Getting to root when the password has been lost

[Barry Shein]

Well, you might consider putting the hard disk as a second disk on
another system and just edit the password file.

-Barry Shein

Software Tool & Die | {xylogics,uunet}!world!bzs | b...@world.std.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD

[James N. Petersen]

Recently, we had a graduate student leave, after having changed the
password for root on our UNIX V/3.2.2 system (AT&T UNIX/386). Is there
any way we can get in and reset the password to a known value?

[2307GILLV%M...@cunyvm.cuny.edu]

Hmm, I believe not. If there were such a backdoor, it would be internal to
AT&T. They would *not* make it public. I suggest that you use the backup
account and backup, then reload the system
and restore.

[R. Kym Horsell]

The only sure-fire (unless you want to hack in & I'm not going to
send _anyone_ info like that) method is to boot the system from
floppy, tape, whatever, and mount the filesystem of interest
& then edit the /etc/passwd file.

-Kym Horsell
=====

[Tom Gillespie]

In article <24...@adm.BRL.MIL> SCEF0003%WSUVM1...@cornellc.cit.cornell.edu (James N. Petersen) writes:

The following procedure assumes that you have the first disk of the Base System
Package readily available, that your root disk is 0s1 and your /usr disk
is 0s3:

1) shut the machine down -- use the "FACE" system administration menu,
assuming that you have another login which has sysadm privileges
(look in /etc/.useradm)

if not, hit the reset switch and hope for little filesystem damage

2) insert the first disk of the Base System Package and reboot

3) wait for the "Strike ENTER to install the UNIX System on your hard
disk" prompt.

4) Press the <del> key. After a few moments, a # prompt will appear.

5) execute the following:

fsck -y /dev/dsk/0s1
fsck -y /dev/dsk/0s3

mount /dev/dsk/0s1 /mnt
mount /dev/dsk/0s3 /usr <<=== if this fails, do "mkdir /usr"
and try again

PATH=$PATH:/mnt/bin:/mnt/etc:/usr/bin
TERM=at386

6) edit the following files:

/etc/shadow -- delete the password (second filed of the line) for
root

/etc/default/login -- if there is a line that reads PASSREQ=YES,
remove it

7) execute:

umount /dev/dsk/0s3
umount /dev/dsk/0s1

8) hit the reset switch and remove the diskette

9) when the machine comes up, login as root (there should be no password
now) and set a new password (and fiex /etc/default/login, if
desired)

Tom Gillespie
att!mtunf!tag t...@mtunf.att.com

[Amos Shapira]

SCEF0003%WSUVM1...@cornellc.cit.cornell.edu (James N. Petersen) writes:

Well, I have never operated a UNIX on a PC, but in general, there should
be a way to boot the system to single user, this should give you a root
shell without having to know the password (at least on the CCI and the VAX
I operated here).
But maybe because anyone could access the machine physically, this option is
not avialable in this case.

Hope this helps,
Amos Shapira
am...@batata.huji.ac.il

[esanchez]

I don't know if the following solution works for you, but in a
SUN machine you boot in single user mode and the machine gives you
the root prompt without asking you for the password (of course,
this works if the C2 security level is not installed).
It is to say, try to boot your machine in singl;e user mode
and good luck...
__________________________________________
Enrique Sanchez Lara
internet: esan...@udlapvms.PUE.UDLAP.MX
P.S. If your machine is connected to a network,
maybe you can do a "rlogin" as root from other
machine that has a hosts.equiv or .rhosts entry
giving free access to the root of that
machine
_____________________________________________

[Yenal Gogebakan]

What about booting in single user mode.If your system is not secure
enough :-) you con login as root.

[Kendrick Gibson]

Maybe you can boot from a backup tape.
Either the original or a recent backup tape that you know
the password of.

Just a suggestion- we have a sector on our hard drive that
has root without a password. We could boot from it if necessary.
Of course we have to trust anyone with physical access to our
computer not to reboot it and set themself up as superuser.
If/when you do get in, you might consider copying root to an
unmounted slice.

