File: 29.html

package info (click to toggle)
lg-issue36 2-4
links: PTS
area: main
in suites: woody
size: 2,920 kB
ctags: 242
sloc: makefile: 36; sh: 4
file content (430 lines) | stat: -rw-r--r-- 15,496 bytes
parent folder | download | duplicates (2)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.1G.e">
<TITLE>The Answer Guy 36: 
Locked Out of His Mailserver
</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
	LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
	<img src="../../gx/dennis/qbubble.gif" alt="(?)" border="0" align="middle">
	<font color="#B03060">The Answer Guy</font>
	<img src="../../gx/dennis/bbubble.gif" alt="(!)" border="0" align="middle">
</A></H1> 
<BR>
<H4>By James T. Dennis,
	<a href="mailto:answerguy@ssc.com">answerguy@ssc.com</a><BR>
	Starshine Technical Services,
	<A HREF="http://www.starshine.org/">http://www.starshine.org/</A> 
</H4>
</center>

<p><hr><p>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- begin 29 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif" height="50" width="60"
	  alt="(?) " border="0">
Locked Out of His Mailserver
</H3>


<p><strong>From Henry A. Lee  on Fri, 04 Dec 1998  
</strong></p>
<!-- ::
Locked Out of His Mailserver
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<BLOCKQUOTE>

</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I am having trouble logging into my Linux mailserver, as any of my
users or as ROOT.  All passwords are incorrect.  I had to bring
all my users up on WinNT <TT>/</TT> Exchange box yesterday to get the email
rolling again.  Do you know of ANY way to hack the box?
</STRONG></P>
<P><STRONG>
I have about 15 hours of mail that I need to get off the box, and
without being able to login, I can't forward it to the new server.
</STRONG></P>
<P><STRONG>
I can't login at the server itself, can't telnet into it, but I
can FTP SOME files from it and can maybe get some files back to
it.  Looking at the PASSWD and PASSWD- files in a text editor,
seem fine.  Any suggestions would be immensely appreciated.
</STRONG></P>
<P><STRONG>
Thanks for your time,
<br>Henry
</STRONG></P>
<P><STRONG>

</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" alt="(!)"
	HEIGHT="28" WIDTH="50" BORDER="0"
	>
I don't know what's caused your inability to log
in.  It sounds like your <TT>/etc/passwd</TT> file might have been
converted to shadow format ('<tt>pwconv</tt>' or similar utility)
while your authenticating utilities and services aren't
shadow capable.  However that is only one of several
possibilities (the passwd file could be corrupt, it's
permissions could be wrong, you might have missing or
corrupt PAM modules, etc).
</BLOCKQUOTE>

<blockquote><em>
	[ I've seen corrupted shadow-passwd files prevent
	logins before; in both cases, there was the wrong 
	number of colons (:) on a line, and everyone after
	that couldn't get in.  If you managed to break the
	first line, that would prevent root getting in.
	--&nbsp;Heather&nbsp;]
</em></blockquote>

<BLOCKQUOTE>
As for fixing the problem or "hacking the box" as you
put it.  If you have physical access to the system
it is trivial to "hack into" it.  Normally this can be
done by using the [Ctrl]+[Alt]+[Del] (PC "nerve pinch"
or "three finger salute"), to reboot the system (most
Linux systems have an entry in their <TT>/etc/inittab</TT> that
looks something like:
</BLOCKQUOTE>

<BLOCKQUOTE><BLOCKQUOTE><CODE>
<BR># what to do when CTRL-ALT-DEL is pressed
<BR>ca::ctrlaltdel:/sbin/shutdown -r -t 4 now
</CODE></BLOCKQUOTE></BLOCKQUOTE>

