[users]Re: Linux Vs Windows in security (II)
Karl Auer
kauer at biplane.com.au
Wed Aug 29 12:32:13 UTC 2007
> "if i have remote access by ssh to a linux machine,
> can i change the root pass if i dont know it?"
>
> NO - You can't change the root password if you don't know the root
> password. You CAN however, IF you DO.
If you have sudo access to vi on the remote machine, you can
edit /etc/passwd and /etc/shadow directly. Copy the password entry from
a user whose password is known - such as yourself - into the passwd (or
shadow) entry for root. You now know root's password, and can change it
using passwd.
This only works for systems where the authentication information is
directly editable.
This is also why, on Ubuntu, the admin group should be kept very, very
small.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
More information about the ubuntu-users
mailing list