Ken Gibson
aeba-i...@berlin-emh1.army.mil
I'd rather be telecommuting.
DISCLAIMER: The opinions stated herein may coincidentaly corelate with
the opinions of some organization somewhere.

[Henry Liao]

Here is the easiest way to reset root's password on UNIX V/3.2.2.

boot UNIX from floppy (base system 1 of 7)
press <DEL> to interrupt INSTALL script
mount /dev/dsk/0s1 on /mnt
modify root entry in /mnt/etc/shadow with ed
sync disk
umount /mnt

-Henry Liao
California State University, Los Angeles
Networking Distributed & Systems Group
BitNET: ket...@calstate.bitnet, hl...@csula.bitnet
InterNET: hliao@{atss,csulavax,neptune,opus}.calstatela.edu
ATTMAIL: attmail!atss!hliao

[Mark Sausville]

Date: Thu, 6 Sep 90 18:10:22 -0400
From: Barry Shein <b...@cs.bu.edu>

-Barry Shein

Very much to the point. By the way, have you heard from Max (Alix) lately?
I haven't and I'm a bit worried about her.

Mark.

Mark Sausville MIT Media Laboratory
617-253-0325 Room E15-354
Fax: 617-258-6264 20 Ames Street
sa...@media-lab.media.mit.edu Cambridge, MA 02139

[Ron Haukenfrers]

SCEF0003%WSUVM1...@cornellc.cit.cornell.edu (James N. Petersen) writes:

One of the quickest ways is to boot off disk 1 in the distribution disks,
halt the install and get the micro kernel running. You then can mount
the root file system and modify the passwd file. This does work as I've had
to perform this little operation myself. Instructions for booting off the
flop are in the Admin Guide, 6-23, Recovery From Major Hard Disk Damage.

Ron Haukenfrers {alberta,cbmvax,decwrl}!atha!ron
Educational Computing or r...@cs.AthabascaU.CA
Athabasca University

[Tim Sesow (Rocky Mntn)]

The only way to get back into root once you have lost the password is
to boot the system in single-user mode. The UNIX installation
manual for your system probably tells how to do this. It varies
from system to system.

Once you are in single user mode, edit the /etc/password file to
remove the password (second field in line that starts with "root").
Then just type a CONTROL-D to start up in multi-user mode,
login as root (no password required), and set a new password.

[Pete Holsberg]

Get the distribution diskettes and boot from number 1 (of 7). At the
first prompt, hit DEL. This gives you a root prompt for the OS on the
floppy. fsck /dev/dsk/0s1 and then mount it. Copy /mnt/etc/passwd to
/mnt/etc/tmp.passwd. Copy /etc/passwd to /mnt/etc/passwd. Do the same
shuffle with the shadow password file.

Now unmount the HD, give a couple of syncs, and run uadmin 2 2 to reboot.

I had to do a similar thing just this morning!

Pete

--
Prof. Peter J. Holsberg Mercer County Community College
Voice: 609-586-4800 Engineering Technology, Computers and Math
UUCP:...!princeton!mccc!pjh 1200 Old Trenton Road, Trenton, NJ 08690
Internet: p...@mccc.edu Trenton Computer Festival -- 4/20-21/91

[Art Neilson]

If you have a bootable UNIX on diskette, you can boot from your floppy
drive and mount the harddisk on the floppy filesystem. Then it's easy
to cd onto the harddisk and modify etc/passwd. You may be able to do
this using your UNIX installation boot disk by breaking out of the
install with the interrupt (DEL usually) key as soon as the first
question is asked. I know this is possible with ISC UNIX, which is
AT&T UNIX V/3.2 based.
--
Arthur W. Neilson III | ARPA: a...@pilikia.pegasus.com
Bank of Hawaii Tech Support | UUCP: uunet!ucsd!nosc!pegasus!pilikia!art

[Tin Le]

In article <24...@adm.BRL.MIL> SCEF0003%WSUVM1...@cornellc.cit.cornell.edu (James N. Petersen) writes:

Since it's on an 386 system, I assume you can boot MSDOS. I've had it
happened to me where the passwd file got erased (Microport V/286) but
the file systems were fine.

