root login failed on hpux (error pam.conf file)

[skugler]

I made chmod -R ugoa+=rwx * from root path for testing. after that I cannot login into desktop with root or any other user...
the password are always unknown...!
what can I do to login again to hpux ?
when I logon with telnet I get the message:

HP-UX hpserver B.11.00 U 9000/785 (ta)

System error
ERROR: Check /etc/pam.conf file permissions and ownership
-r--r--r-- 1 root sys /etc/pam.conf
Boot in single-user mode for missing /etc/pam.conf

can someone help me ?
thanks
steffen

 

[KenCunningham]

Steffen,

surely the answer is in the message - boot into single user mode and make the necessary changes. Incidentally, what was the purpose of your 'testing'? Seems a very strange requirement to me!

 

[skugler]

yes I boot already into single user mode but what can I change ? I think the problem is that I have only r for read permission. but if I want to change the file into "rwx" rights, this file was already rwx....
I want to test and change some files...but I had no permission.
I test also the samba server...but I got no permission under windows network environment to change something on the hp folder. The mask in smba.conf was not set proper i think.

steffen

 

[skugler]

the big problem is I never saw a hpux machine....and now I build up a oracle database, samba etc....and I'm very new in that business...I only want to can login again
but what must I do when connecting to single user mode ? the file is there...with cat pam.conf I can have a look...but should I change something ? if yes how can i edit the file...? in this console the vi don't work.
all user can connect to this file..is this perhaps a problem ?
the telnet session give me another feedback than when I'm logged in as lokal single-user mode...

steffen

 

[KenCunningham]

As far as I can tell, pam.conf needs 644 permissions (rw-r--r--). Have you tried setting it to these (root ownership). To edit the file, perhaps you could ftp it to your pc, make any necessary changes and then ftp it back. HTH.

 

[skugler]

cool now the error message is not any more displayed but I think another important files should be changed...e.g. usr/lib/security/lipam_unix.1...I will check this...

steffen

 

[skugler]

the problem with ftp is that I need a user and password..but I can't login because every user and password are unknown...when I login with telnet...the login appears..but when I key in "root" it say immediately "login incorrect..."
I should perhaps try to change with chmod again the files into the right access...because e.g. the file libpam_unix.1 is writable by group...when I choose the comand line login....from desktop login....

 

[KenCunningham]

I think your problem stems from your attempt to change access globally. Do you have a backup? - in my view perhaps the easiest and quickest method of recovery at your disposal.

 

[bi]

skugler, I think Ken's right. What happened is that you totally opened up access to all files from / on down (if I read your original post correctly), and there are going to be some things that are broken because of this. Some files must be at a more restricted access to run, for security reasons. And there are thousands of files invovled. You will never get all the permissions correct.

It has been my experience that you can't access a file through Samba if the Unix permissions are wide open. I'm sure there is some setting in Samba that will change this, but I don't know what it is. And that is the least of your problems now.

You say you have never seen an HPUX box. Some tips you should keep in mind:

Until you are 100% sure of your abilities in HPUX, never change the ownership of files in /usr (especially a file named something like /usr/lib/security/lipam_unix.1).

A lot of problems are caused by wrong file ownership and wrong file permissions. You are seeing the results now of wrong file permissions.

Before you do something globally, I suggest you run an ls on the scope of the files you will be running the command on. For example, from root, running ls -R * should have alerted you that you were about to change permissions on every file on the system.

And I would also recommend you always run a pwd or add your directory location to your PS1 setting (your command prompt) so you know where you are when you issue a command. I saw a very experienced HPUX admin trash a newly installed system because he did an rm -R * from /etc.

 

[skugler]

yes you have right I do this from root / to change all permissions...because I wasn't able to have access to special files...but know I don't have access to any files
I think I will update the whole system.
in that case...and if I have a hpux 11 version...can I boot the cd's from cdrom drive ? what I must do to setup a new hpux ? because I cannot connect to main menu....I think I must boot in single user mode ? the system has no cdrom now...it will be automatically mounted like hard drives ?
I only config and input hard disk. can someone give me a link like "how to setup hpux on hp pa risk" ?
thanks a lot for your help....sorry my late replay I was 3 days out of the office....
regards steffen