Root Account Broken In Linux Operating System

[Calvin K]

I have recently trying out new things in my Linux and recently I have just deleted the root line password and shadow. After that I was successful in copying the back-up of the files and then putting it back to the system. But when the login screen came and when I tried to login as root into it I was unable to login into it. And after logging as different user I cannot accesses many files from the root and it shows me the message that the root does not exist. Please tell me now what can I do in such case.

[MrChris-]

The best option for such situation is that you have to take the back-up of all the files and folders and do all the customized settings. Then you have to start the re-install all from the start again. This option will help you to get the root account back to the same functionality but at the starting you got to enter in as the root user and not any other user.

[Solomon]

It often happens that sometime by accident you may delete the shadow file. And if you boot into single user mode, the system will ask for the root password for the maintenance, and just imagine that you are not having any backup of shadow file. It all started when one of our client accidentally deleted shadow file from co-located Debian Linux server. Which resulted to all account login disabled. However, File Transfer Protocol was working fine because proftpd was build using MySQL database for authentication and quota management. This helped me out to get the Root data back.

[jesse]

The simple steps that you have to follow is as given below:
Boot Server into single user mode:

1. First Reboot server.
2. And Next, you will see grub-boot loader screen. Then in that Select the Recovery mode the version of the kernel that you wish to boot and then you got to type e for edit. And Select the line that starts with kernel and type e to edit the line.
3. Then Go to the end of the line and type init=/bin/bash as a separate one word by pressing the space bar. Press enter key to exit edit mode.

Code:

init=/bin/bash

4.Then Back at the GRUB screen, type b to boot into single user mode. This causes the system to boot the kernel and run the bin or the bash instead of its standard init. This will allow us gain root privileges and a root shell.

[SalVatore]

Then you have to continue the below given steps once the above steps are over for you
Make sure you can access system partition properly.
Then mount partitions in read write mode
Since it is currently mounted read-only and many disk partitions have not been mounted yet, and you must have to do the following to have a reasonably functioning system.

Code:

# mount -rw -o remount /

Also you don't have to forget to re-mount your rest of all your partitions in read and write (rw) mode such as /usr /var
Rebuild shadow file from passwd
You need to use pwconv command; it creates /etc/shadow from /etc/passwd and an optionally existing shadow.

Code:

# pwconv

Use passwd command to change root user password:

Code:

# passwd

And make a note that you may need to type the same password twice with the passwd command. If you have an admin account, then setup password for that account. On most production, servers direct root login is disabled. In our situation, admin was the only account allowed to use su and sudo command.

Code:

# passwd admin

After all the process is complete now root and admin accounts are ready to go in multi-user mode. You got to Reboot the system in full multi-user mode:

Code:

# sync
# reboot

[Dr. V]

After the trying of the following steps then how got to do the below type:
You got to block all non-root users until we fix all password related problems. Since rest of account do not have any password, it is necessary to prevent non-root users from logging into the system. You need to create /etc/nologin file, it will allow access only to root. Other users will be shown the contents of this file and their logins will denied.

1. Login as root user (terminal login only)
2. Create nologin file cat > nologin
3. System is down due to temporary problem. We will restore your access
4. within 30 minutes time.
5. Update all users password in batch mode.
6. Create random password for each non-root user using chpasswd utility.
7. Then it update passwords in batch mode. chpasswd reads a list of user name and password pairs from file and uses this information to update a group of existing users.

Each line is of the format:

Code:

user_name:password

Always remember by default the supplied password must be in clear-text format. This command is intended to be used in a large system environment where many accounts are created at a single time or in emergency like this.

Make sure /root/tmp.pass file contains non-root usernames only.

1)Create random password with pwgen
By default, pwgen utility is not installed so with the help of apt-get install it:

Code:

# apt-get install pwgen

The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. For example following command print the generated password:

Code:

# pwgen -1 -n 8

2)Download complete working script that updates user password in batch mode. Execute script batch-update-password.sh:

Code:

# chmod +x batch-update-password.sh
# ./batch-update-password.sh

Now update user passwords with chpasswd, by default script creates file in /root/batch.passwd file:

Code:

# chpasswd

Email new password to server admin or all end users. You can write a script to email password end users.

3)Your system is ready to accept login, just remove /etc/nologin file:

Code:

# rm /etc/nologin

There are other ways to recover /etc/shadow file, depend upon your setup and backup frequency you can use any one of the following method too:

And by default, your /etc/passwd and /etc/shadow file are backup to /var/backups under Debian Linux. You can just copy shadow.bak file after step # 1:

Code:

# cp /var/backups/shadow.bak /etc/shadow

Some time /etc/shadow- file can be use to replace /etc/shadow
If you have a backup of /etc/shadow on tape or cdrom then you can copy back /etc/shadow file after step #1.

The important step is to keep the track of the data and files.