[lug] recovering sudo w/o root
rm at fabula.de
rm at fabula.de
Wed Jan 14 12:43:58 MST 2004
On Wed, Jan 14, 2004 at 12:23:09PM -0700, David Morris wrote:
> On Wed, Jan 14, 2004 at 08:13:19PM +0100, rm at fabula.de wrote:
> > On Wed, Jan 14, 2004 at 11:43:09AM -0700, Michael Belanger wrote:
> > > Humm.. Use a recovery CD, mount the root partition, edit the file to the
> > > correct form.
> > Or: reboot with an init parameter to the lilo prompt:
> > lilo> linux init=/bin/bash
> Hmm, interesting trick....I'll have to remember that. for an
> alternate method:
> Get a copy of "Tom's Root-Boot Linux". Its a 2-floppy linux
> distro you can boot to, mount the partition where the
> sudoers file exists, and change its mode to 440 (chmod 400
> If memory serves, you can get it at:
Or get the ISO-Image version. I have it with me all the time ;-)
That thing was more than once my last resort to fix a system
(even, shudder, messed-up Windows boxes).
> Tom's Root Boot Linux also serves as a friendly reminder
> that without physical security, there is no security. :)
> One note: I HIGHLY recommend that someone knows the root
> password to any system. If there is a boot problem that
> requires the system to be fixed in single-user mode before
> it can boot properly, you must have the root password.
Well, the 'init=/bin/sh' trick takes care of this most of the
time since it doesn't run the normal init (which usually does
things like partition checks etc.).
Trick 2 for a webserver:
Keep a spare mini-partition with something like Tomsrtb on
it (or your own selection of swiss-army tools -- but don't
forget to statically link everything. Be anal about it, you
might not _have_ a /usr/lib ...).
Then you can do 'LILO> linux root=/dev/hda1 init=/bin/bash'
[where /dev/hda1 is the name of your rescue partition]
and try to recover the mess (my personal preference: Bussybox
on a spare partition on every disk [don't want to rely on
a partition when the disk is broken ;-)
> > This is assuming that you actually _can_ reboot. If your server
> > is an Inteloid, try Ctr-Alt-Del ....
> You can always do a hard power cycle if you cannot safely
> shutdown the machine. I always setup ext3 on my systems
> now so it doesn't matter, but if you haven't done this you
> can minimize the damage:
> - Have everyone log out.
> - As any user, type: sync;sync;sync
> - Power the system off.
Don't do this to your database server. Many DBMS do't honor
sync (i.e. they keep their own file buffers).
> The 'sync' command ensures all disk buffers are flushed and
> have been written to disk. Chances of the hard power cycle
> doing anything nast is minimal.
> > > Otherwise, no. I don't think you can.
> > I shure hope there's no way :-/
> You could always enlist the services of a hacker. :)
'Cracker' please, 'hackers' are nice people who don't have the
slightest idea about breaking passwords (or who know that a modern
MD5 password is pretty much unbreakable from the cryptographic
point of view -- not unguessable so).
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG