|
|
|
|
|
|
| Author |
Message |
NoSpamIsAccepted
*nix forums beginner
Joined: 01 Mar 2005
Posts: 30
|
 Posted: Mon Feb 14, 2005 7:43 pm Post subject:
confused:root
|
|
|
Hi,
I think I am lost how to interprete "root".
Suppose on my PC I have 2 partitions, not counting swap partition
and I have Redhat installed on partition 1, in creating the file
system, I set up the password of "root" for the file system on the
partition 1. I also create the file system on partition 2 by "mk2fs
/dev/hda2" and mount it to "/mnt/part2".
Now I build a linux manually on partition 2, I do this step-by-step
under some tutorial, "Build minimal Linux from scratch", and from here
I mount partition 1 to /mnt/part1. Notice that this time I am not asked
to set up any password for root.
Now in LILO I have a selection to boot 2 Linux systems:part1 or
part2. If I select part1, "/" is actually pointing to partition 1 and
if I select part2, "/" is actually pointing to partition 2.
Then I wonder why I am not asked the password for root of partition
2? Since root actually changes with the boot option, the root password
should change also, right?
Thanks. |
|
| Back to top |
|
 |
Lew Pitcher
*nix forums Guru
Joined: 21 Feb 2005
Posts: 675
|
| Posted: Mon Feb 14, 2005 8:03 pm Post subject:
Re: confused:root
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NoSpamIsAccepted wrote:
| Quote: | Hi,
I think I am lost how to interprete "root".
Suppose on my PC I have 2 partitions, not counting swap partition
and I have Redhat installed on partition 1, in creating the file
system, I set up the password of "root" for the file system on the
partition 1. I also create the file system on partition 2 by "mk2fs
/dev/hda2" and mount it to "/mnt/part2".
Now I build a linux manually on partition 2, I do this step-by-step
under some tutorial, "Build minimal Linux from scratch", and from here
I mount partition 1 to /mnt/part1. Notice that this time I am not asked
to set up any password for root.
Now in LILO I have a selection to boot 2 Linux systems:part1 or
part2. If I select part1, "/" is actually pointing to partition 1 and
if I select part2, "/" is actually pointing to partition 2.
Then I wonder why I am not asked the password for root of partition
2? Since root actually changes with the boot option, the root password
should change also, right?
|
True. But, as you pointed out, when you built the Linux installation on
partition 2, you did not give root a password. There is a file, located in /etc,
that contains the password for each user, including root. Since you have two
Linux installations, you have two password files, one in the /etc on partition
1, and one in the /etc on partition 2.
When you boot into the Linux installation on partition 1, you use the password
file from /etc on partition 1. This password file has a password for 'root', so
root is asked for a password when he logs in.
However, when you boot into the Linux installation on partition 2, you use the
password file from /etc on partition *2*. This password file has no password for
'root', so root is /not/ asked for a password when he logs in.
So, you have a choice. You can synchronize the passwords in the two linux
installations, or you can leave them independant. If you leave them independant
of each other, then you probably should set a 'root' password for the Linux
installation on partition 2. Boot into that Linux, and (as root) enter the
passwd
command. Follow the prompts, and you'll have set roots password on that Linux
installation.
- --
Lew Pitcher
IT Specialist, Enterprise Data Systems,
Enterprise Technology Solutions, TD Bank Financial Group
(Opinions expressed are my own, not my employers')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
iD8DBQFCERIoagVFX4UWr64RAtc3AKCP1mjXJGwdjEbrKyqj+qBYy+34IACgqkDD
dDw6Dgcijq94JKSOihv1kh0=
=1cA8
-----END PGP SIGNATURE----- |
|
| Back to top |
|
|
Michael Heiming
*nix forums Guru
Joined: 19 Feb 2005
Posts: 1423
|
| Posted: Mon Feb 14, 2005 8:06 pm Post subject:
Re: confused:root
|
|
|
In comp.os.linux.setup NoSpamIsAccepted <clinton__bill@hotmail.com>:
[..]
| Quote: | Now I build a linux manually on partition 2, I do this step-by-step
under some tutorial, "Build minimal Linux from scratch", and from here
I mount partition 1 to /mnt/part1. Notice that this time I am not asked
to set up any password for root.
Now in LILO I have a selection to boot 2 Linux systems:part1 or
part2. If I select part1, "/" is actually pointing to partition 1 and
if I select part2, "/" is actually pointing to partition 2.
Then I wonder why I am not asked the password for root of partition
2? Since root actually changes with the boot option, the root password
should change also, right?
|
If you didn't set any, there's no or/and the minimal system
directly drops you into a root shell after booting without
requiring login? Quite common on rescue systems and alike.
Nothing to care about, looks as if you did setup lfs probably,
congrats!
