Re: Root Password
Shockley, Gerard C wrote: sudo su - gives an authorized user a root shell prompt. I wasn't talking about authorised users. Then type passwd you will be prompted for your "new" passwd. Not the old one. All set after that. Basically, that's why use of sudo has to be planned very carefully. -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
Andrej wrote: 2009/2/24 John Summerfield : Windows is a little more difficult, I need a Linux boot disk and the right program, and if it's a domain controller there's another trick after that. I can assure you that w/o a boot disk, and a second-stage password entered after login for an encrypted file-system you won't be touching any important data on any of my Linux machines. Of course, for servers that need to do their job after an unattended reboot that's not feasible. I suspect encryption isn't going to be popular amongst those who don't have a good reason to hide their stuff, and is likely to be a rule much infringed amongst those who do. Is anyone tracking accidental release of private information on laptops, CDs, USB disks and even hard disks that are lost of disposed of without proper care? I have a laptop whose internal evidence identifies its previous owner (an insurance company) and activities of its user (either an travel clerk or someone who spent _a lot_ of time planning holidays), and a desktop previously owned by an education dept. A couple of Pentium IVs previously owned by a consultancy with an intact installation of Windows XP. One individual was planning on using the CPU serial number to encrypt his data. -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
Erik N Johnson wrote: John, Does it make any difference at all whether I can easily gain control of a Windows box with physical access? Since I can VERY easily gain control of most Windows boxes over any old network they happen to be I don't think you can so easily get control of users' computers I manage:-) Most (82 % or so I read recently) problems on Windows boxes arise because users use administrator accounts for daily tasks. If you've installed Windows XP, even up to SP3, recently you will find it easy to see why they would. Very likely without passwords. I don't use Windows a lot. However, I don't use admin accounts for regular use, I take some care about where I get my software, and I don't engage in filesharing. I also don't use AV software. connected to? I contend that physical security is a MUCH simpler problem to solve than network security. How does OpenBSD stand up to a physical attack? I've never even installed OpenBSD. I've had a quick look at FreeBSD. My first try would be alternative boot media, same as works with Windows. Erik Johnson On Mon, Feb 23, 2009 at 5:37 PM, John Summerfield wrote: Ivan Warren wrote: John Summerfield wrote: This is what I would do, and why I reckon Linux security to be so feeble[1]. One does need to know the commands to mount needed filesystems. [1]Give me your disk or physical access to your computer, and not even your boot-time password's enough. Hmm.. Even boot-time controled whole disk encryption ? May depend on where the key is:-) And, I'd need time for research. Then again.. besides from the above example, it's pretty much true for any system (not only linux).. Windows is a little more difficult, I need a Linux boot disk and the right program, and if it's a domain controller there's another trick after that. Which reminds me, I still have a fight to win against OS X. -- Cheers John -- spambait 1...@coco.merseine.nu �z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
Ivan Warren wrote: Mark Post wrote: Of course the kernel did understand the init= parameter. Getting it passed to the kernel at boot time is the issue, and I'm not sure the s390-tools did it, that far back in time. That's where I'm surprised here.. Kernel parameters to the bootloader is just.. a blob ! A kernel loader may doctor the kernel parm 'blob' (in order to insert some specific understood parm).. but it shouldn't change/alter/interpret arbitrary kernel parms specified. For example, in zipl, if in my parm file, I specify "foo=bar", then "foo=bar" is passed to my kernel.. no matter what version of zipl I use.. whether my custom kernel understands the "foo" parameter is none of zipl's business ! As I understand it, earlier versions of zipl didn't allow boot-time overrides, and in its easer forms one needs to be able to change boot-time parameters to get init= in. Also, it used to be possible to boot the kernel without a boot loader. That went out in RHL about when the kernel became too big to fit on a 1.4 Mbyte floppy. -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
sudo su - gives an authorized user a root shell prompt. Then type passwd you will be prompted for your "new" passwd. Not the old one. All set after that. :// Gerard -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
2009/2/24 John Summerfield : > Windows is a little more difficult, I need a Linux boot disk and the > right program, and if it's a domain controller there's another trick > after that. I can assure you that w/o a boot disk, and a second-stage password entered after login for an encrypted file-system you won't be touching any important data on any of my Linux machines. Of course, for servers that need to do their job after an unattended reboot that's not feasible. But then that's the case for M$ machines as well... > -- > > Cheers > John Cheers, Andrej -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
John, Does it make any difference at all whether I can easily gain control of a Windows box with physical access? Since I can VERY easily gain control of most Windows boxes over any old network they happen to be connected to? I contend that physical security is a MUCH simpler problem to solve than network security. How does OpenBSD stand up to a physical attack? Erik Johnson On Mon, Feb 23, 2009 at 5:37 PM, John Summerfield wrote: > Ivan Warren wrote: >> >> John Summerfield wrote: >>> >>> This is what I would do, and why I reckon Linux security to be so >>> feeble[1]. One does need to know the commands to mount needed >>> filesystems. >>> >>> [1]Give me your disk or physical access to your computer, and not even >>> your boot-time password's enough. >>> >> Hmm.. Even boot-time controled whole disk encryption ? > > May depend on where the key is:-) And, I'd need time for research. > >> >> Then again.. besides from the above example, it's pretty much true for >> any system (not only linux).. > > Windows is a little more difficult, I need a Linux boot disk and the > right program, and if it's a domain controller there's another trick > after that. > > Which reminds me, I still have a fight to win against OS X. > > > > > -- > > Cheers > John > > -- spambait > 1...@coco.merseine.nu z1...@coco.merseine.nu > -- Advice > http://webfoot.com/advice/email.top.php > http://www.catb.org/~esr/faqs/smart-questions.html > http://support.microsoft.com/kb/555375 > > You cannot reply off-list:-) > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
Mark Post wrote: Of course the kernel did understand the init= parameter. Getting it passed to the kernel at boot time is the issue, and I'm not sure the s390-tools did it, that far back in time. That's where I'm surprised here.. Kernel parameters to the bootloader is just.. a blob ! A kernel loader may doctor the kernel parm 'blob' (in order to insert some specific understood parm).. but it shouldn't change/alter/interpret arbitrary kernel parms specified. For example, in zipl, if in my parm file, I specify "foo=bar", then "foo=bar" is passed to my kernel.. no matter what version of zipl I use.. whether my custom kernel understands the "foo" parameter is none of zipl's business ! --Ivan -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 smime.p7s Description: S/MIME Cryptographic Signature
Re: Root Password
John Summerfield wrote: Windows is a little more difficult, I need a Linux boot disk and the right program, and if it's a domain controller there's another trick after that. Which reminds me, I still have a fight to win against OS X. And then again.. It also depends whether you are trying to access the data on the offending system or trying to IPL/boot it with its original OS.. --Ivan -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 smime.p7s Description: S/MIME Cryptographic Signature
Re: Root Password
>>> On 2/23/2009 at 6:36 PM, Ivan Warren wrote: > And if the kernel shipped with SLES 7.2 doesn't understand 'init=', then i> t can't be used (regardless of the boot loader). Of course the kernel did understand the init= parameter. Getting it passed to the kernel at boot time is the issue, and I'm not sure the s390-tools did it, that far back in time. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
Ivan Warren wrote: John Summerfield wrote: This is what I would do, and why I reckon Linux security to be so feeble[1]. One does need to know the commands to mount needed filesystems. [1]Give me your disk or physical access to your computer, and not even your boot-time password's enough. Hmm.. Even boot-time controled whole disk encryption ? May depend on where the key is:-) And, I'd need time for research. Then again.. besides from the above example, it's pretty much true for any system (not only linux).. Windows is a little more difficult, I need a Linux boot disk and the right program, and if it's a domain controller there's another trick after that. Which reminds me, I still have a fight to win against OS X. -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
