How do you normally get 'superuser' access ?

su ? if so, has root passwd changed ?

If you have created so many superusers in your system from unix point of view, then it is very simple to restore the changes.

you can do following.

1. Identify which users needs superuser access.
2. replace the UID of the person in /etc/passwd file by 0. (0 is the super user ID)
3. REplace group ID with 3

You are all set now.

-pap

hi patrik

control in /etc/passwd you must have 3 in foruth columns

if you can't write passwd because you don't have the privilege, you must boot in single user

regards

Mercy....talk about getting a response! Thanks all

Pap - I like your answer and will find someone who has a clue about UNIX to give it a try. Thanks!

Thanks buddy,

I am glad that you like my answer.
Thanks again.

-pap

Patrick, It is not recommended to make any user a default superuser except root. Typically administrators do not run as superuser unless necessary. Superuser accounts can do serious damage to a system if they are not knowledgeable and extemely careful.

Regards,
Ike

Ike -
We are aware SU account can do serious damage, but at this time we can't even stop netmon. We have a stale host file that we need to fix.

Patrick,

A final thought, the reason they may have "lost" superuser access is simply because they have it. When "regular" users have that level access & are not familiar with UNIX, bad things can happen.
Users w/little UNIX knowledge can completely erase filesystems & even ALL files on the server itself.

I would strongly suggest you find out just exactly how users were obtaining root level permissions - I suspect they were using the su - root command to become root after logging in with their own ID.
This is the preferred way to do it & users should only be allowed to do so if it's absolutely necessary.

If you set everyone's ID to 0 then they will ALWAYS be root & will be able to do bad things the ENTIRE time they are logged on.

More likely cause is the possibility that a user, while root, changed the root PW & this can be easily reset. Or another possibilty is that the passwd file has been corrupted or even erased.
These causes should be investigated before you set users' ID to 0.

And more fundamentally the reason WHY users NEED to be root in the first place should be evaluated - there are loads of alternatives than letting everyone have keys to the store.

My 2 cents,
Jeff

Thanks Jeff -
Those are all good points. If people keep responding to my issue, I might run out of points.

Patrick,

Ok now lets attack the problem.
I'm assuming the root PW is not being accepted
Check the date on the /etc/passwd file - is it very recent? This indicates that the passwd file has been changed recently & possibly when the root PW was changed.
If so inquire if any user AT THIS TIME is logged in AND the root user.
You can determine if they're root with the whoami command
If so run the passwd command on this session & set a PW - this will be the new root PW - alternative is to set it BACK to the known PW.

If the /etc/passwd file date is old, old enough that you know people had access, then display it with
more /etc/passwd
The file is a 7 field, colon delimited, file. The 2nd field is the encrypted PW field. Are there multiple chars in the 2nd field for the root user? If there's none then root currently has NO password & root can be accessed simply by entering w/o input on the PW request.
Is there an asterisk in the field. Then login has been disabled for the root user & the system will have to be taken down & brought up in single-user to set a PW for root.
If there are mult chars in the field, then root does have a PW & if it can't be determined then you'll have to do the same as if login denied.
Also check to see if the file is corrupted. i.e. "mangled", incomplete lines, strange chars, etc. There is a command, pwck, that will check the passwd file integrity - but I believe you have to be root to run it.
If the file IS corrupt OR missing AND you have a recent backup you could restore the /etc/passwd file from it to recover acccess.

HTH,
Jeff