HPE Community
Operating System - HP-UX
1848540 Members
8674 Online
104033 Solutions
New Discussion

Re: /etc/passwd 0 bytes !!!

 
SOLVED
Go to solution
Tracey
Trusted Contributor

‎05-25-2001 04:01 AM

‎05-25-2001 04:01 AM

/etc/passwd 0 bytes !!!

My /etc/passwd file got wiped out. I have users who are logged on, but none with permissions for me to write the root record to the file. Permissions are readonly except for user 0, which of course isn't there. No one can log in. Anyway I can get one of the logged in users permission to change the file??

Help!
0 Kudos
Reply
14 REPLIES 14
Pedro Sousa
Honored Contributor

‎05-25-2001 04:13 AM

‎05-25-2001 04:13 AM

Solution

Re: /etc/passwd 0 bytes !!!

Hi Tracey!
Did someone clean the file?? One way to solve it is restarting the system in single user mode.
If the file doesn't exist at all, you can allways create a new one.

sorry, but I don't know any other way to solve it.
hope this helps.
Reply
Stefan Farrelly
Honored Contributor

‎05-25-2001 04:25 AM

‎05-25-2001 04:25 AM

Re: /etc/passwd 0 bytes !!!


There is no legal way to write to /etc/passwd from a non-root priveleged user. As Pedro said, you will need to reboot in single user mode and recreate it/restore it.

/etc/passwd doesnt just get zeroed by itself. Someone or something did it. You should try to find out who/what. There are a couple of /etc/passwd patches out there - do you have the latest ones installed, maybe its a bug.

Is there an /etc/passwd.tmp or /etc/passwd.* file (maybe someone made a backup of it or vipw left a temp copy) - but you will still need to reboot in single user mode to fix it.
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
Pedro Sousa
Honored Contributor

‎05-25-2001 04:28 AM

‎05-25-2001 04:28 AM

Re: /etc/passwd 0 bytes !!!

Hi again.
check this one: http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x5bc253921f1ad5118fef0090279cd0f9,00.html

You'll find some other possibilities like: booting in maintenance mode (hpux -lm) or from the recovery CD.
good luck.
0 Kudos
Reply
Thomas Schler_1
Trusted Contributor

‎05-25-2001 04:42 AM

‎05-25-2001 04:42 AM

Re: /etc/passwd 0 bytes !!!

Tracey:

Check permissions of /etc.

If /etc/passwd got wiped out by an user other than root, it may happened due to a writeable /etc for others than root or bin. If /etc is writeable for others you could restore passwd without booting even if passwd is writeable for no one.

After restoring /etc/passwd check permissions of /etc to be
dr-xr-xr-x 31 bin bin 6144 May 25 13:43 /etc
no users -- no problems
Reply
Volker Borowski
Honored Contributor

‎05-25-2001 04:45 AM

‎05-25-2001 04:45 AM

Re: /etc/passwd 0 bytes !!!

Hi Tracy,

if you have set up a remote authentication
(host.equiv or rhosts) you might be able to rlogin.

Other chance: do you have omni back installed and write access to /opt/omni/bin ?
You could put a script there, that copies you a new /etc/passwd and execute it as a pre-exec-script to a backup and execute the backup.

Do not know if this helps, but if it helps, you should change it, because it is not supposed to work :)

Volker
Reply
John Bolene
Honored Contributor

‎05-25-2001 05:27 AM

‎05-25-2001 05:27 AM

Re: /etc/passwd 0 bytes !!!

No, he can't even rlogin without a root entry in the first position of the passwd file.

The only option is to go single user mode and restore the file or at least add the root user and reboot. After the reboot, he can restore from another machine if that is where the backup is.
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
Reply
Vincenzo Restuccia
Honored Contributor

‎05-25-2001 05:36 AM

‎05-25-2001 05:36 AM

Re: /etc/passwd 0 bytes !!!

If you have a make_recovery:
#mt -t /dev/rmt/0mn fsr 1
#tar xv /etc/passwd
Reply
Abel Berger
Regular Advisor

‎05-25-2001 06:21 AM

‎05-25-2001 06:21 AM

Re: /etc/passwd 0 bytes !!!

Hi Tracey,

Check out :

Find or remender a script that run in root crontab, date and hour.
modifies this script so that it change the permissions in the /etc/passwd for 777.
In script put line as below :

chmod 777 /etc/passwd

Wait the script run and execute the alteration.
This way you will have permissions for change it and re-create it !

Then....you are inside..!!!!

I hope help you.

Regards.

Abel Berger
Reply
Tracey
Trusted Contributor

‎05-25-2001 07:18 AM

‎05-25-2001 07:18 AM

Re: /etc/passwd 0 bytes !!!

Thanks all for your help, I knew I could do it by rebooting in single user mode, I just didn't want to if I didn't have to. I did end up rebooting, adding the root user and then getting the file from elswhere.

Why did it happen? Someone was *trying* to ftp the file from the #2 machine to the #3 machine but accidently ftp'd it to itself - which of course zeroed it out.

In order to reboot since I could not login, I did a TOC on the back. Was there a safer/easier way to do this?
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎05-25-2001 07:20 AM

‎05-25-2001 07:20 AM

Re: /etc/passwd 0 bytes !!!

A TOC is one way, you could also have done a CTRL-B and done an RS, or a TOC from there.
Reply
John Bolene
Honored Contributor

‎05-25-2001 10:49 AM

‎05-25-2001 10:49 AM

Re: /etc/passwd 0 bytes !!!

The C110 has a power off interrupt associated with the power button, the 715 does not.

The newer machines are supposed to have this feature.

This power down interrupt feature actually is a short shutdown that kills all the processes and then turns off the power.

It will not work if a realtime process goes nuts since the interrupt never gets in.
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
Reply
Bruce Regittko_1
Esteemed Contributor

‎05-25-2001 06:53 PM

‎05-25-2001 06:53 PM

Re: /etc/passwd 0 bytes !!!

Hi,

It is too late for this time but next time - :) - you can get an original copy of passwd from /usr/newconfig/etc. It won't have your users but it will have the system accounts. It will be enough keep you going until you can recover the real passwd from backup.

--Bruce
www.stratech.com/training
Reply
Thierry Poels_1
Honored Contributor

‎06-02-2001 12:59 AM

‎06-02-2001 12:59 AM

Re: /etc/passwd 0 bytes !!!

Hi,
I just had the same problem 2 days ago at client's site. System acting strange & login impossible: /etc/passwd was resize to 0 bytes!
The system seemed to have hit the nfile kernel parameter :( The 'File table full' error in the syslog had the same timestamp as the empty /etc/passwd file, so I relate both problems.
I was still logged on & I have special files like /etc/passwd, /etc/groups, /etc/inetd.conf and may more copied daily to a NT, so I could copy passwd file quickly back to the Unix box.
regards,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Reply
Satish Y
Trusted Contributor

‎06-03-2001 09:47 AM

‎06-03-2001 09:47 AM

Re: /etc/passwd 0 bytes !!!

Hi,

one interesting thing i came to know when i was searching patches, according to that, if u have a file called /tmp/manxxxxx (xxxxx -- numeric), linked to any file(in this case it may be /etc/passwd), when any process that owned by root having same id as 'xxxxx' it will wipe out all information in that file which is linked to /tmp/manxxxxx (here /etc/passwd) as it opens the file in write mode which causes the information wiped-out first.

Most appropriate way is to recover it from backup. Do u have backup of it?.

Cheers...
Satish.
Difference between good and the best is only a little effort
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.