On Monday 03 June 2002 10:18 am, [EMAIL PROTECTED] wrote: > On Mon, 3 Jun 2002, Praedor Tempus wrote: > > Well? Pray-tell, how does one go about appending a new user to Passwd > > with UID 0? Altering Passwd should itself require root priviledges - I > > cannot even get in to single user mode to do damage without my root > > passwd. I haven't had to do it for a long time, but I believe this is > > also true when booting up with a CD and doing "rescue". > > > > Nonetheless, I would love to know how one could do as you describe. Fill > > us in please. > > You don't need root access to be able to mount a filesystem with r/w > privs. With a rescue disk the hard drive can be mounted with: > mkdir /hd2 > mount /dev/hda2 /dev/hd2 > > At this point you could cd to /hd2/etc then edit the passwd file > directly.
Yeah, ok, but what about the actual password? I just took a look at my /etc/passwd file and naturally saw nothing. The passwords are stored in my /etc/shadow file, which is encrypted. You may be able to simply append someone to /etc/passwd but what about giving that someone a password? It wouldn't be trivial to create a password to be appended to the shadow file. I believe you'd need to know the random seed, etc, to create the appropriate encrypted version of the desired password for this new UID 0 user. praedor
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
