root password

silver40 · March 20, 2002, 8:38am

For some reason my root password is not working ... and I have no idea why

I can't log in as root and i cant su to root

Could anyone tell me how to fix this ?

running Red Hat Linux

Kelam_Magnus · March 20, 2002, 1:29pm

There are two paths here.

One is to reboot and get back into single user mode, which doesn't require a password on 99% of UNIX flavors, when you get to the prompt type:

passwd root

That should let you change the root passwd.

The second path is not as easy. You will either need to make an alternate boot disk or reload your OS.

Also, you can search this site for others who have had problems with losing the root password. Search for "root login problems" or "no root password".

Here is one link.

Maybe you will get lucky and can reboot to single user mode and change the password!

Let me know how this works out!

Good Luck.

silver40 · March 20, 2002, 2:07pm

ok i rebooted the machine and changed the password in single user mode. it worked perfectly.

However my problem is a little more extensive than this (as usual)

I have the same root passwd on all 4 of my servers. All running Red Hat Linux.

For some odd reason the root passwd will not work on any of my servers. It looks like someone manually changed the root passwd on all my servers (sounds like a hacker).

My question is there a way to change the root passwd on all of my servers without having to reboot every single one of them or creating boot disks ?

The reason i dont want to reboot these servers is because they are production web servers.

Kelam_Magnus · March 20, 2002, 2:20pm

If you have .rhosts files established on each of the other servers, you should be able to execute. rlogin

rlogin systemname -l root

If you have the exact same passwd files, you can use rcp.

rcp mycurrentbox:/etc/passwd theotherbox:/etc/passwd

Then you can login over there as well. If they are not the same you can do this anyway and then restore you password from a backup with out interrupting the users.

If not you may need to reboot them as well.

keep me updated.

silver40 · March 20, 2002, 4:27pm

ok,

here is what i did on my local server.

i added a line to my .rhost file in the root home directory :

remote.server.abc root

i set the file permissions to 600

then im using the rlogin command like this :

rlogin -l root remote.server.abc

it wont do anything, it just hangs there

do i need to edit the .rhost file in my remote server, also ??

If so, how will I be able to if the .rhost file has root permissions and i cant login as root ?

i think the .rhosts files have been created for other servers but not for my situation.

i also tried the remote copy command 'rcp' but that seems to be just hanging there also.

My local server is behind a firewall and my remote server is outside the firewall .... could that be an issue ???

btw, thanks for you help.

Kelam_Magnus · March 20, 2002, 4:33pm

You do need to have a .rhosts on both/all systems involved.

Also your format is wrong for the rlogin command.

rlogin hostname -l root

If this doesn't work you will have to schedule downtime to reboot.

Cameron · March 20, 2002, 7:53pm

Also (from memory) make sure that your default file (/etc/auth/system/default) still exists.

Pretty sure that's it, otheruwise you won't be able to rcmd the other server

silver40 · March 21, 2002, 3:20pm

ok looks like my unix administrator "forgot" to tell me that he changed the root passwd.

thanks to everyone for your help anyway.

looks like rebooting the server in single-user mode is a major security hole if the user can change the password without being asked for the old passwd.

something im going to have to look into. Also curious about remote login and the .rhost files.

anyway, thanks again everyone.

Neo · March 21, 2002, 3:34pm

It is not a security hole to be able to change the root password when you have physical access to the machine and the console.

If someone wanted to change the password and have physical access to the machine, there are so many ways to do it that it would take lots of discussions to list them all

When servers require physical security then they are placed in locked rooms with access controls.

Security is risk management centric and if your server is so critical that it needs to be protected from workers and admins, then you need a physical security policy and access control safeguards.

Kelam_Magnus · March 21, 2002, 3:38pm

Your SysAdmin, if they are worth their salt, should know all of this already, but I will say it anyway.

Here are some ways to protect against rebooting to single user mode.

This is only a problem if the box is logged in as root. It is a company policy where I work to not have root logged in at the console. This prevents prying eyes.

Also, if the box is not physically secure, ie in a locked room, then you will always have a chance where someone can power off and power on the box to get it to single user mode that way.

The shutdown command should be only allowed for root user, so if the box is not logged in then you shouldn't have a problem with that.

This procedure of rebooting to single is not a security hole, and there is no way to prevent it except having your server in a locked room with root logged out of the console. We have a key card access to our data centers.

With regard to .rhosts, it CAN be a security hole if users have one in their home directories to allow outside users onto the box. Again, we only use .rhosts on secure hosts that are trusted inside a firewall. Also, I usually disable it, (comment out the lines in the file), when it is not in use just as a precaution.

But when used properly, .rhosts can be an asset.