I know they say "given root access, everyone will screw up their machine eventually", and I'm discovering how true that is. In an incident of extreme fatfingering, I've managed to wipe out my /etc/passwd file. Now, I have a current backup of it, but I want to make absolutely sure how I should restore it before doing so. Can I just create a file as root, paste the old contents in, and cp the new file over the now corrupt /etc/passwd?
OS is Ubuntu Hardy
EDIT
Erm the problem just took a turn for the much worse. I now cannot use sudo. Can someone PLEASE help me here? I assume I have to mount from a liveCD to edit my /etc/passwd back into place? Now my problem here is that I use a RAID setup. Will an ubuntu live CD autodetect this?
-
This is totally off the top of my head, but as long as you don't have this line
~~:S:wait:/sbin/suloginin your/etc/inittabfile, you can boot into single user mode without a password and re-set your root passwd.This also assumes that either you don't have a boot loader (grub) password or that if you do have one, you know it ;).
-phez
DWilliams : This sounds goot to me. Can I get some second opinions assuring me that this will work before I power the server down? If it doesn't work then things will get a lot hairier after a restart. I currently have an open SSH session to the server that I know I can't get back once it powers down.TCampbell : There may also exist a backup copy of /etc/passwd as /etc/passwd-Satanicpuppy : +1: Single user mode is your friend. You can do ANYTHING to the system in single user mode.DWilliams : My concern is whether or not I can actually get INTO single user mode without a proper /etc/passwd. Doesn't it prompt for a root password? The root account currently does not exist according to my /etc/passwd file, which contains a single lowercase "h".DWilliams : Accepting this answer as correct. I was not able to enter the root prompt from Ubuntu's recovery mode (it complained of a bad password file). I was, however, able to edit my boot option and add "init=/bin/bash" to boot directly into a bash shell, then remounted the filesystem as RW, and restored my backup passwd file. Thanks to everyone! Emergency over, I think. Every time I do something like this I tell myself I'll be more careful in the future, but it keeps happening. Maybe this time will do the trick. -
The one time I've had this happen (wasn't me! I just happened to have a shell on the machine, honest.) I managed to find a privilege escalation exploit on the net and hack into our own machine. Will likely not work in your situation since modern OS installs are much more secure, but...
DWilliams : I actually came up with a similar idea a minute ago. I have some in-house web reporting system running that I wrote myself in PHP. I thought there was a security hole in my code because a certain script would include any file passed to it via url. I tried to create a php script in my home directory with a system call to restore the passwd file but unfortunately it's less of a security hole than I thought since it works relative from the /var/www/reports directory and autoescapes special characters. I couldn't get it to run the scriptFrom Luke
0 comments:
Post a Comment