Re: passwords, shadows, and other business

To: Ritchard Shadian <rshadian@maui.com>
Cc: debian-user@lists.debian.org
Subject: Re: passwords, shadows, and other business
From: "Oliver Elphick" <olly@linda.lfix.co.uk>
Date: Thu, 06 Nov 1997 23:41:56 +0000
Message-id: <m0xTbYl-0003YyC@linda.lfix.co.uk>
In-reply-to: Message from Ritchard Shadian <rshadian@maui.com> of Thu, 06 Nov 1997 11:34:49 -1000. <Pine.SUN.3.91.971106111106.10946C-100000@waena.mrtc.org>

Ritchard Shadian wrote:
  >I was recently compelled to reinstall the base system on my machine.
  >...
  >I restored the old /etc directory and ftp-ed it back to my machine.  I
  >started searching for files that had been changed.  I manually overwrote
  >some of them with the old files (files such as inittab, init.d/rc,
  >inetd.conf, syslog.conf), yet there are others which I'm afraid to touch,
  >but need to. 
  >
  >Among the files which were replaced were the password files: passwd, 
  >passwd-, shadow, shadow-, group, and group-.  One of the detrimental 
  >effects is that root has no password, so anyone can sit down at the 
  >machine and login as root without further authentication (ain't that 
  >secure?). 

That's how it has to be for a new installation.

 I tried changing the password using the "passwd" command, but 
  >/etc/passwd remained unchanged.

If, as you indicated above, you have installed shadow passwords, it would
indeed be unchanged.  The changed file is /etc/shadow.  If _that_ was
unchanged, and you didn't hit ctrl-c or something while you were entering
the password, you do indeed have a problem.

Or perhaps you did this while you had the installation kernel running
and changed the password or shadow files on the RAM-disk??

  >
  >What I'd like to know is, might I be able to use the old working passwd 
  >and shadow files instead?  What files does Linux need to perform any 
  >password authentication, and how does it do it?  I re-added all the users 
  >that were in the passwd file before, and used the same password for each 
  >user, but obviously the encryption string was different than before.  Does 
  >anyone have an idea about how I can fix this?

I have done this before with no problems.

For safety, copy the current versions somewhere, put the old ones back
and then try logging in from another virtual terminal.  If it works, you
can delete the unwanted versions.

-- 
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight                                  http://lfix.co.uk/oliver

PGP key from public servers; key ID 32B8FAA1




--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: passwords, shadows, and other business
  - From: Ritchard Shadian <rshadian@maui.com>

References:
- passwords, shadows, and other business
  - From: Ritchard Shadian <rshadian@maui.com>

Prev by Date: RE: web question
Next by Date: /proc/interrupts - conflicts?
Previous by thread: passwords, shadows, and other business
Next by thread: Re: passwords, shadows, and other business
Index(es):
- Date
- Thread