root password gone AWOL!

Hi all,

Strangely, the root password I had always used on my system decided to
suddenly make itself unavailable.

Without altering the password, I tried to su root in my terminal
only to get the message 'invalid password'.

I booted from the SuSE 7.3 CD and edited /etc/shadow deleting root's
password; after rebooting, I supplied root with a new one.

But here's the interesting thing: Now, whenever I su root, it gives me
root's prompt immediately -without asking me for its password.

Not a desirable situation.

Any ideas will be greatly appreciated; Thank you!

AeoN
--
SusE 7.3 / Bash

I know if you remove the "x" from the passwd file in the line
"root:x:0", it means you have no password and su automatically goes into
the root account without asking for a password. If you didn't supply a
shadow password, and use the shadow file for checking passwords, then su
will ask for a password but wouldn't accept anything you type.

Either the "x" from "root:x:0:..." is missing, su is broken, or PAM,
which is responsible for the shadow file, is broken. Try re-installing
su and the shadow package.

AeoN wrote:
> Hi all,
>
> Strangely, the root password I had always used on my system decided to
> suddenly make itself unavailable.
>
> Without altering the password, I tried to su root in my terminal
> only to get the message 'invalid password'.
>
> I booted from the SuSE 7.3 CD and edited /etc/shadow deleting root's
> password; after rebooting, I supplied root with a new one.
>
> But here's the interesting thing: Now, whenever I su root, it gives me
> root's prompt immediately -without asking me for its password.
>
> Not a desirable situation.
>
> Any ideas will be greatly appreciated; Thank you!
>
> AeoN

"R. K. Kishore" <(E-Mail Removed)> wrote in message
news:57xZc.291127$(E-Mail Removed)

> Either the "x" from "root:x:0:..." is missing, su is broken, or PAM,
> which is responsible for the shadow file, is broken. Try
> re-installing su and the shadow package.

That is not a viable solution to a rooted machine.

--
use hotmail for email replies

"ynotssor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "R. K. Kishore" <(E-Mail Removed)> wrote in message
> news:57xZc.291127$(E-Mail Removed)
>
> > Either the "x" from "root:x:0:..." is missing, su is broken, or PAM,
> > which is responsible for the shadow file, is broken. Try
> > re-installing su and the shadow package.
>
> That is not a viable solution to a rooted machine.
>
> --
> use hotmail for email replies

Maybe I'm entirely clueless, but if the root password went haywire, couldn't
you just simply type in the following command?

passwd root yournewpassword

"pcfixer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)

>>> Either the "x" from "root:x:0:..." is missing, su is broken, or PAM,
>>> which is responsible for the shadow file, is broken. Try
>>> re-installing su and the shadow package.
>>
>> That is not a viable solution to a rooted machine.
>
> Maybe I'm entirely clueless, but if the root password went haywire,
> couldn't you just simply type in the following command?
>
> passwd root yournewpassword

It would solve nothing if the machine were rooted.

--
use hotmail for email replies

I'm not sure what you mean by "rooted." The only way I know of to gain
hidden root access to a system is to get root access in the first place,
create a user account for yourself, and then manually edit the /etc/passwd
file to give yourself a UID and GID of 0. Then you can login as whatever
name and password you've created and it will give you a root command prompt.
I would say that if you haven't noticed any other abnormalities in the
system, then double-check the /etc/passwd file to make sure there aren't any
new or modified user accounts (especially ones with a UID and GID of 0 other
than root itself), and then do the passwd change command (passwd root) to
give yourself a new password. Unless there's another way of gaining root on
a Linux system that I don't know about, I'd say that's the best answer. I
would also consider changing the passwords on ALL the user accounts, just to
be on the safe side.

"ynotssor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "pcfixer" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)
>
> >>> Either the "x" from "root:x:0:..." is missing, su is broken, or PAM,
> >>> which is responsible for the shadow file, is broken. Try
> >>> re-installing su and the shadow package.
> >>
> >> That is not a viable solution to a rooted machine.
> >
> > Maybe I'm entirely clueless, but if the root password went haywire,
> > couldn't you just simply type in the following command?
> >
> > passwd root yournewpassword
>
> It would solve nothing if the machine were rooted.
>
> --
> use hotmail for email replies

"pcfixer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)

> I'm not sure what you mean by "rooted." The only way I know of to
> gain hidden root access to a system is to get root access in the
> first place, create a user account for yourself, and then manually
> edit the /etc/passwd file to give yourself a UID and GID of 0.

You have very much to learn then. Here're a couple good places to start your
education:

http://www.google.com/linux?q=rooted

http://groups.google.com/groups?as_q...linux.security

--
use hotmail for email replies