Recover root account

trantuananh24hg · December 21, 2012, 9:56pm

Hi everyone!

I've got a problem caused by another who did:
- He create an user and grant the group (1) to this
- The problem appears as "Permission deined when reboot the Server

Dec 21 09:13:09 payment dtlogin[1269]: open_pam_conf: Owner of /etc/pam.conf is not root
Dec 21 09:13:09 payment dtlogin[1117]: open_pam_conf: Owner of /etc/pam.conf is not root
Dec 21 09:13:30 payment sendmail[533]: unable to qualify my own domain name (payment) -- using short name
Dec 21 09:13:30 payment sendmail[1310]: unable to write pid to /var/spool/clientmqueue/sm-client.pid: Permission denie

Then, I recover by CDrom, change owner to root (pam.conf), login success to Server. However, I can change root's password, even deleting 2 users

root@payment # id -p vmspay
uid=503(vmspay) gid=1(other) projid=3(default)
root@payment # userdel vmspay
root@payment # userdel payment
root@payment # 
root@payment # 
root@payment # passwd
passwd: Changing password for root
New Password: 
Re-enter new Password: 
Permission denied
root@payment # cd /etc
root@payment # ls -ll pam*
-rw-r--r--   1 root     sys         3477 Dec 21 14:31 pam.conf
-r--r--r--   1 503      bin         3310 Jul  5 02:47 pam.conf-winbind
-rw-r--r--   1 root     root        3263 Dec 21 14:29 pam.conf.bk
root@payment # passwd -r files root
New Password: 
Re-enter new Password: 
Permission denied
root@payment #

May you guide me to do it?
Thank you!

jim_mcnamara · December 22, 2012, 12:55pm

I don't know what is wrong - completely. Can you undo the pam settings or rename the files.

RudiC · December 22, 2012, 2:48pm

I'm struggling as well - at first I thought the 503:bin ownership or permissions on the parent dir would stop him/her, but the user is root, so ...? If it were for extended attributes, the error msg would be different, so ...?

trantuananh24hg · December 24, 2012, 9:01pm

Thank you for your reply!

I solved those problem 3 days ago.
The problem was described:

               \+ The other man created 2 users who owned group root. 
               \+ 2 users was changed owner to be a super user owning everything from root. 
               \+ When reboot, the server was not logging still I used a CDrom and boot in single-mode, repaired some files and restarted.

503, 504 is the number instead of 2 strange users above. So, I write a shell script to find every files which owned by 503,504, compared them with the normal server running sun10 sparc. At the end, I switched back to right user (root, daemon, uucp), right group (root, sys, daemon, uucp ...).

Now, the problem is gone.

Scrutinizer · December 25, 2012, 1:44am

Thanks for reporting back trantuananh24hg