On 02/02/2011 15:44, James Bensley wrote: > So on a virtual server the root password was no longer working (as in > I couldn't ssh in anymore). Only I and one other know it and neither > of us have changed it. No other account had the correct privileges to > correct this so I'm wondering, if I had mounted that vdi as a > secondary device on another VM, browsed the file system and delete > /etc/shadow would this have wiped all users passwords meaning I could > regain access again? > > (This is past tense because its sorted now but I'm curious if this > would have worked? And if not, what could I have done?). > If you can edit /etc/shadow then you could have changed roots password. Depending on your access (console required) you could have booted to single-user mode and edited /etc/shadow that way. I would not recommend deleting the /etc/shadow file at all... don't think that would gain you access. -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: giles at coochey.net Skype: gilescoochey -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5137 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos/attachments/20110202/f56e01a7/attachment-0005.p7s>