Reset password in single mode user doesn't work

S

sarashafek

Hi,
I'm currently logged out of my FreeBSD. I've tried resetting the password using single user mode but it didn't work.
So in single user mode I ran
Code: 
mount -u /
mount -a
fsck -y
mount -u /
mount -a
passwd (name of user)
I typed in the new password and entered exit. The machine rebooted and prompted for a login. I still couldn't get in with the new password.
Does anyone know why this happens and how I can log back in?

Thanks!
 
You don't need to boot to single user mode to change a user's password. Or don't you have access to the root password either? On the console, login as root and change the user's password there.

And just a sidenote, but you should run fsck -y before mounting anything, fsck(8) can only fix certain issues if a filesystem is unmounted or, at most, mounted read-only.
 
SirDice said:
You don't need to boot to single user mode to change a user's password. Or don't you have access to the root password either? On the console, login as root and change the user's password there.

And just a sidenote, but you should run fsck -y before mounting anything, fsck(8) can only fix certain issues if a filesystem is unmounted or, at most, mounted read-only.
Click to expand...
Hi,

resetting the root password also doesn't work.

Here's some context :
This server was set up at my company some time before I joined. It could be the case that the guy who set it up did a whole lot of work to make sure people can't easily change the password. The big problem now is we lost the root password and we don't have any users with sudo rights.

Is there any other way that I can recover this server?
 
sarashafek said:
This server was set up at my company some time before I joined. It could be the case that the guy who set it up did a whole lot of work to make sure people can't easily change the password. The big problem now is we lost the root password and we don't have any users with sudo rights.
Click to expand...
Just a long shot, might some file permissions have been changed
Code: 
curlew:/home/mike% ls -l /etc/*p*w*d*
-rw-------  1 root  wheel   4117 15 Apr 14:56 /etc/master.passwd
-rw-r--r--  1 root  wheel   3571  8 May 20:24 /etc/passwd
-rw-r--r--  1 root  wheel  40960  8 May 20:24 /etc/pwd.db
-rw-------  1 root  wheel  40960  8 May 20:24 /etc/spwd.db

Or perhaps you could edit /usr/local/etc/sudoers in single user mode to give a user sudo rights.
 
well if some custom startup script will restore /etc/*p*w*d* from some place
or if pam is set in such a way that std unix auth is ignored then changing unix password in single user wont help you much
 
sarashafek said:
Hi,

resetting the root password also doesn't work.

Here's some context :
This server was set up at my company some time before I joined. It could be the case that the guy who set it up did a whole lot of work to make sure people can't easily change the password. The big problem now is we lost the root password and we don't have any users with sudo rights.

Is there any other way that I can recover this server?
Click to expand...

That doesn't make too much sense. In single user mode FreeBSD simply enters the shell instead of init, that means no startup scripts are run that could change the password back.

You could also try this:
- single user mode
- mount / read-write
- use an editor on master.passwd directly and delete the contents of the second field for root
 
sarashafek said:
resetting the root password also doesn't work.
Click to expand...
That doesn't make very much sense. Suggestion, in addition to what rawthey and cracauer already said: Start in single user. Make a copy of /etc/passwd and master.passwd. Write down the timestamp on those two files. Then use the passwd command to change root's password. You should see that the timestamp on master.passwd changes. And if you compare the before and after versions of the file, you should see a difference in the line for root.

My suspicion is that the problem is not the password, but something else makes logins impossible. To find out what that is, it would be nice if you could tell us more details than "doesn't work". What exactly happens when you try to log in as root, or as another user? Does it say "Login incorrect", and immediately go back to a login prompt? What happens if you try to log in via ssh (assuming the system is on the network)? If you go into single-user mode and inspect the auth and system logs, what do you see?

There are zillions of reasons why logging in might be broken. They could be as simple as the login shell of these users being set to a non-existing executable: If the are set to execute /usr/local/bin/foobar_sh, but such a program doesn't exist, then they won't be able to log in. Perhaps they are using a shell that has become broken? Perhaps they have a login script (such as .cshrc or .profile) that breaks immediately? I can make login impossible by creating a .profile file that simply has the word "logout" in it.

Here is another debugging suggestion: In single user mode, create a new user. Give it a super-simple password (like password) and an easy-to-type username (like user). Make sure they have a valid home directory with correct permissions, but then make sure that home directory is empty. Give them a boring standard shell, such as /bin/sh. Make sure files such as /.cshrc and /.profile and /etc/*shrc and /etc/*login are harmless (perhaps temporarily move them). Then reboot to normal mode, and try to log in as that user. It should at least function, and give a very boring result.

EDIT: And disconnect the network while you have a user with such an insecure password, and remember to delete the user when you're done.
 
sarashafek said:
I still couldn't get in with the new password.
Click to expand...
What is the *exact message* you see when this happens? If the password is incorrect you should see "Login incorrect" when you try to login. From the single user mode you should check /var/log/messages -- an unsuccessful login would show up as "LOGIN FAILURE on ttyxx". Another thing to check is whether the filesystem containing /etc changes between single user and multi.

Another thing:
sarashafek said:
I typed in the new password and entered exit. The machine rebooted and prompted for a login.
Click to expand...
Exiting from single user mode doesn't reboot the system but goes through more setup to get to multiuser mode. If there is an actual reset, there is something wrong. And in that case your updates to the passwd database may not get written.
 
"mount -uw /" then check with the "mount -v" the root partition is correctly mounted.
Then vipw and remove the password of root & toor.
 
rawthey said:
Just a long shot, might some file permissions have been changed
Code: 
curlew:/home/mike% ls -l /etc/*p*w*d*
-rw-------  1 root  wheel   4117 15 Apr 14:56 /etc/master.passwd
-rw-r--r--  1 root  wheel   3571  8 May 20:24 /etc/passwd
-rw-r--r--  1 root  wheel  40960  8 May 20:24 /etc/pwd.db
-rw-------  1 root  wheel  40960  8 May 20:24 /etc/spwd.db

Or perhaps you could edit /usr/local/etc/sudoers in single user mode to give a user sudo rights.
Click to expand...
Update : so this worked.

I have a normal user that I could log in and I editted the usr/local/etc/sudoers file and added that user in it. So now I'm running sudo commands with that user.

Question : it took a while to be able to edit the file. The first time I typed in visudo sudoers, this came up : Shared object "libintl.so.8" not found, required by visudo. I ran fsck, mount -u / and mount -a afterwards. Then it worked. Is it supposed to be like this?
 
What's the output of "freebsd-version -kru" ?
Do you use quarterly or main branch for ports ?
You can run freebsd fetch/update upgrade for upgrading "base" & "kernel"
pkg update -f
pkg upgrade
for upgrading the "ports".
Normally libintl.so.8 is not written so normally an fsck should not change this file.
Maybe you where dropped into single user mode before fsck without mounting rw of root ?
 
sarashafek said:
Question : it took a while to be able to edit the file. The first time I typed in visudo sudoers, this came up : Shared object "libintl.so.8" not found, required by visudo. I ran fsck, mount -u / and mount -a afterwards. Then it worked. Is it supposed to be like this?
Click to expand...
Depends on how old this system is, there once was a time when /usr was on a different filesystem. Which won't be mounted in single user mode, so /usr/local/lib/ (where libintl.so.8 lives) isn't available. But then /usr/local/bin/{,vi}sudo wouldn't exist either. I suspect it's some other path that isn't mounted in single user mode. What does the system's /etc/fstab look like?
 
You must log in or register to reply here.
Back
Top