[lug] recovering sudo w/o root

David Morris lists at morris-clan.net
Wed Jan 14 12:23:09 MST 2004


On Wed, Jan 14, 2004 at 08:13:19PM +0100, rm at fabula.de wrote:
> On Wed, Jan 14, 2004 at 11:43:09AM -0700, Michael Belanger wrote:
> > Humm.. Use a recovery CD, mount the root partition, edit the file to the 
> >  correct form.
> 
> Or: reboot with an init parameter to the lilo prompt:
> 
>  lilo> linux init=/bin/bash

Hmm, interesting trick....I'll have to remember that. for an
alternate method:

Get a copy of "Tom's Root-Boot Linux".  Its a 2-floppy linux
distro you can boot to, mount the partition where the
sudoers file exists, and change its mode to 440 (chmod 400
sudoers).

If memory serves, you can get it at:
http://www.toms.net/rb/

Tom's Root Boot Linux also serves as a friendly reminder
that without physical security, there is no security. :)

One note:  I HIGHLY recommend that someone knows the root
password to any system.  If there is a boot problem that
requires the system to be fixed in single-user mode before
it can boot properly, you must have the root password.

> This is assuming that you actually _can_ reboot. If your server
> is an Inteloid, try Ctr-Alt-Del ....

You can always do a hard power cycle if you cannot safely
shutdown the machine.  I always setup ext3 on my systems
now so it doesn't matter, but if you haven't done this you
can minimize the damage:

- Have everyone log out.
- As any user, type:  sync;sync;sync
- Power the system off.

The 'sync' command ensures all disk buffers are flushed and
have been written to disk.  Chances of the hard power cycle
doing anything nast is minimal.

> > Otherwise, no. I don't think you can.
> 
> I shure hope there's no way :-/

You could always enlist the services of a hacker. :)

--David




More information about the LUG mailing list