Would it be the wrong time to suggest that, once you have the system installed, up and running, nobody should ever log in as root, except in dire or unavoidable circumstances.
Once you have the system, give your system administration group sudo all privs. Then just don't log into root at all. This gives you accountability for what is being done to your system; You can't tell who logged in as root (ok, you can tell what IP address they were from, but that person can say "Hey! Somebody else used my jack..."), but you can tell who is using sudo. Dire circumstances? Like when you need to log into a semi-brain dead system from the console. Or your normal authorization system (like LDAP) has given up the ghost. Unavoidable circumstances? Like when you need to install a product and it checks that you logged in as root; not that you are root now, but that you actually logged in to the root account. If you're the vendor, then shame on you! It shouldn't matter how I got to be root, and you shouldn't care either, just to install your program. In any case, don't log into root, and you avoid this type of problem. At best, someone will lock themselves out, which might actually be a good thing, given some people. And if you change root's password and forget, you have several semi-root people to call upon to easily fix your mistake. Of course, that doesn't mean that you don't need to change root's password from time to time; you still need to maintain the security and integrity of your system.... -- Robert P. Nix Mayo Foundation .~. RO-OE-5-55 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ ----- ^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." On 4/14/08 10:42 AM, "David K. Kelly" <[EMAIL PROTECTED]> wrote: > Miguel, > > For things like this VM is the Bomb! Just make the root drive from the > locked server > available for a different Lunix guest, (making sure the one with the > locked out root > account is down) and boot the 2nd guest. Then mount the new disk as /mnt > and cd /mnt/etc > Then edit the /mnt/etc/shadow file and remove the password from the root > account. > Then undo all the previous steps and boot. Fixed. (this is kind of a > quick and > dirty explanation, I can do better if you'd like) > > David K. > > > > > > Marcy Cortes > <[EMAIL PROTECTED] > ellsfargo.com> To > Sent by: Linux on LINUX-390@VM.MARIST.EDU > 390 Port cc > <[EMAIL PROTECTED] > IST.EDU> Subject > Re: recover root password > > 04/14/2008 11:30 > AM > > > Please respond to > Linux on 390 Port > <[EMAIL PROTECTED] > IST.EDU> > > > > > > > > Does anyone have full sudo? > Then you could just > sudo su - > passwd > > And change it. > > Marcy Cortes > > "This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the > addressee, you must not use, copy, disclose, or take any action based on > this message or any information herein. If you have received this > message in error, please advise the sender immediately by reply e-mail > and delete this message. Thank you for your cooperation." > > > -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of > Miguel Roman > Sent: Monday, April 14, 2008 8:03 AM > To: LINUX-390@VM.MARIST.EDU > Subject: [LINUX-390] recover root password > > Hello, > > We are running Suse Linux 9.3 (64 bit) under z/VM 5.1. One of the > administrators changed the root password and forgot the password. Does > anyone know how to recover the root password? Thanks. > > Miguel A Roman. > > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, send > email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
