[lug] recovering sudo w/o root

rm at fabula.de rm at fabula.de
Wed Jan 14 12:43:58 MST 2004

On Wed, Jan 14, 2004 at 12:23:09PM -0700, David Morris wrote:
> On Wed, Jan 14, 2004 at 08:13:19PM +0100, rm at fabula.de wrote:
> > On Wed, Jan 14, 2004 at 11:43:09AM -0700, Michael Belanger wrote:
> > > Humm.. Use a recovery CD, mount the root partition, edit the file to the 
> > >  correct form.
> > 
> > Or: reboot with an init parameter to the lilo prompt:
> > 
> >  lilo> linux init=/bin/bash
> Hmm, interesting trick....I'll have to remember that. for an
> alternate method:
> Get a copy of "Tom's Root-Boot Linux".  Its a 2-floppy linux
> distro you can boot to, mount the partition where the
> sudoers file exists, and change its mode to 440 (chmod 400
> sudoers).
> If memory serves, you can get it at:
> http://www.toms.net/rb/

Or get the ISO-Image version. I have it with me all the time ;-)
That thing was more than once my last resort to fix a system
(even, shudder, messed-up Windows boxes).

> Tom's Root Boot Linux also serves as a friendly reminder
> that without physical security, there is no security. :)
> One note:  I HIGHLY recommend that someone knows the root
> password to any system.  If there is a boot problem that
> requires the system to be fixed in single-user mode before
> it can boot properly, you must have the root password.

Well, the 'init=/bin/sh' trick takes care of this most of the
time since it doesn't run the normal init (which usually does
things like partition checks etc.).

Trick 2 for a webserver:

 Keep a spare mini-partition with something like Tomsrtb on
 it (or your own selection of swiss-army tools -- but don't
 forget to statically link everything. Be anal about it, you
 might not _have_ a /usr/lib ...).
 Then you can do 'LILO> linux root=/dev/hda1 init=/bin/bash'
 [where /dev/hda1 is the name of your rescue partition]
 and try to recover the mess (my personal preference: Bussybox
 on a spare partition on every disk [don't want to rely on
 a partition when the disk is broken ;-)
> > This is assuming that you actually _can_ reboot. If your server
> > is an Inteloid, try Ctr-Alt-Del ....
> You can always do a hard power cycle if you cannot safely
> shutdown the machine.  I always setup ext3 on my systems
> now so it doesn't matter, but if you haven't done this you
> can minimize the damage:
> - Have everyone log out.
> - As any user, type:  sync;sync;sync
> - Power the system off.

Don't do this to your database server. Many DBMS do't honor
sync (i.e. they keep their own file buffers). 

> The 'sync' command ensures all disk buffers are flushed and
> have been written to disk.  Chances of the hard power cycle
> doing anything nast is minimal.
> > > Otherwise, no. I don't think you can.
> > 
> > I shure hope there's no way :-/
> You could always enlist the services of a hacker. :)

'Cracker' please, 'hackers' are nice people who don't have the
slightest idea about breaking passwords (or who know that a modern
MD5 password is pretty much unbreakable from the cryptographic
point of view -- not unguessable so).

> --David
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list