After the trying of the following steps then how got to do the below type:
You got to block all non-root users until we fix all password related problems. Since rest of account do not have any password, it is necessary to prevent non-root users from logging into the system. You need to create /etc/nologin file, it will allow access only to root. Other users will be shown the contents of this file and their logins will denied.
- Login as root user (terminal login only)
- Create nologin file cat > nologin
- System is down due to temporary problem. We will restore your access
- within 30 minutes time.
- Update all users password in batch mode.
- Create random password for each non-root user using chpasswd utility.
- Then it update passwords in batch mode. chpasswd reads a list of user name and password pairs from file and uses this information to update a group of existing users.
Each line is of the format:
Always remember by default the supplied password must be in clear-text format. This command is intended to be used in a large system environment where many accounts are created at a single time or in emergency like this.
Make sure /root/tmp.pass file contains non-root usernames only.
1)Create random password with pwgen
By default, pwgen utility is not installed so with the help of apt-get install it:
Code:
# apt-get install pwgen
The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. For example following command print the generated password:
2)Download complete working script that updates user password in batch mode. Execute script batch-update-password.sh:
Code:
# chmod +x batch-update-password.sh
# ./batch-update-password.sh
Now update user passwords with chpasswd, by default script creates file in /root/batch.passwd file:
Email new password to server admin or all end users. You can write a script to email password end users.
3)Your system is ready to accept login, just remove /etc/nologin file:
There are other ways to recover /etc/shadow file, depend upon your setup and backup frequency you can use any one of the following method too:
And by default, your /etc/passwd and /etc/shadow file are backup to /var/backups under Debian Linux. You can just copy shadow.bak file after step # 1:
Code:
# cp /var/backups/shadow.bak /etc/shadow
Some time /etc/shadow- file can be use to replace /etc/shadow
If you have a backup of /etc/shadow on tape or cdrom then you can copy back /etc/shadow file after step #1.
The important step is to keep the track of the data and files.
Bookmarks