<BLOCKQUOTE>
... which allows the 'init' process (the grandfather of
all processes) to respond to this console event.
</BLOCKQUOTE>
<BLOCKQUOTE>
Failing that you can wait for a bit while there is
minimal disk activity and reset or power cycle the
system.
</BLOCKQUOTE>
<BLOCKQUOTE>
As you reboot you wait until the LILO boot load prompt
is display and type in a command like:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
linux	init=/bin/sh
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... (assuming that you have a boot stanza named "<tt>linux</tt>"
--- hit the [Tab] key at that prompt for a list of those).
</BLOCKQUOTE>
<BLOCKQUOTE>
This passes a parameter to the kernel which forces it to
use an alternative to the '<tt>init</tt>' program (a copy of the
shell in this case).  From there you might need to mount the
<TT>/usr</TT> filesystem (assuming that the system follows
professional conventions rather than common Linux
installation defaults).  Then you can issue the
'<TT>/usr/bin/passwd</TT>' command to set a new root password.
</BLOCKQUOTE>
<BLOCKQUOTE>
If that doesn't solve the problem you can edit the passwd
file. if necessary remove everything <EM>but</EM> the entry for
root --- don't put any comments or blank lines in this file!
(Obviously you should save a copy if you're going to try
that).
</BLOCKQUOTE>
<BLOCKQUOTE>
If that still doesn't work, and if there are no clues
in your logs (look at <TT>/var/log/messages</TT> for hints), then
you have some other troubleshooting to do.
</BLOCKQUOTE>
<BLOCKQUOTE>
At that point it might be best to just call a consultant for
some voice support.  You don't provide enough information
for me to explain the next troubleshooting without writing a
whole book (and I'm already working on one).
</BLOCKQUOTE>
<BLOCKQUOTE>
I can do phone support or you can look for anyone in the
Consultants HOWTO.  (Considering that you have data on
this system that you don't want to lose, and that it sounds
like you don't have any backups, I wouldn't suggest too
much experimentation and learning curve climbing while
trying to recover from this situation).
</BLOCKQUOTE>
<BLOCKQUOTE>
If you have another Linux or Unix system anywhere else
on your network --- one with 'sendmail' properly installed
(assuming that the affected system was also running
'sendmail') it's possible to copy all of the files from
<TT>/var/spool/mqueue</TT> to some arbitrary directory on the
working system (from the ailing one, obviously).  Then
you can run a command like:
</BLOCKQUOTE>
<BLOCKQUOTE><BLOCKQUOTE><CODE>
<TT>/usr/lib/sendmail</TT> -v -q -O QueueDirectory=/tmp/q
</CODE></BLOCKQUOTE></BLOCKQUOTE>
<BLOCKQUOTE>

</BLOCKQUOTE>
<BLOCKQUOTE>
... to tell sendmail to verbosely (-v) make a
processing pass through the queue (-q) with the option
(-O) to over-ride the QueueDirectory set to some place
like <TT>/tmp/q</TT> (or where ever you ftp'd those df<EM> and qf</EM>
files to).
</BLOCKQUOTE>
<BLOCKQUOTE>
As for the user mail that's already been delivered to
"mbox" files under <TT>/var/spool/mail</TT>, you can copy those
to another system and append them to file under the
<TT>/var/spool/mail</TT> on the new system.  To avoid possible
corruption you'd want to disable the sendmail and popd
(etc) processing on the new system before trying this.
</BLOCKQUOTE>
<BLOCKQUOTE>
The easiest way to do that is to shut the system down
to single user mode after you've copied (ftp'd) all of
the mbox files (inbox folders) to the system.
</BLOCKQUOTE>
<BLOCKQUOTE>
Naturally you'll need to create user accounts that
correspond to each of these users from the old system,
and you'll need to ensure that the ownership and permissions
of each mbox file are set properly.
</BLOCKQUOTE>
<BLOCKQUOTE>
There are other ways to do this.  However they depend
on the situation and/or involve some more complicated
command lines then I'd want you to try without a thorough
understanding of how they work.
</BLOCKQUOTE>
<BLOCKQUOTE>
In the '<tt>procmail</tt>' man pages there is an example
of a script to "postprocess" an mbox.  It would be
possible to use something like that to "break apart"
each mbox file and resend it to the original recipient.
</BLOCKQUOTE>
<BLOCKQUOTE>
If your users were using MH, '<tt>elm</tt>' or '<tt>pine</tt>' (or
most any Unix/Linux mail reading package) they could
copy an mbox file to any convenient place and either
treat it as a folder ('<tt>elm -f</tt>') or "incorporate" it
into their MH folders using the '<tt>inc</tt>' command.  These
users should either know how to do that, or read the
man pages for their favorite mail user agent for details.
</BLOCKQUOTE>
<BLOCKQUOTE>
If you do hire a consultant, look for one that will
provide you with some good tutorial/mentorship on Linux
and consider having him or her help you prepare a
comprehensive "Recovery Plan and Disaster Procedures"
package.   This will be vital to your company's IS/IT
regardless of what OS or platform you choose for your
future needs.
</BLOCKQUOTE>
<BLOCKQUOTE>
My phone number can be found on my web pages:
</BLOCKQUOTE>