The fix is to boot DOS, run a sector/disk edior like Norton, search
for /etc. It's should be easier for you to fix things as your passwd
file is still there. Search for that file, by looking for

"root:" without the quotes

Then erase the encoded password by retyping that line, moving all other
information from the right side over. That's all there is to it.

In my case, I was lucky enough to have an old password file laying
around call /etc/opasswd.

Good luck!

-- Tin Le

--
. ---------------------------------------------------------------
. t...@smsc.sony.com | {uunet,mips}!sonyusa!tin
. (408) 944-4157

[Andy Soravilla]

Is this something that should be bandied about on the net?? Or am I
being too picky?
Andy

[Garrett Lau]

In article <79...@pbhyf.PacBell.COM> a...@PacBell.COM (Andy Soravilla) writes:
>Is this something that should be bandied about on the net?? Or am I
>being too picky?

Well, it is common knowledge, as you can tell by the number of
replies. The real question is: Why is this in comp.unix.internals?
Isn't there a newsgroup called comp.unix.admin? It seems like the
reorganization of comp.unix.* didn't accomplish anything besides
alienating a lot of wizards.
--
Garrett Lau l...@efi.com uunet!efi!lau
Electronics for Imaging, Inc.
San Bruno, California

[Ray Ward]

In article <79...@pbhyf.PacBell.COM>, a...@PacBell.COM (Andy Soravilla) writes:
>
> Is this something that should be bandied about on the net?? Or am I
> being too picky?

Yes, you are being too picky. Lighten up...

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray Ward Email: uunet!ctbilbo!ray
Voice: (214) 991-8338x226, (800) 331-7032 Fax : (214) 991-8968
=-=-=-=- There _are_ simple answers, just no _easy_ ones. -- R.R. -=-=-=-=

[James N. Petersen]

Thanks for all who offered suggestions as to how to get to root when the
password has been lost. The solution lies in booting into the single user
version, then mounting the disks and editing the shadow file.

Again, thanks to all.

[Bill Irwin]

You are right..it shouldn't be. Why don't we start talking about hot
wiring cars and picking locks?
--
Bill Irwin - TWG The Westrheim Group - Vancouver, BC, Canada
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uunet!van-bc!twg!bill (604) 431-9600 (voice) | UNIX Systems
bi...@twg.wimsey.bc.ca (604) 431-4329 (fax) | Integration

[Felix Lee]

>You are right..it shouldn't be. Why don't we start talking about hot
>wiring cars and picking locks?

Wrong newsgroup. They talk about those things in misc.security.
--
Felix Lee fl...@cs.psu.edu

[Martin Boening]

In <2...@twg.wimsey.bc.ca> bi...@twg.wimsey.bc.ca (Bill Irwin) writes:

>In <79...@pbhyf.PacBell.COM> a...@PacBell.COM (Andy Soravilla) writes:

>>Is this something that should be bandied about on the net?? Or am I
>>being too picky?
>>Andy

>You are right..it shouldn't be. Why don't we start talking about hot
>wiring cars and picking locks?

Why shouldn't it be. Where else would you get the information (unless it says
in the manuals). Besides, why would you want to restrict the flow of commonly
known information?

As for the other: that rather belongs into rec.auto.* and has nothing to do
in this group, so there I'm being picky :-).

So long,
Martin
--
Email: in the USA -> mboeni...@nixdorf.com
outside USA -> mboeni...@nixdorf.de
Paper Mail: Martin Boening, Nixdorf Computer AG, PSD-C63
Pontanusstr. 55, 4790 Paderborn, W.-Germany (Phone: +49 5251 146155)

[Jay A. Konigsberg]

>Is this something that should be bandied about on the net?? Or am I
>being too picky?
>Andy
>
>>You are right..it shouldn't be. Why don't we start talking about hot
>>wiring cars and picking locks?
>

While there are several ways of busting root that shouldn't be public,
there _is_ one way normally available _only_ available to the System
Administrator.

Do a partial restore of the OS.

--
-------------------------------------------------------------
Jay @ SAC-UNIX, Sacramento, Ca. UUCP=...pacbell!sactoh0!jak
If something is worth doing, its worth doing correctly.

[KP KP]

In your chittard.