[CentOS] Lost root access

Wed Feb 2 15:54:53 UTC 2011
Kwan Lowe <kwan.lowe at gmail.com>

On Wed, Feb 2, 2011 at 9:44 AM, James Bensley <jwbensley at gmail.com> wrote:
> So on a virtual server the root password was no longer working (as in
> I couldn't ssh in anymore). Only I and one other know it and neither
> of us have changed it. No other account had the correct privileges to
> correct this so I'm wondering, if I had mounted that vdi as a
> secondary device on another VM, browsed the file system and delete
> /etc/shadow would this have wiped all users passwords meaning I could
> regain access again?


Nope... would lock everyone out!!

You can change the shadow to a known hash and that should work.  But
going through that exercise, though interesting, would not be the most
direct method.

Had you changed the default expiration setttings on the system?  You
can run the "chage" command to see the settings on different users.
Also you may want to check the faillog.

Is this system Internet accessible?  I'd be very leery of trusting
that system until you determine what caused it to lock out.

Anyhoo, coincidentally I was thinking of ways to change a root
password on a 24/7 system. Some of the things I tested was to
overwrite some of the cron scripts that I had access to, create a suid
binary on a trusted and mounted fs (i.e., no root squash, noexec not
enabled), exec a shell from with a sudo command that had shell out
capability, etc..

> (This is past tense because its sorted now but I'm curious if this
> would have worked? And if not, what could I have done?).
> --
> Regards,
> James.
> http://www.jamesbensley.co.cc/
> There are 10 kinds of people in the world; Those who understand
> Vigesimal, and J others...?
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos