /etc/shadow-~
-rw-r----- 1 root root  968 2012-01-24 18:21 /etc/shadow.bak
-rw-r----- 1 root root 1297 2012-09-07 17:06 /etc/shadow.bak2
roy@roy-desktop:~$ sudo chown root:root /etc/passwd
roy@roy-desktop:~$ ls -l /etc/passwd
-rw-r--r-- 1 root root 1997 2012-09-10 14:07 /etc/passwd
roy@roy-desktop:~$ sudo chown root:root /etc/passwd*
roy@roy-desktop:~$ ls -l /etc/passwd
-rw-r--r-- 1 root root 1997 2012-09-10 14:07 /etc/passwd
roy@roy-desktop:~$ ls -l /etc/passwd*
-rw-r--r-- 1 root root 1997 2012-09-10 14:07 /etc/passwd
-rw------- 1 root root 1997 2012-09-10 14:07 /etc/passwd-
roy@roy-desktop:~$ sudo chown root:shadow /etc/passwd*
roy@roy-desktop:~$ ls -l /etc/passwd*
-rw-r--r-- 1 root shadow 1997 2012-09-10 14:07 /etc/passwd
-rw------- 1 root shadow 1997 2012-09-10 14:07 /etc/passwd-

roy@roy-desktop:~$ sudo lsof /etc/passwd
[sudo] password for roy: 
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sudo    27415 root    3r   REG    8,1     1997 3499 /etc/passwd

roy@roy-desktop:~$ grep roy /etc/shadow
grep: /etc/shadow: Permission denied
roy@roy-desktop:~$ sudo grep roy /etc/shadow
roy:$6$pbvzv3b0$EofbFYlDFAV1E6oSKYYU3U/FQiKZHqWCjlEWKWM55W2qQxGo7JjiECLjJiJ0n1y68arhGaD3vKRhCWk9YvKA10:15593:0:99999:7:::

There is still a '3r' after/under 'FD'

If you can see anything else that needs to be corrected, please let me know.

Thanks very much Lem and Jim. :D:D:D

8

Glad you solved. Well done! :slight_smile:

Just one thing: in my Ubuntu (11.10) /etc/shadow is owned by root:shadow.
--
Bye

9

I think you will find that I changed it to that later on.
Thanks

10

Hi all,
The problem is still not completely cleared. My password in user accounts is set for automatic off, but at boot time, one mouse click on my login icon, loads my settings, but without a password. I don't want that to happen.
Also, if left inactive for a while, the password box comes up and it will not accept my valid password. That is the password that in terminal, is accepted for sudo.
I have set up, I hope correctly, an SSH key, but with the same password.
Are there any comments please, as to how to knock this on the head, once and for all?
I have searched extensively for system files with names similar to those mentioned in earlier posts, read many man pages and also many other Ubuntu technical sites. :frowning: