Hi-Ho Silver - Away!

The other day I got called because someone had forgotten their root password. This happened to be on a SCO system, but it happens on Linux systems too and I have articles here on how to recover your system.

This work can get nasty - I don't know what I'm likely to be walking into: the system might be ancient, there probably aren't boot disks, there may not even be original install media available. You never know. Before I do anything, I try logging in with what they *think* the password is, and I also check to make sure the problem isn't just that there's a bad key on the key board - I've seen that too many times to count.

The next thing I do is take a look around for disks. I'm looking for boot disks, install media, whatever. Often the systems owners have no idea where any of that might be, so we'll have a fun little easter egg hunt, pulling open drawers, peeking in closets and so on. Sometimes someone will ask me why I don't just "get to it" or similar sentiments that imply that I'm just wasting time rather than actually trying to find an easy way to solve this that could save them a small pile of money. As that small pile ends up in my pocket, you'd think I'd just say "Yessirre, boss, I *was* just wasting time but now I'll get to work! Yes, sir!", but I'm more likely to tell them that if they don't leave me alone or help me look I could get all pissy and just walk out. Sometimes people forget that they called me: I didn't come knocking on their door looking for work. I think it's important to establish who's in charge right away: sometimes foolish folks think they are, but that's so very wrong..

Just half kidding there, folks. Just half.

Anyway, I looked around and wasn't too happy. No emergency boot disks, no original install media, nothing at all. But then in a box of ancient software I found a very old Microlite Edge disk and a Lone-Tar disk of the same apparent age. Did the customer know which of these he had? Of course not.

By the way, there are reviews of these products here. I highly recommend you use one of them on Unix or Linux.

I power cycled the poor box. Hated to do it, but what else can you do? When it came to "Boot:" I typed in "dir" and yep, there was the tell-tale Airbag A2 file. Note that you don't see "airbag", you see its A2 file. Airbag is Lone-tar's emergency boot recovery software; when it's configured there's an option to put it on the hard drive in addition to the normal floppies or cd's. While its purpose is bare metal recovery, it can also give you access to a root shell without a password. So.. I then typed "airbag" and happily the right entry was in /etc/default/boot and a few seconds later the Airbag menu was on the screen. I exited to a shell, mounted /dev/root on /mnt, and then edited the password fields out of /etc/shadow and /tcb/files/auth/r/root. Reboot, stop in single user mody, press enter for the password, run "passwd" and it was done.

The Airbag on the hard drive is of course a terrible security risk if someone has physical access to the machine, but physical access is a security risk anyway, right? So this saved me time and trouble.

Hi Ho Silver - Away!

1 comment

More Articles by Anthony Lawrence - Find me on Google+

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.