- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- /etc/passwd file deleted automatically
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2009 01:19 AM
10-15-2009 01:19 AM
my /etc/passwd file automatically deleted. Could you please help me to find out the reason for that.
Regards,
Josin.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2009 01:28 AM
10-15-2009 01:28 AM
Re: /etc/passwd file deleted automatically
Are you sure that you are not under some kind of attack? Is this server part of some secure network? Maybe someone has gained access to your system.
Anyway, you should be able to restore that file from backup if you still have access to the system.
Best regards from Romania,
Horia Chirculescu
Horia.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2009 01:37 AM
10-15-2009 01:37 AM
Re: /etc/passwd file deleted automatically
First block root direct login remotely and change root password of the server.
use ssh login and also check the root previleged users. (given sudo permissions).
Try to restore the /etc/passwd file and check the /var/adm/syslog/syslog.log file.You will get logs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2009 02:00 AM
10-15-2009 02:00 AM
Solution("Automatically" has the wrong English connotation here, perhaps "unexpectedly" is better.)
Did you run of of space in /tmp/ recently? Were you using vipw(1m)?
Has it occurred more than once?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2009 03:40 AM
10-16-2009 03:40 AM
Re: /etc/passwd file deleted automatically
Thanks for your support. I copied the passwd file from the backup, server is up and working fine.Is there any method to find out how its deleted ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2009 04:04 AM
10-16-2009 04:04 AM
Re: /etc/passwd file deleted automatically
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2009 04:15 AM
10-16-2009 04:15 AM
Re: /etc/passwd file deleted automatically
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUX-HIDS
the second alternative very simple ,I use nowadays ,a perl script somebody wrote to Watching Files for Changes but it only gets timestamp for changed file that you monitor not user or reason data:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1377980
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2009 04:28 AM
10-16-2009 04:28 AM
Re: /etc/passwd file deleted automatically
Only one user, root, numeric user id zero can delete /etc/passwd
Things to check.
root keyboard log. In root home directory .sh_history
scripts in cron schedule
crontab -l
# check the scripts.
Do you have an Ignite backup of your system?
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2009 04:50 AM
10-20-2009 04:50 AM
Re: /etc/passwd file deleted automatically
Si editas el /etc/passwd sin vipw el fichero no se bloquea por lo que si el / o el /tmp estan el 100% o lo alcanzan en ese momento , o desde otra sesion de root se edita el /etc/passwd , te puede dejar el fichero vacio.
si editas el /etc/passwd con vipw , se bloquea contra escritura hasta que se termine la primera sesion de vipw.
conclusion: The /etc/passwd file must be edited with vipw in all cases , never edit this file with vi (man vipw)
best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2009 05:02 AM
10-20-2009 05:02 AM
Re: /etc/passwd file deleted automatically
its better if u can use google language converter it would have helped.
----------
Usted tiene razón hay que tener cuidado de modificar el archivo passwd con vipw, pero la pregunta es por eso que usted necesita para editarlo.
Y si todavÃa creo que se ha eliminado accedently, usted tiene que cavar más por qué sucedió.
BR,
Kapil +
-----------
I know lil spanish :).No points for this please.