HPE Community
Operating System - HP-UX
1834018 Members
2240 Online
110063 Solutions
New Discussion

root account disabled

 
enrico.nic
Regular Advisor

‎06-18-2003 02:28 AM

‎06-18-2003 02:28 AM

root account disabled

Hi all,
I just wanted to remember myself to change the root password at the next login. As root, I have given the 'passwd -f root' command.
The I tried to login from the console: ok, the system asks me to change the password. After giving the actual password, the system didn't let me enter refusing the following new password.
And this happened 3 times.
After that, the security policy of the system doesn't let me enter, since the root has been disabled - the error is 'see Account Administrator'.
The question is: there a way to have back a root user prompt without rebooting in single user mode ?
A supplementary problem is that the root user is the only one enabled to perform a shutdown/reboot of the machine.

Thank you

Enrico
0 Kudos
Reply
13 REPLIES 13
Ollie R
Respected Contributor

‎06-18-2003 02:31 AM

‎06-18-2003 02:31 AM

Re: root account disabled

Enrico,

As far as I know, you should be able to log into the system via the console even if the login is disabled (presuming you know the root password, obviously).

Make sure you really are at the console and give it a try.

Another remote possibility is if you can access the system via SSH. This will still allow connection even if the account is disabled.

If this fails, then I believe it's a case of booting into single-user mode and changing the password.

Good luck,

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎06-18-2003 02:33 AM

‎06-18-2003 02:33 AM

Re: root account disabled


Youre going to have to crash it and reboot in single user mode to fix, unless you know someone somewhere with a logged in root window which you can use.

I guess your new password was rejected because it didnt comply with the security standard - 6 chars, at least 1 number etc ?

Whenever you play with root passwords or setup you should always have another logged in root window somewhere so you can easily fix it if it goes wrong.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
K.Vijayaragavan.
Respected Contributor

‎06-18-2003 02:43 AM

‎06-18-2003 02:43 AM

Re: root account disabled

If all these are happening in CDE login screen, From login screen select option, fail safe sesion.
"Let us fine tune our knowledge together"
0 Kudos
Reply
Ken Penland_1
Trusted Contributor

‎06-18-2003 02:48 AM

‎06-18-2003 02:48 AM

Re: root account disabled

If you happen to have veritas installed, and you are on a trusted system (using /tcb/files/auth), you can either restore your auth file, or bpgp an auth file from another system.

'
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎06-18-2003 02:50 AM

‎06-18-2003 02:50 AM

Re: root account disabled

Hi,
if your are luck, maybe the file /etc/passwd is writable directly...

try !


HTH,
Massimo

0 Kudos
Reply
Zeev Schultz
Honored Contributor

‎06-18-2003 02:54 AM

‎06-18-2003 02:54 AM

Re: root account disabled

Don't you have /.rhost file on that system so
can login remotely without password from some "trusted" machine?I loved these backdoors once :)You leave a host (your workstation usually) and rlogin from there without a password.What else can be done...hmm...login as a regular user and run john the ripper password breaker vs your /etc/password?:)

Zeev
So computers don't think yet. At least not chess computers. - Seymour Cray
0 Kudos
Reply
enrico.nic
Regular Advisor

‎06-18-2003 07:18 AM

‎06-18-2003 07:18 AM

Re: root account disabled

A brief addendum

From the console, the system seems to let me log in as root
But I gave the original "passwd -f"
So the system asks me to change my password
I try to change it and, after giving the actual, "old" password ..

Sorry.
Login disallowed due to no password.

I've hardly crashed the machine, booted in single user mode, but the system is set up to ask for the root password even in single user mode. And here it simply doesn't (!) accept the "old", right password

I've tried to boot up from the CD, but from the recovery shell I don't know how to mount the root filesystem to change /tcb/files/auth/r/root

Thank you for your precious help

Enrico
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎06-18-2003 07:22 AM

‎06-18-2003 07:22 AM

Re: root account disabled

Hi,
to mount the root fs you should use the chroot_lvm script that is created when you use the recovery CD.

This will mount the original /


then, downloading the mount command, you should be able to mount all the stuff.

Sorry that i don't remember exactly the bame, but it appears on the video when you use the recovery CD.

HTH,
Massimo
0 Kudos
Reply
Martin Johnson
Honored Contributor

‎06-18-2003 07:26 AM

‎06-18-2003 07:26 AM

Re: root account disabled

Once you get everything back to normal, create a pseudo root account that can be used when you have problems with the root account.

A pseudo root account is a username, password, UID=0. I usually give it a separate home directory (other than "/"). The easiest way to create a pseudo root account is to create a normal user account, then edit /etc/passwd to change the UID to "0".

Over the years, the pseudo root account has saved me from rebooting dozens of times.

HTH
Marty
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎06-18-2003 07:34 AM

‎06-18-2003 07:34 AM

Re: root account disabled

Rather than creating a second root-level account, I would recommend installing sudo

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/

and setting up your account to have root priv. in /etc/sudoers.

As for now, if you are logged in as root, then you can edit /etc/passwd directly and change the encrypted password for the root account (maybe copy and paste in your account's password).


If you cannot log in as root, then try to sync the filesystems (sync command should work without root permission), power-off, and boot off of a recovery CD. You can then mount your root partition and change the /etc/passwd entry.
0 Kudos
Reply
Chris Vail
Honored Contributor

‎06-18-2003 01:19 PM

‎06-18-2003 01:19 PM

Re: root account disabled

If you can get a root-level account, you might try creating another user with 0 level permissions. Then log in as that user. You can then 'passwd root'. It shouldn't ask you for the old password.

Then, of course, delete the second 0 level user.


Chris
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎06-18-2003 01:33 PM

‎06-18-2003 01:33 PM

Re: root account disabled

What if you "crash" yourbox - boot into single user mode:

Interact with IPL?

Y

hpux -is

Then try setting the passwd...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Sandip Ghosh
Honored Contributor

‎06-18-2003 01:42 PM

‎06-18-2003 01:42 PM

Re: root account disabled

Hi Enrico,

You can try with ftp. If you are having an identical passwd file you can try with ftp-ing the file in the Server and try it out.

Sandip
Good Luck!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.