John Summerfield wrote: For completeness for the ignorant, whether that option is available depends on the boot loader, not on Linux. Since the choice of bootloader depends on the platform, translating Mark's reply to other platform is risky. Excusez moi ? understanding the 'init=' boot kernel parameter *IS* dependent on the kernel understanding this particular parameter and NOT the bootloader understanding what it means! The bootloader is responsible to pass the kernel parameters to the kernel... *NOT* to understand their semantics ! And the 'init=' is relevant to the kernel since it is the kernel that will spawn the 1st user mode process (aka : init).. And being able to indicate which binary executable to run (instead of the default.. which has evolved over time - but was originally - believe it or not - /etc/init !) for this user mode process *IS* the responsibility of the kernel (and not the boot loader - which only responsibility - for a linux bootloader - is to 1) load the kernel, 2) invoke the kernel 3) with indications of what the initialization parameters are) And if the kernel shipped with SLES 7.2 doesn't understand 'init=', then it can't be used (regardless of the boot loader).. Of course, it should *ALWAYS* understand 'root=' !.. So just prop in a custom made root filesystem (with it's own init - which may allow the person in control of the console to use a shell) - a kernel that knows how to mount the root filesystem of the broken system.. do whatever needs to be done then.. and you're done ! --Ivan -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 smime.p7s Description: S/MIME Cryptographic Signature
Re: Root Password
Mark Post wrote: On 2/23/2009 at 1:07 PM, Jack Woehr wrote: -snip- http://www.linuxquestions.org/questions/linux-software-2/forgot-password-suse-lin ux-10-434891/ "And there's also the (easiest) option of booting with "init=/bin/bash" which lets you become root ..." I'm pretty sure that option wasn't available that far back. For completeness for the ignorant, whether that option is available depends on the boot loader, not on Linux. Since the choice of bootloader depends on the platform, translating Mark's reply to other platform is risky. Time to evaluate the SLES 10 starter system. -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
John Summerfield wrote: This is what I would do, and why I reckon Linux security to be so feeble[1]. One does need to know the commands to mount needed filesystems. [1]Give me your disk or physical access to your computer, and not even your boot-time password's enough. Hmm.. Even boot-time controled whole disk encryption ? Then again.. besides from the above example, it's pretty much true for any system (not only linux).. --Ivan -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 smime.p7s Description: S/MIME Cryptographic Signature
Re: Root Password
Jack Woehr wrote: Kittendorf, Craig X. wrote: Hi, I just started back at a shop with SuSE 7.2 installed in an LPAR on a z10 and no experienced sysadmin. The root password was changed and no one knows what it is. We do not have VM, another Linux LPAR, or the installation materials. Is there a way to resolve this? http://www.linuxquestions.org/questions/linux-software-2/forgot-password-suse-linux-10-434891/ "And there's also the (easiest) option of booting with "init=/bin/bash" which lets you become root ..." This is what I would do, and why I reckon Linux security to be so feeble[1]. One does need to know the commands to mount needed filesystems. [1]Give me your disk or physical access to your computer, and not even your boot-time password's enough. -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
This may sound really off the wall, but what is ZZSA's opinion of zLinux DASD? Could it be used to "zap" the root password? Dave Gibney Information Technology Services Washington State University > -Original Message- > From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of > Mark Post > Sent: Monday, February 23, 2009 10:34 AM > To: LINUX-390@VM.MARIST.EDU > Subject: Re: Root Password > > >>> On 2/23/2009 at 1:07 PM, Jack Woehr wrote: > -snip- > > http://www.linuxquestions.org/questions/linux-software-2/forgot- > password-suse-lin > > ux-10-434891/ > > > > "And there's also the (easiest) option of booting with > "init=/bin/bash" > > which lets you become root ..." > > I'm pretty sure that option wasn't available that far back. > > > Mark Post > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 > or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
