root password problem

[vakou]

Hi
i am running fedora core 2 on a webserver and suddelnly it didnt recognise my root password

i try to chnage it through the webmn service but nothing happend

also when ur on the shell and try to su as another user it give me all the time incorrect password..on the other hand all users can login through shell execpt the root

i dont know if it is a pam.d problem

anyone can help me to recover my root password

thanks

[PeTzZz]

Here is a thread that helps to recover root password:
http://www.fedoraforum.org/forum/showthread.php?t=31471
(http://www.fedoraforum.org/forum/showthread.php?t=27141)

NOTE: I don't know why does that problem occur, but I am just linking the thread that helps to recover root password.

[Void Main]

Boot into single user mode (which drops you in as root without a password) and change it. To get into single user mode you will need to be at the console and reboot. When the GRUB menu comes up press "a" and add a "1" to the end of the boot line (make sure you have a space before the 1). Press <ENTER> when the root shell comes up type "passwd" and enter the password you want. Now type "exit" and it will boot into the normal runlevel with your new password.

[vakou]

well thanks for your info but i didnt forgot the root password
i know it but it didnt work
well on the up2date it works fine
but when i make su root it didnt recognise it
so thats why i think is the pam.d service problem

on the otherjand its a webserver and i am not able to see the boot menu grub or lilo

is there a way or something else that i can fix this problem

i try also to cp the bash/bin through webmin and own it as rood and chmod it
and then run it as user but it didnt give me the chance to be root

any other idea please

[Void Main]

If you haven't upgraded your kernel yet you could use the latest local root exploit of the day. I would have someone with console access try the single user mode method of setting the password first just to see if that fixes the problem. Otherwise yes, could certainly be a pam problem but it's really hard to change anything without being root. At worst you would have to boot from the rescue CD, mount the root file system and repair any problem (pam etc), otherwise you are raptus regaliter.

[vakou]

well its pamd problem but hows come suddenly to happend this ?
onm the other hand is a web server and i didnt have a cd or something like that
so is there other way that i can fix the pam problem througg webmin
i mean what is the procedure to fix the pam.d
and what is the init script that is responsiple for the pam.d auth service
and thanks for your help man

[Void Main]

Quote:

Originally Posted by vakou

well its pamd problem but hows come suddenly to happend this ?
onm the other hand is a web server and i didnt have a cd or something like that
so is there other way that i can fix the pam problem througg webmin
i mean what is the procedure to fix the pam.d
and what is the init script that is responsiple for the pam.d auth service
and thanks for your help man

Heh heh, the first step in fixing a pam problem would usually be "su -". :) The pam configuration files are under /etc/pam.d. I can't tell you why something would have changed, if it is indeed a pam problem. I don't use webmin either but I can't imagine it would just change something there without letting you know. What is the latest date on the files under /etc/pam.d? What does your /etc/pam.d/su file have in it? Mine has this (FC3):

Code:

#%PAM-1.0
auth       sufficient   /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth       required     /lib/security/$ISA/pam_wheel.so use_uid
auth       required     /lib/security/$ISA/pam_stack.so service=system-auth
account    required     /lib/security/$ISA/pam_stack.so service=system-auth
password   required     /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so close must be first session rule
session    required     /lib/security/$ISA/pam_selinux.so close
session    required     /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so open and pam_xauth must be last two session rules
session    required     /lib/security/$ISA/pam_selinux.so open multiple
session    optional     /lib/security/$ISA/pam_xauth.so

Is there anything in your /var/log/messages? Of course the default permissions will not allow you to view it without being root, see what I mean? If you can't "su" then you are hosed, unless you can get console access or exploit a vulnerability. If anyone could just use a backdoor, what would be the point?

Have you tried to ssh directly to the box as root? That would use a different mechanism than "su" and maybe your password will work.

Also, if you do an "rpm -V pam" it will tell you if something has changed in pam since pam was installed.

[vakou]

well man first to understand the days of the files didnt change and also in 19 of january i cp all the etc to another dir and have it copy and through webmin i renmae the pam to pam.dd and put the old pam but the problem stays the same...i canot login as root through the shell but my root password is the rightone cause if i try to make up2date it ask me for the root password ans it works fine
my pam -v verison is
$ rpm -V pam
.......T c /etc/pam.d/other
S.5....T c /etc/pam.d/system-auth
S.?..... /lib/security/pam_filter/upperLOWER
S.?..... /sbin/pam_timestamp_check

and on the su file i have

#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required /lib/security/$ISA/pam_wheel.so use_uid
auth required /lib/security/$ISA/pam_stack.so service=system-auth
account required /lib/security/$ISA/pam_stack.so service=system-auth
password required /lib/security/$ISA/pam_stack.so service=system-auth
session required /lib/security/$ISA/pam_stack.so service=system-auth
session optional /lib/security/$ISA/pam_selinux.so multiple
session optional /lib/security/$ISA/pam_xauth.so

so what do u think

[Void Main]

There is a utility called "system-config-rootpassword". If up2date recognized your root password, maybe this app will too and allow you to reset your password. I have just never heard of this happening before unless maybe the permissions on the "su" command itself have somehow changed (should be owned by root and "rwsr-xr-x").

[vakou]

system-config-rootpassword
system-config-rootpassword requires a currently running X server

well its a dedicated servere man

[Void Main]

Quote:

Originally Posted by vakou

system-config-rootpassword
system-config-rootpassword requires a currently running X server

well its a dedicated servere man

I run all kinds of dedicated servers. ssh provides X11 forwarding. It's just a little popup X app (although I figured it would have a text based version if you didn't have X running). "ssh -x yourserver" if you don't have X11 forwarding turned on by default.

[vakou]

well i am not running x did u have a link with the text based version cause i cant fint one
and thanks for all
on the other hand isit risky to remove pam.d

[Void Main]

Quote:

Originally Posted by vakou

well i am not running x

That's too bad.

Quote:

on the other hand isit risky to remove pam.d

If you don't mind taking a chance of never being able to log into your system again it's not.

So let me get this straight. You *do* have root access via webmin? If so why don't you just edit your /etc/sudoers file and give your username permission to run a "bash" shell as root via sudo?

[vakou]

ok man done it and thanks
for everything....

[vakou]

well is it possible an update in the future to fix that problem with the pam.d