<BLOCKQUOTE><dl>
<dt>Starshine Technical Services
<dd><A HREF="http://www.starshine.org">http://www.starshine.org</A>
</dl></BLOCKQUOTE>

<BLOCKQUOTE>
... I normally don't advertise my consulting services
in this column, and I don't plan to do so often.  However,
there are situations where the most prudent advice
I can give is:  "Call someone to walk you through this."
</BLOCKQUOTE>
<BLOCKQUOTE>
As I say, you are encouraged to find a Linux consultant
that is local to you.  Look in the Consultant's HOWTO at:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://metalab.unc.edu/LDP/HOWTO/Consultants-HOWTO.html"
	>http://metalab.unc.edu/LDP/HOWTO/Consultants-HOWTO.html</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... You can also find a wealth of help at any Linux Users
Group (LUG) and there are a couple of "Lists of LUG's" that
I've listed in previous columns.  There's even a Users Group
HOWTO at:
</BLOCKQUOTE>
<BLOCKQUOTE> <BLOCKQUOTE> <CODE>
<A HREF="http://metalab.unc.edu/LDP/HOWTO/User-Group-HOWTO.html"
	>http://metalab.unc.edu/LDP/HOWTO/User-Group-HOWTO.html</A>
</CODE> </BLOCKQUOTE> </BLOCKQUOTE>

<BLOCKQUOTE>
... which includes links to the three biggest lists of LUG's.
</BLOCKQUOTE>
<BLOCKQUOTE>
I wish I could say: "Look for the union label" when considering
entrusting your system's integrity to a consultant or volunteer.
However, there is no widely recognized certification for
sysadmin's <EM>yet</EM>.  There isn't even a "better business bureau"
of sysadmins and/or consultants.  As a member of 
<a href="http://www.usenix.org/sage/">SAGE</a> (the
SysAdmin's Guild) I'm involved in an ongoing effort to provide
some such process.  However it's a contentious issues, and Unix
sysadmins are a contentious lot(*). I'll be continuing this work
while I'm in Boston next week at the annual LISA conference.
</BLOCKQUOTE>

<BLOCKQUOTE><ul>
<li>(Certainly your chances of getting a
competent and experienced sysadmin are
better if you find someone who went to the
effort to join SAGE, or at least has
cogent reasons for <EM>not</EM> doing so; and
they are drastically diminished if you're
talking about someone who's never heard of
<a href="http://www.usenix.org/">USENIX</a> or SAGE).
</ul></BLOCKQUOTE>
<BLOCKQUOTE>
Good luck.
</BLOCKQUOTE>

<!-- sig -->

<!-- end 29 -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/ssc.copying.html"
        >Copyright &copy;</a> 1999, James T. Dennis
<BR>Published in <I>The Linux Gazette</I> Issue 36 January 1999</H5>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<P align="center">
<table width="98%"><tr valign="center" align="center">
<td rowspan="3" colspan="6"><A HREF="../lg_answer36.html"><IMG
        SRC="../../gx/dennis/answernew.gif"
        ALT="[ Answer Guy Index ]"></A></td>
  <TD><A HREF="./a.html">a</A></TD>
  <TD><A HREF="./b.html">b</A></TD>
  <TD><A HREF="./c.html">c</A></TD>
  <TD><A HREF="./1.html">1</A></TD>
  <TD><A HREF="./2.html">2</A></TD>

  <TD><A HREF="./3.html">3</A></TD>
  <TD><A HREF="./4.html">4</A></TD>
  <TD><A HREF="./5.html">5</A></TD>
  <TD><A HREF="./6.html">6</A></TD>
  <TD><A HREF="./7.html">7</A></TD>

  <TD><A HREF="./9.html">9</A></TD>
  <TD><A HREF="./10.html">10</A></TD>
  <TD><A HREF="./11.html">11</A></TD>
  <TD><A HREF="./12.html">12</A></TD>

