[CentOS] Lost root access

Wed Feb 2 14:47:07 UTC 2011
Giles Coochey <giles at coochey.net>

On 02/02/2011 15:44, James Bensley wrote:
> So on a virtual server the root password was no longer working (as in
> I couldn't ssh in anymore). Only I and one other know it and neither
> of us have changed it. No other account had the correct privileges to
> correct this so I'm wondering, if I had mounted that vdi as a
> secondary device on another VM, browsed the file system and delete
> /etc/shadow would this have wiped all users passwords meaning I could
> regain access again?
>
> (This is past tense because its sorted now but I'm curious if this
> would have worked? And if not, what could I have done?).
>
If you can edit /etc/shadow then you could have changed roots password. 
Depending on your access (console required) you could have booted to 
single-user mode and edited /etc/shadow that way.

I would not recommend deleting the /etc/shadow file at all... don't 
think that would gain you access.

-- 
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: giles at coochey.net
Skype: gilescoochey



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5137 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20110202/f56e01a7/attachment-0005.p7s>