On Wed, Feb 2, 2011 at 9:44 AM, James Bensley <jwbensley at gmail.com> wrote: > So on a virtual server the root password was no longer working (as in > I couldn't ssh in anymore). Only I and one other know it and neither > of us have changed it. No other account had the correct privileges to > correct this so I'm wondering, if I had mounted that vdi as a > secondary device on another VM, browsed the file system and delete > /etc/shadow would this have wiped all users passwords meaning I could > regain access again? :) Nope... would lock everyone out!! You can change the shadow to a known hash and that should work. But going through that exercise, though interesting, would not be the most direct method. Had you changed the default expiration setttings on the system? You can run the "chage" command to see the settings on different users. Also you may want to check the faillog. Is this system Internet accessible? I'd be very leery of trusting that system until you determine what caused it to lock out. Anyhoo, coincidentally I was thinking of ways to change a root password on a 24/7 system. Some of the things I tested was to overwrite some of the cron scripts that I had access to, create a suid binary on a trusted and mounted fs (i.e., no root squash, noexec not enabled), exec a shell from with a sudo command that had shell out capability, etc.. > (This is past tense because its sorted now but I'm curious if this > would have worked? And if not, what could I have done?). > > -- > Regards, > James. > > http://www.jamesbensley.co.cc/ > > There are 10 kinds of people in the world; Those who understand > Vigesimal, and J others...? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >