HPE Community
Operating System - HP-UX
1830102 Members
4401 Online
109998 Solutions
New Discussion

Can't change Root Password From Here

 
Michael Gretton
Frequent Advisor

‎06-12-2001 04:22 AM

‎06-12-2001 04:22 AM

Can't change Root Password From Here

Hi:

Need help! Security guys came in and messed around with our configuration and now my root password has expired. I can't change it because i get a message that I can't change root's password from here - message. I assume that I have to go to the console. When I go to the console and try to log in with just the command line (ie. no windows) it is greyed out. After further investigation, it appears that I have the maximum number of users logged into the console. What gives with that? No one is logged in. I am suppose to have an unlimited license but that is another issue. What I really need help on is how can I become root given these constraints? any work arounds? If not, I have turn off power to the machine and boot in single user. I don't want to do that! I can't shutdown the machine gracefully because I can't become root. HELP!
0 Kudos
Reply
12 REPLIES 12
Victor BERRIDGE
Honored Contributor

‎06-12-2001 04:27 AM

‎06-12-2001 04:27 AM

Re: Can't change Root Password From Here

Hi,
Not beeing on the console have you tried su - root?
Is there a file called /etc/securetty?

Regards
Victor
0 Kudos
Reply
Bill McNAMARA_1
Honored Contributor

‎06-12-2001 04:30 AM

‎06-12-2001 04:30 AM

Re: Can't change Root Password From Here

At the console, the only option you may have is to Ctrl B and RS

To get hpux back up
At BCH,
BO PRI
Interact with ISL>Y
ISL>hpux -is

kernel loads
no login prompt
#passwd root

They may have modified the passwd file incorrectly.

At your console if its a text term,
power off, power on and hold d, beep, release d
enter enter
try to login again..

Later,
bill
It works for me (tm)
0 Kudos
Reply
Vincenzo Restuccia
Honored Contributor

‎06-12-2001 04:32 AM

‎06-12-2001 04:32 AM

Re: Can't change Root Password From Here

Sorry Michael I think only single user mode.
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎06-12-2001 04:32 AM

‎06-12-2001 04:32 AM

Re: Can't change Root Password From Here

Dealing with the unknown of what these 'security' guys did....the only thing I can suggest is shut it down and interupt the boot to get the password changed.

This of course may impact folks....which considering what just happened to you..I want to do to make a point of too much of a good thing can be bad !
And I would definitely address the issue of those 'security' guys.....fact maybe I'd ask them to fix it !!

Just a thought,
Rita
0 Kudos
Reply
Michael Gretton
Frequent Advisor

‎06-12-2001 04:34 AM

‎06-12-2001 04:34 AM

Re: Can't change Root Password From Here

yes there is a securetty file and su - root doesn't work. But I can normally su to root from a telnet prompt....I just can't change root's password.

I get this when I do su - root:

Password has expired.
Setting a new password for it cannot be done from here.
$
0 Kudos
Reply
Bill McNAMARA_1
Honored Contributor

‎06-12-2001 04:36 AM

‎06-12-2001 04:36 AM

Re: Can't change Root Password From Here

You may try to hack your own system..
Search for local root exploits hp-ux on google.
You may find some C code to do the trick with buffer over/underflows... but just wall your users to end their work, and go to single user..

Later,
Bill
It works for me (tm)
0 Kudos
Reply
Thierry Poels_1
Honored Contributor

‎06-12-2001 04:40 AM

‎06-12-2001 04:40 AM

Re: Can't change Root Password From Here

hi,
maybe you could simply ask those guys what they did and how to recover. This might save you some downtime and/or some weekendwork ;)
good luck,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
0 Kudos
Reply
Michael Gretton
Frequent Advisor

‎06-12-2001 04:45 AM

‎06-12-2001 04:45 AM

Re: Can't change Root Password From Here

What they did was made it so root's password would expire. I know what they did. I really think I am going to have to turn the key...UGHHHHHHHHHHH
0 Kudos
Reply
Chris Calabrese
Valued Contributor

‎06-12-2001 04:50 AM

‎06-12-2001 04:50 AM

Re: Can't change Root Password From Here

Are you sure the 'command line login' entry isn't grayed out because this isn't actually the console? Perhaps the machine has a serial console.
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
0 Kudos
Reply
Bill McNAMARA_1
Honored Contributor

‎06-12-2001 05:12 AM

‎06-12-2001 05:12 AM

Re: Can't change Root Password From Here

I suppose they also removed any .rhosts entries?
You could try remsh servername from root at other systems...

Bill
It works for me (tm)
0 Kudos
Reply
Chris Calabrese
Valued Contributor

‎06-12-2001 12:03 PM

‎06-12-2001 12:03 PM

Re: Can't change Root Password From Here

Yeah, but did they install all the latest patches? If you already have an account on the system, it's usually not all that tough to gain root.

Check Bugtraq for recent HP-UX security issues.

:-)
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
0 Kudos
Reply
Vincent Fleming
Honored Contributor

‎06-12-2001 12:17 PM

‎06-12-2001 12:17 PM

Re: Can't change Root Password From Here

Go in to Single User mode, and remove the password aging from root's passwd. See man /etc/passwd for real details, but in a nutshell, the password aging is in the password cypher field, and includes everything to the right of a comma (,). Remove that and the comma, and you should be in good shape.

In fact, remove the entire contents, and you remove the password on root (don't forget to set it again).

Oh, ALWAYS use vipw to edit /etc/passwd.

Good luck
No matter where you go, there you are.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.