Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Killed root user don't know how...examine this... 2

Status
Not open for further replies.
themoe

themoe

MIS
Jul 27, 2002
20
0
0
US
I was recently placed in charge of 2 AIX servers. The one in question had an odd occurrence happen.

I wanted to remove/inactivate user accounts on a 4.3.2 F50 AIX system.

I grabbed a list of user names and cat them to a file. /home/userlist

I REMOVED the user names from my newly created file that I did not want removed. [root, daemon, myusername etc etc…]

I ran a simple script with the rmuser -p option ON THE FILE. Not in the wild. The rmuser -p command was enclosed in the script.

Shortly thereafter I was unable to su to root and I found once I arrived at work today that the root entry in /etc/passwd was gone.

Now I do have some years of Unix experience but I certainly don't know everything.
I don't really expect an answer as to why? But more to the point I'd like a How to…get root back.

My account is active as are 3 others but none of them have admin rights nor can they su…even if they could I doubt it would happen since root is gone.

I have 4.3.3 software but not 4.3.2 Should I/Could I be able to get to the systems tools via boot up? With a 4.3.3 cd? Currently it's not really an option to load the 4.3.3 software on the F50…and heh…that’s another question…does anyone thing running 4.3.3 on a circa 1999 F50 is a bad idea?
 
Sort by date Sort by votes
The -p option removes password information from the /etc/security/passwd file. Unfortunately the files are root:system with rw only for root; that being the case I know of no other way other than to boot into maintenance mode off an install CD. Another way would be if you have TSM or some other backup software and can restore the files. Running 4.3.3 on an F50 is not a problem, we run 5.1 on 2 F50 control workstations.
 
Upvote 0 Downvote
Hi,
If you don't have any way to modify the /etc/passwd and /etc/security/* files, the only way to solve this problem is to boot in maintenance mode with an AIX installation media, if possible in the same version of the problematic system. If you don't have it you can try to boot it with an Image tape, or a newer version of AIX (4.3.3). As you will only modify the files, there will probably no problem about that.
Besides, as there are some differences between AIX 4.3.3 and AIX 4.3.2 (concerning to the JFS structure) I do not recommend you to try to fsck the root file system before you mount it. That can damage seriously your system (believe me).
When you finally get in maintenance mode (not single user mode, but that option after booting in service mode "access a root volume group"), you must create entries in these files:
"/etc/passwd":
root:!:0:0::/:/bin/ksh

"/etc/security/opasswd" and "/etc/security/passwd":
root:
password =

After that you can boot and you can login with root without a password. Remember that configuration is the minimum necessary to make root log in. there are other information that you may need in future (limits, user roles, user limits, groups, etc).

I realy don't recomend you to do a maintenance thi a newer version of AIX installation media. Only consider this if you are desperate. I already had problems when I did that in an AIX 4.3.0 with an AIX 4.3.3 media. After I used fsck in some file systems , it corrupted some of then.

About running AIX 4.3.3 in F50, there's no problem. We have that, but be sure to use the latest ML and Firmware Version, that will prevent future problems.

Regards.
HTT
 
Upvote 0 Downvote
Ok fellas...

I used a 4.3.3 CD and got to Maint and re-did my root passwd entry. It was all rather painless as I restored a tar I made the day before of /etc.

I appreciate the input and I find this board to be a very useful tool =]

Now go check my ftp question..heheh
 
Upvote 0 Downvote
For future reference, become familiar with making and restoring "mksysb" tapes. (smitty mksysb)

mksysb is AIX's special system backup, it is designed to be able to recover your root volume group to the same state it was at the time the mksysb is generated.

Granted restoring a mksysb is probably overkill for your particular situation, but it's always a good idea to keep a current one.
 
Upvote 0 Downvote
Chapter 11

Correct. Though I was facing two issues with mksysb.

1. No user other than root could run it...

2. The tape backup they had were "not readable." Meaning even as root I was unable to use mksysb at the time.


Thank you all for your input...

Go see my ftp question now =]

Regards,

themoe
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

noobAIX
  • Locked
  • Question
How to extend PP on VG ( FREE PPs: 0 (0 megabytes))
Replies
1
Views
85
chgwhat
chgwhat
AnjuSingh
  • Locked
  • Question
Hello, I have a generic user whi
Replies
3
Views
59
iggsterman
iggsterman
dhirender
  • Locked
  • Question
How to calculate total disk space available in AIX
Replies
1
Views
90
johnherman
johnherman
ksun6868
  • Locked
  • Question
How to Configure Multiple Shared Ethernet Adapters (SEA)?
Replies
0
Views
111
ksun6868
ksun6868
Routerdark
  • Locked
  • Question
How to management volumns between AIX and EMC storages
Replies
2
Views
60
Routerdark
Routerdark

Part and Inventory Search

Sponsor

Back
Top