UNIX Hints & Hacks		ContentsIndex
Chapter 5: Account Management		Previous ChapterNext Chapter
Sections in this Chapter:     5.1 User Account Names   5.5 GECOS Field   5.9 User Account Startup Files   5.13 Finding My Display 5.2 Passwords   5.6 Home Directories   5.10 Using Aliases   5.14 Copy Files to Multiple Home Directories 5.3 UID   5.7 Shells and the Password File   5.11 MS-DOS Users   5.15 Kill an Account 5.4 Group IDs and /etc/group   5.8 Configuring an Account   5.12 Changing Shells   5.16 Nulling the Root Password Without vi		Previous SectionNext Section

5.16 Nulling the Root Password Without vi

5.16.1 Description:

This is a way to clear the root password when you don't have access to the vi editor.

Example

Flavors: AT&T, BSD

If no one has access to the root password on a system and it is a matter of urgency to get into that system, you can boot miniroot and clear the password out of the root account. This can be done even when the vi editor is inaccessible. To do this on a system using the /etc/shadow file, use the ed editor with 13 dots and your problems are solved:

# cp /etc/shadow /etc/shadow.bak

# ed /etc/shadow
1p
s/:.............:/::/
1p
w
q

Line 1: While in the ed editor, go to the first line of the file.

Line 2: Switch the first occurrence of a field that has 13 characters with nothing. This is the password field.

Line 3: Write out the file.

Line 4: Quit.

You're finished! You swapped out the 13 characters of root's password field with nothing and cleared the password. You can now bring the system to single user and change the root password. The same basic commands can be used on the /etc/passwd file for those platforms that don't support shadow passwords. The result is the same.

Reason

As professional UNIX system administrators, you never forget passwords. You can use this hack in situations such as when you inherit a machine on which there was no root password provided when you received the system, and nothing seems to let you in.

Real World Experience

In large installations, inheriting old systems is all too common. I remember one instance when we received a system that was running an obsolete version of the operating system. Management wanted the data checked before it was junked. We needed to have a CD-ROM shipped from the East Coast and had our local sales rep hunt one down. Two weeks later we were finally ready to boot miniroot. As we booted miniroot, the owner of the system walked in and asked whether I wanted the root password. After everything I'd gone through, I politely rejected her offer. I'd put so much time into this that I wasn't going to take the easy way out now. Needless to say, I didn't need the password from her, I gained access, and found that there wasn't anything on the disks anyway. All in a day's work, right?

Other Resources

Man pages:

ed

UNIX Hints & Hacks		ContentsIndex
Chapter 5: Account Management		Previous ChapterNext Chapter
Sections in this Chapter:     5.1 User Account Names   5.5 GECOS Field   5.9 User Account Startup Files   5.13 Finding My Display 5.2 Passwords   5.6 Home Directories   5.10 Using Aliases   5.14 Copy Files to Multiple Home Directories 5.3 UID   5.7 Shells and the Password File   5.11 MS-DOS Users   5.15 Kill an Account 5.4 Group IDs and /etc/group   5.8 Configuring an Account   5.12 Changing Shells   5.16 Nulling the Root Password Without vi		Previous SectionNext Section

© Copyright Macmillan USA. All rights reserved.