>>> On 2/23/2009 at 1:07 PM, Jack Woehr wrote: -snip- > http://www.linuxquestions.org/questions/linux-software-2/forgot-password-suse-lin > ux-10-434891/ > > "And there's also the (easiest) option of booting with "init=/bin/bash" > which lets you become root ..." I'm pretty sure that option wasn't available that far back. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
Kittendorf, Craig X. wrote: Hi, I just started back at a shop with SuSE 7.2 installed in an LPAR on a z10 and no experienced sysadmin. The root password was changed and no one knows what it is. We do not have VM, another Linux LPAR, or the installation materials. Is there a way to resolve this? http://www.linuxquestions.org/questions/linux-software-2/forgot-password-suse-linux-10-434891/ "And there's also the (easiest) option of booting with "init=/bin/bash" which lets you become root ..." -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
>>> On 2/23/2009 at 11:47 AM, "Kittendorf, Craig X." wrote: > Hi, > > I just started back at a shop with SuSE 7.2 installed in an LPAR on a > z10 and no experienced sysadmin. The root password was changed and no > one knows what it is. We do not have VM, another Linux LPAR, or the > installation materials. Is there a way to resolve this? Download another copy of SLES and use the installation files from there as a rescue system. Then upgrade! (I know, that probably won't fly, but sheesh! Money to spend on a z10, but not to keep the software updated?) Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Root Password
Does anyone have SUDO authority without password? On Mon, Feb 23, 2009 at 11:47 AM, Kittendorf, Craig X. < kittendorf.cr...@mail.dc.state.fl.us> wrote: > Hi, > > I just started back at a shop with SuSE 7.2 installed in an LPAR on a > z10 and no experienced sysadmin. The root password was changed and no > one knows what it is. We do not have VM, another Linux LPAR, or the > installation materials. Is there a way to resolve this? > > Thanks, > Craig > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Antwort: Re: root password
:-))) That worked fine... thanks. - Tim - Rob van der Heij <[EMAIL PROTECTED]>@VM.MARIST.EDU> on 13.05.2002 09:14:47 Bitte antworten an Linux on 390 Port <[EMAIL PROTECTED]> Gesendet von: Linux on 390 Port <[EMAIL PROTECTED]> An: [EMAIL PROTECTED] Kopie: Thema:Re: root password >somebody of my so called collegues changed the root-password, so I cannot >get into the system. Is there a possibility for me to change the >root-password or do I have to reinstall? My favorite is to IPL from the Ramdisk system again, load the dasd driver and mount the disks, chroot into that system and issue the 'passwd' command (or change /etc/inittab to make it invoke /bin/sh instead of getty) Rob
Re: root password
>somebody of my so called collegues changed the root-password, so I cannot >get into the system. Is there a possibility for me to change the >root-password or do I have to reinstall? My favorite is to IPL from the Ramdisk system again, load the dasd driver and mount the disks, chroot into that system and issue the 'passwd' command (or change /etc/inittab to make it invoke /bin/sh instead of getty) Rob
Re: root password
> Hi again, > > somebody of my so called collegues changed the root-password, so I cannot > get into the system. Is there a possibility for me to change the > root-password or do I have to reinstall? > > I am using a 2.4 kernel. Oh, there is no ftp access to the system I know how to do it on my system, but I suspect it's different on a mainframe;-() There's probably an easier way (there is for Linux on IA32). If you can access the volume from another Linux system then you can edit /etc/passwd so the root entry looks like this: root::0:0:root:/root:/bin/bash For this purpose 'another system' is anything (maybe your install system, maybe a small system you keep for repairing other systems) that gives you a shell prompt. I assume you're using openssh? Create yourself a key with ssh-keygen and add it to /root/.ssh/authorized_keys or /root/.ssh/authorized_keys2 according to the kind of key you have. Then you can get to root without a password: summer@numbat summer]$ root Last login: Mon May 13 06:23:59 2002 from localhost [root@numbat root]# cd .ssh/ [root@numbat .ssh]# ll total 16 -rw-r--r--1 root root 603 Dec 31 23:19 authorized_keys2 -rw---1 root root 668 Jan 7 09:16 id_dsa -rw-r--r--1 root root 601 Jan 7 09:16 id_dsa.pub -rw-r--r--1 root root 686 Feb 21 10:53 known_hosts2 [root@numbat .ssh]# root is a shell function I defined: root () { RH=$1; shift; [ -z "$RH" ] && RH=127.0.0.1; ssh -t -l root $RH $@; return $? } -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ Note: mail delivered to me is deemed to be intended for me, for my disposition. == If you don't like being told you're wrong, be right!