topic Re: /etc/passwd 0 bytes !!! in Operating System - HP-UX

/etc/passwd 0 bytes !!!

Tracey — Fri, 25 May 2001 11:01:42 GMT

My /etc/passwd file got wiped out. I have users who are logged on, but none with permissions for me to write the root record to the file. Permissions are readonly except for user 0, which of course isn't there. No one can log in. Anyway I can get one of the logged in users permission to change the file??

Help!

Re: /etc/passwd 0 bytes !!!

Pedro Sousa — Fri, 25 May 2001 11:13:01 GMT

Hi Tracey!
Did someone clean the file?? One way to solve it is restarting the system in single user mode.
If the file doesn't exist at all, you can allways create a new one.

sorry, but I don't know any other way to solve it.
hope this helps.

Re: /etc/passwd 0 bytes !!!

Stefan Farrelly — Fri, 25 May 2001 11:25:33 GMT

There is no legal way to write to /etc/passwd from a non-root priveleged user. As Pedro said, you will need to reboot in single user mode and recreate it/restore it.

/etc/passwd doesnt just get zeroed by itself. Someone or something did it. You should try to find out who/what. There are a couple of /etc/passwd patches out there - do you have the latest ones installed, maybe its a bug.

Is there an /etc/passwd.tmp or /etc/passwd.* file (maybe someone made a backup of it or vipw left a temp copy) - but you will still need to reboot in single user mode to fix it.

Re: /etc/passwd 0 bytes !!!

Pedro Sousa — Fri, 25 May 2001 11:28:51 GMT

Hi again.
check this one: http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x5bc253921f1ad5118fef0090279cd0f9,00.html

You'll find some other possibilities like: booting in maintenance mode (hpux -lm) or from the recovery CD.
good luck.

Re: /etc/passwd 0 bytes !!!

Thomas Schler_1 — Fri, 25 May 2001 11:42:52 GMT

Tracey:

Check permissions of /etc.

If /etc/passwd got wiped out by an user other than root, it may happened due to a writeable /etc for others than root or bin. If /etc is writeable for others you could restore passwd without booting even if passwd is writeable for no one.

After restoring /etc/passwd check permissions of /etc to be
dr-xr-xr-x 31 bin bin 6144 May 25 13:43 /etc

Re: /etc/passwd 0 bytes !!!

Volker Borowski — Fri, 25 May 2001 11:45:40 GMT

Hi Tracy,

if you have set up a remote authentication
(host.equiv or rhosts) you might be able to rlogin.

Other chance: do you have omni back installed and write access to /opt/omni/bin ?
You could put a script there, that copies you a new /etc/passwd and execute it as a pre-exec-script to a backup and execute the backup.

Do not know if this helps, but if it helps, you should change it, because it is not supposed to work :)

Volker

Re: /etc/passwd 0 bytes !!!

John Bolene — Fri, 25 May 2001 12:27:06 GMT

No, he can't even rlogin without a root entry in the first position of the passwd file.

The only option is to go single user mode and restore the file or at least add the root user and reboot. After the reboot, he can restore from another machine if that is where the backup is.

Re: /etc/passwd 0 bytes !!!

Vincenzo Restuccia — Fri, 25 May 2001 12:36:31 GMT

If you have a make_recovery:
#mt -t /dev/rmt/0mn fsr 1
#tar xv /etc/passwd

Re: /etc/passwd 0 bytes !!!

Abel Berger — Fri, 25 May 2001 13:21:15 GMT

Hi Tracey,

Check out :

Find or remender a script that run in root crontab, date and hour.
modifies this script so that it change the permissions in the /etc/passwd for 777.
In script put line as below :

chmod 777 /etc/passwd

Wait the script run and execute the alteration.
This way you will have permissions for change it and re-create it !

Then....you are inside..!!!!

I hope help you.

Regards.

Abel Berger

Re: /etc/passwd 0 bytes !!!

Tracey — Fri, 25 May 2001 14:18:37 GMT

Thanks all for your help, I knew I could do it by rebooting in single user mode, I just didn't want to if I didn't have to. I did end up rebooting, adding the root user and then getting the file from elswhere.

Why did it happen? Someone was *trying* to ftp the file from the #2 machine to the #3 machine but accidently ftp'd it to itself - which of course zeroed it out.

In order to reboot since I could not login, I did a TOC on the back. Was there a safer/easier way to do this?

Re: /etc/passwd 0 bytes !!!

Patrick Wallek — Fri, 25 May 2001 14:20:47 GMT

A TOC is one way, you could also have done a CTRL-B and done an RS, or a TOC from there.

Re: /etc/passwd 0 bytes !!!

John Bolene — Fri, 25 May 2001 17:49:29 GMT

The C110 has a power off interrupt associated with the power button, the 715 does not.

The newer machines are supposed to have this feature.

This power down interrupt feature actually is a short shutdown that kills all the processes and then turns off the power.

It will not work if a realtime process goes nuts since the interrupt never gets in.

Re: /etc/passwd 0 bytes !!!

Bruce Regittko_1 — Sat, 26 May 2001 01:53:43 GMT

Hi,

It is too late for this time but next time - :) - you can get an original copy of passwd from /usr/newconfig/etc. It won't have your users but it will have the system accounts. It will be enough keep you going until you can recover the real passwd from backup.

--Bruce

Re: /etc/passwd 0 bytes !!!

Thierry Poels_1 — Sat, 02 Jun 2001 07:59:17 GMT

Hi,
I just had the same problem 2 days ago at client's site. System acting strange & login impossible: /etc/passwd was resize to 0 bytes!
The system seemed to have hit the nfile kernel parameter :( The 'File table full' error in the syslog had the same timestamp as the empty /etc/passwd file, so I relate both problems.
I was still logged on & I have special files like /etc/passwd, /etc/groups, /etc/inetd.conf and may more copied daily to a NT, so I could copy passwd file quickly back to the Unix box.
regards,
Thierry.

Re: /etc/passwd 0 bytes !!!

Satish Y — Sun, 03 Jun 2001 16:47:56 GMT

Hi,

one interesting thing i came to know when i was searching patches, according to that, if u have a file called /tmp/manxxxxx (xxxxx -- numeric), linked to any file(in this case it may be /etc/passwd), when any process that owned by root having same id as 'xxxxx' it will wipe out all information in that file which is linked to /tmp/manxxxxx (here /etc/passwd) as it opens the file in write mode which causes the information wiped-out first.

Most appropriate way is to recover it from backup. Do u have backup of it?.

Cheers...
Satish.