Problem With Root Password -- Too Much Holiday Cheer

General support questions
Post Reply
desertcat
Posts: 843
Joined: 2014/08/07 02:17:29
Location: Tucson, AZ

Problem With Root Password -- Too Much Holiday Cheer

Post by desertcat » 2017/12/17 12:00:15

Well I've gone done it now: I tried to copy a jpg file from my home directory into /usr/share/wallpapers. Copy went went, but it did not work. I discovered that the owner was /home/me, so.... I changed the ownership for /usr. Rebooted the machined and went to su and discovered NO ROOT PASSWORD. So....

I rebooted the machine and edited the grub:

1) Grub comes up --> "e"

2) Edited the line that begins linux16. Replaced the "ro" with "rw init=sysroot/bin/sh"

3)Entered "Ctrl+x"

4) Entered "chroot /sysroot"

5) Entered "passwd root" --> created my new root password

6) Entered "touch /.autorelabel"

7) Entered "exit"

8) Entered "reboot" --> which rebooted my machine

Brought up my machine thinking I had dodged a bullet. WRONG!! Typed "su", it asked for my new password, an continued to get "Authentication Failure". Reset the Root Password a couple of time, still no way to access root. A light bulb went off and I rember I changed the ownership of /usr and all its files. After a lot of hacking I discovered that the passwd files are in /etc/passwd and /etc/passwd- as well as /usr/bin/passwd. I suspected that I changed the permissions. Too check I fired up the "Trashcan Monster" which is running CentOS 7.4 and ran ls -l and compared the two machines:

/usr/bin/passwd was different on on both.

Leopard:
-rwxr-xr--x

Jaguar: (aka the Transcan Monster)
-rwsr-xr--x

Anybody know the command that will allow to change the permissions on this file that will allow me to substitute the s for the x.

I think I am on the correct path that the problem is not the password so much as it the permissions that i had somehow screwed up.

One other thing: I now have two flashing files:

extlinux.conf --> ../boot/extlinux/extlinux.conf

the other flashing file is

grub2.cfg --> ../boot/grub2/grub.cfg

Thanks for your help

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: Problem With Root Password -- Too Much Holiday Cheer

Post by pjsr2 » 2017/12/17 15:03:51

In order to correct the file permissions, you first need to become root.
Do this by booting from a DVD or USB and log in as root there. Then mount the disk partition that has the /usr tree with the bad owner ship.
On that mounted disk correct the ownership of the /usr tree.
Assuming you have mounted it under /mnt, then:

Code: Select all

chown -R root /mnt/usr
Next, you need to fix the permissions on all the file that have setuid or setgid but set.

You can do this by looking at the permissions of the files on your (live) DVD or USB and applying the same permissions on you wedged /mnt/usr:

Something like:

Code: Select all

find /usr -perm -u=s -exec chmod /mnt/{} u+s
find /usr -perm -g=s -exec chmod /mnt/{} g+s
This should fix enough for you to be able to reboot the system and login as usual.

After rebooting, you still have tom make sure that you have really everything fixed correctly. You may have installed packages that need setuid/setgid bits set that are not present on the live DVD/USB. So you still need to fix those.
The rpm command has options to verrify your installed packages. Use this to verify your installation for permission changes:

Code: Select all

rpm -V
Then to correct permissions for certain packages, use:

Code: Select all

rpm --setperms package_name
rpm --setugids package_name
Alternatively, you could also do this for all installed packages (with the risk of destroying some personalized changes on your system) with:

Code: Select all

for p in $(rpm -qa); do rpm --setperms $p; done
for p in $(rpm -qa); do rpm --setugids $p; done

desertcat
Posts: 843
Joined: 2014/08/07 02:17:29
Location: Tucson, AZ

[SOLVED] Problem With Root Password -- Too Much Holiday Cheer

Post by desertcat » 2017/12/18 07:57:31

pjsr2 wrote:In order to correct the file permissions, you first need to become root.
Do this by booting from a DVD or USB and log in as root there. Then mount the disk partition that has the /usr tree with the bad owner ship.
On that mounted disk correct the ownership of the /usr tree.
Assuming you have mounted it under /mnt, then:

Code: Select all

chown -R root /mnt/usr
Next, you need to fix the permissions on all the file that have setuid or setgid but set.

You can do this by looking at the permissions of the files on your (live) DVD or USB and applying the same permissions on you wedged /mnt/usr:

Something like:

Code: Select all

find /usr -perm -u=s -exec chmod /mnt/{} u+s
find /usr -perm -g=s -exec chmod /mnt/{} g+s
This should fix enough for you to be able to reboot the system and login as usual.

After rebooting, you still have tom make sure that you have really everything fixed correctly. You may have installed packages that need setuid/setgid bits set that are not present on the live DVD/USB. So you still need to fix those.
The rpm command has options to verrify your installed packages. Use this to verify your installation for permission changes:

Code: Select all

rpm -V
Then to correct permissions for certain packages, use:

Code: Select all

rpm --setperms package_name
rpm --setugids package_name
Alternatively, you could also do this for all installed packages (with the risk of destroying some personalized changes on your system) with:

Code: Select all

for p in $(rpm -qa); do rpm --setperms $p; done
for p in $(rpm -qa); do rpm --setugids $p; done
Thank you. Leopard is back up and running. My buddy, and a guru, came by for our "dog food run" , after which we set to following your instructions, he types fast. We ran into a small problem mounting the /mnt/partition, which required he created making a directory and moving the partition into the new directory -- I *THINK* that's what he did -- and the then running:

find /usr -perm -u=s -exec chmod /mnt/{} u+s
find /usr -perm -g=s -exec chmod /mnt/{} g+s

Quoting him it was "elegant" . You pointed us in the right direction and shaved hours of work by me if I had to do it by myself. With him it took him 15 minutes to figure out the mod. After that it ran like clockwork. I logged in and root came back. Glad I did not have to resort to Plan "B" or "C".

Again thanks for your help, it saved me hours of work. Have a Happy Holiday Season.

Post Reply