HPE Community
Operating System - HP-UX
1833758 Members
2159 Online
110063 Solutions
New Discussion

no shell - LOCKED OUT OF SYSTEM !

 
Peter Chokola
Occasional Advisor

‎07-06-2007 04:18 AM

‎07-06-2007 04:18 AM

no shell - LOCKED OUT OF SYSTEM !


I was changing roots shell in /etc/passwd and must have made a typo. Now there is no way to log into the system because I get a "no shell" message when I try to log in. Any way to recover?
0 Kudos
6 REPLIES 6
Aussan
Respected Contributor

‎07-06-2007 05:02 AM

‎07-06-2007 05:02 AM

Re: no shell - LOCKED OUT OF SYSTEM !

Hello Peter

root shell always has to be sh, it won't work with others on HP-UX

try console, if not then you'll have to boot from tape and recover, or another solution but be careful with it

remsh to the system and copy the /etc/passwd to the second system under a diffrent name

fix the issue by putting sh back to root

then cat the file back on the original system
The tongue weighs practically nothing, but so few people can hold it
0 Kudos
Bill Hassell
Honored Contributor

‎07-06-2007 05:03 AM

‎07-06-2007 05:03 AM

Re: no shell - LOCKED OUT OF SYSTEM !

For HP-UX: NEVER, EVER change root's shell. It must be /sbin/sh, the POSIX shell. Nor BASH, not csh, not ksh, not even /usr/bin/sh. /usr is not mounted in single user mode and this means standard shells are not available. /sbin contains a special set of commands including the POSIX shell (note: this is not the Bourne shell which is located in /usr/old/bin) which are compiled using archived libraries. This means that the programs can run without the assistance of shared libraries found in /usr/lib.

If you properly setup your system using sudo, just sudo to run vipw and put /sbin/sh back into /etc/passwd. If you setup your system with ssh and use public keys to login, run as root on another system and use ssh to get to your broken system. If you have setup your system to accept root logins with .rhosts, you can use rcp to copy /etc/passwd from another system.

Otherwise, depending on the version of HP-UX, you may be able to reboot the system into sungle user mode and the OS will substitute /sbin/sh temporarily so you can fix /etc/passwd. If you get down to this level, you may have to re-install your system using you Ignite backup tape.


Bill Hassell, sysadmin
0 Kudos
Peter Chokola
Occasional Advisor

‎07-06-2007 05:25 AM

‎07-06-2007 05:25 AM

Re: no shell - LOCKED OUT OF SYSTEM !


Actually it is our groups policy to always change the shell for root to ksh so that it is consistently the same. It is also changed in the .profiles as well. I was just loading a new system so no biggy; I lost a couple hours, but I already started a reinstall and it will be done soon

I did discover the problem however. The path to ksh is different than the path to sh. Lesson learned......Next time I will log into the system and test the connection before I reboot the system.
0 Kudos
Matti_Kurkela
Honored Contributor

‎07-06-2007 05:26 AM

‎07-06-2007 05:26 AM

Re: no shell - LOCKED OUT OF SYSTEM !

Congratulations. You've just discovered one of the (minor) reasons why root's shell must *always* be /sbin/sh and nothing else.

The "no shell" message might also be caused by the /etc/shells file. If your shell is not listed in there, you're not allowed to log in. If /etc/shells does not exist, the system will use a hard-coded default list of allowed shells, which is (from "man getusershell"):
/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh

Can you log in using a normal account, and then use "su" to become root? Or does someone else have a logged-in session that still works? Maybe something like "su -c vipw" might allow you to edit the password file again, even if a regular shell session as root cannot be established.

If you cannot log in at all, you might have to crash the system, then try to reboot into single-user mode. That may also fail... because the major reason root's shell must be /sbin/sh is that only that shell is able to function without any shared libraries. Most of the shared libraries are in /usr/lib, which is not accessible before the startup scripts mount the /usr filesystem... and root's shell is used to run those startup scripts. Only /sbin/sh can avoid this "Catch-22".

If all else fails, you can boot from a HP-UX installation CD and select "run a recovery shell" option. That allows you to access the system disk and fix the problem.

MK
MK
0 Kudos
Bill Hassell
Honored Contributor

‎07-06-2007 06:47 AM

‎07-06-2007 06:47 AM

Re: no shell - LOCKED OUT OF SYSTEM !

Peter wrote:

> Actually it is our groups policy to always change the shell for root to ksh so that it is consistently the same.

It will be very hard to tell the difference between the two POSIX shells (ksh and HP's sh)

> It is also changed in the .profiles as well.

Not sure where you change this in .profile but it doesn't matter as a standard .profile can be interpreted by any POSIX shell. I hope you are not changing shells in .profile though. That's why there is the chsh command.

> I did discover the problem however. The path to ksh is different than the path to sh.

Actually there is a lot more to it. /sbin/sh is the POSIX shell but stored in archived library format, suitable for single user mode. /usr/bin/sh is the exact same shell as /sbin/sh except the /usr/bin version uses shared liraries and is therefore more efficient in memory usage for multiple copies.

You'll also see another difference between Linux and other flavors of BSD Unix versus HP-UX (and Solaris, etc) which are SysV flavors of Unix. /bin is NOT a directory but a symlink. The V.4 filesystem layout defines /usr/bin as the location for user programs and /usr/lib (not /lib) for system libraries.


Bill Hassell, sysadmin
0 Kudos
Dennis Handly
Acclaimed Contributor

‎07-06-2007 05:29 PM

‎07-06-2007 05:29 PM

Re: no shell - LOCKED OUT OF SYSTEM !

>Bill: except the /usr/bin version uses shared libraries and is therefore more efficient in memory usage for multiple copies.

I would think this makes only a trivial difference. The only sharing is the fact that libc.sl (and other shlibs) text has already been loaded.

Once the /sbin/sh has been loaded, the text for that is also shared.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.