</tr><tr valign="center" align="center">
  <TD><A HREF="./15.html">15</A></TD>
  <TD><A HREF="./16.html">16</A></TD>
  <TD><A HREF="./18.html">18</A></TD>
  <TD><A HREF="./19.html">19</A></TD>

  <TD><A HREF="./20.html">20</A></TD>
  <TD><A HREF="./21.html">21</A></TD>
  <TD><A HREF="./22.html">22</A></TD>
  <TD><A HREF="./23.html">23</A></TD>
  <TD><A HREF="./24.html">24</A></TD>

  <TD><A HREF="./25.html">25</A></TD>
  <TD><A HREF="./26.html">26</A></TD>
  <TD><A HREF="./27.html">27</A></TD>
  <TD><A HREF="./28.html">28</A></TD>

</tr><tr valign="center" align="center">
  <TD><A HREF="./29.html">29</A></TD>
  <TD><A HREF="./31.html">31</A></TD>
  <TD><A HREF="./32.html">32</A></TD>
  <TD><A HREF="./33.html">33</A></TD>
  <TD><A HREF="./34.html">34</A></TD>

  <TD><A HREF="./35.html">35</A></TD>
  <TD><A HREF="./36.html">36</A></TD>
  <TD><A HREF="./37.html">37</A></TD>
  <TD><A HREF="./38.html">38</A></TD>
  <TD><A HREF="./39.html">39</A></TD>

  <TD><A HREF="./40.html">40</A></TD>
  <TD><A HREF="./41.html">41</A></TD>
  <TD><A HREF="./42.html">42</A></TD>
  <TD><A HREF="./44.html">44</A></TD>

</tr><tr valign="center" align="center">
  <TD><A HREF="./45.html">45</A></TD>
  <TD><A HREF="./46.html">46</A></TD>
  <TD><A HREF="./47.html">47</A></TD>
  <TD><A HREF="./48.html">48</A></TD>
  <TD><A HREF="./49.html">49</A></TD>
  <TD><A HREF="./50.html">50</A></TD>

  <TD><A HREF="./51.html">51</A></TD>
  <TD><A HREF="./52.html">52</A></TD>
  <TD><A HREF="./53.html">53</A></TD>
  <TD><A HREF="./54.html">54</A></TD>
  <TD><A HREF="./55.html">55</A></TD>

  <TD><A HREF="./56.html">56</A></TD>
  <TD><A HREF="./57.html">57</A></TD>
  <TD><A HREF="./60.html">60</A></TD>
  <TD><A HREF="./61.html">61</A></TD>
  <TD><A HREF="./62.html">62</A></TD>

  <TD><A HREF="./63.html">63</A></TD>
  <TD><A HREF="./64.html">64</A></TD>
  <TD><A HREF="./65.html">65</A></TD>
  <TD><A HREF="./66.html">66</A></TD>

</tr><tr valign="center" align="center">
  <TD><A HREF="./67.html">67</A></TD>
  <TD><A HREF="./69.html">69</A></TD>
  <TD><A HREF="./72.html">72</A></TD>
  <TD><A HREF="./76.html">76</A></TD>
  <TD><A HREF="./77.html">77</A></TD>
  <TD><A HREF="./78.html">78</A></TD>

  <TD><A HREF="./79.html">79</A></TD>
  <TD><A HREF="./80.html">80</A></TD>
  <TD><A HREF="./81.html">81</A></TD>
  <TD><A HREF="./82.html">82</A></TD>
  <TD><A HREF="./84.html">84</A></TD>

  <TD><A HREF="./85.html">85</A></TD>
  <TD><A HREF="./86.html">86</A></TD>
  <TD><A HREF="./87.html">87</A></TD>
  <TD><A HREF="./91.html">91</A></TD>
  <TD><A HREF="./94.html">94</A></TD>

  <TD><A HREF="./95.html">95</A></TD>
  <TD><A HREF="./96.html">96</A></TD>
  <TD><A HREF="./97.html">97</A></TD>
  <TD><A HREF="./98.html">98</A></TD>
</tr></table>
	</P>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<A HREF="../lg_toc36.html"
        ><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
<A HREF="../../index.html"
        ><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
<A HREF="../lg_bytes36.html"
        ><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
<A HREF="../larriera.html"
        ><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->