--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 348: We're on Token Ring, and it looks like the
token got loose. |
|
| Back to top |
|
|
NoSpamIsAccepted
*nix forums beginner
Joined: 01 Mar 2005
Posts: 30
|
| Posted: Mon Feb 14, 2005 8:35 pm Post subject:
Re: confused:root
|
|
|
Great, thanks so much.
One more question: when you say I can synchronize the passwords in 2
linux installations, how should I do that? Like what you described to
set up them independently but give same password?
One thing I am currious is in the /etc/passwd file, you can not see the
password for root, as it is encrypted. Then where it is stored? some
hidden file under "/"?
Thanks. |
|
| Back to top |
|
|
Peter T. Breuer
*nix forums Guru
Joined: 19 Feb 2005
Posts: 1222
|
| Posted: Mon Feb 14, 2005 8:57 pm Post subject:
Re: confused:root
|
|
|
NoSpamIsAccepted <clinton__bill@hotmail.com> wrote:
| Quote: | One more question: when you say I can synchronize the passwords in 2
linux installations, how should I do that? Like what you described to
|
Any way you like. It is usual to locally "broadcast" the password file
via NIS or LDAP from a server.
| Quote: | set up them independently but give same password?
One thing I am currious is in the /etc/passwd file, you can not see the
password for root, as it is encrypted.
|
Correct.
| Quote: | Then where it is stored?
|
Nowhere! Why should it be? Only the encrypted ciphertext of the
password is required in order to check that someone knows the password.
One just checks to see if it ciphers to the same result.
| Quote: | some
hidden file under "/"?
|
No.
Peter |
|
| Back to top |
|
|
Keith Keller
*nix forums Guru
Joined: 20 Feb 2005
Posts: 608
|
| Posted: Mon Feb 14, 2005 9:25 pm Post subject:
Re: confused:root
|
|
|
On 2005-02-14, NoSpamIsAccepted <clinton__bill@hotmail.com> wrote:
| Quote: |
One more question: when you say I can synchronize the passwords in 2
linux installations, how should I do that? Like what you described to
set up them independently but give same password?
|
Well, you can't actually keep two separate password databases
synchronized 100% of the time. What you describe above isn't really a
synchronized password file, since changes in one don't affect the other.
What I think Lew was describing was to copy your /etc/passwd,
/etc/group, /etc/shadow, and if applicable /etc/gshadow files from one
linux install to the other. That will synchronize the password
databases between the two at that particular point in time. If, later,
you change one of these files, your passwords will then be out of sync
till you do something to sync them (e.g., use passwd on distro 1, set a
password, then use passwd on distro 2 to set the same password).
| Quote: | One thing I am currious is in the /etc/passwd file, you can not see the
password for root, as it is encrypted. Then where it is stored? some
hidden file under "/"?
|
The encrypted password is in /etc/shadow. The unencrypted password is
not stored. (man 5 passwd for more about the passwd file.)
--keith
--
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information |
|
| Back to top |
|
|
Lew Pitcher
*nix forums Guru
Joined: 21 Feb 2005
Posts: 675
|
| Posted: Tue Feb 15, 2005 12:46 am Post subject:
Re: confused:root
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Keith Keller wrote:
| Quote: | On 2005-02-14, NoSpamIsAccepted <clinton__bill@hotmail.com> wrote:
One more question: when you say I can synchronize the passwords in 2
linux installations, how should I do that? Like what you described to
set up them independently but give same password?
Well, you can't actually keep two separate password databases
synchronized 100% of the time. What you describe above isn't really a
synchronized password file, since changes in one don't affect the other.
What I think Lew was describing was to copy your /etc/passwd,
/etc/group, /etc/shadow, and if applicable /etc/gshadow files from one
linux install to the other.
|
Actually, I was hedging my bets. I run Slackware, which doesn't use PAM. IIRC,
Redhat uses PAM, and I didn't want to give bad advice regarding password
synchronization if PAM was involved.
But, you've described the way I'd do it in Slackware, at least to start.
I'd probably wind up mounting one partition, and making symlinks in the other
partition's /etc to the first partitions files.
[snip]
- --
Lew Pitcher
Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCEVRlagVFX4UWr64RApY/AKDFmWUdh686jdvq8GqCQI+oAr1azwCbBae9
oH18p6HU1DhNv39gmFjvHnA=
=8384
-----END PGP SIGNATURE----- |
|
| Back to top |
|
|
Lew Pitcher
*nix forums Guru
Joined: 21 Feb 2005
Posts: 675
|
| Posted: Tue Feb 15, 2005 12:52 am Post subject:
Re: confused:root
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NoSpamIsAccepted wrote:
| Quote: | Great, thanks so much.
One more question: when you say I can synchronize the passwords in 2
linux installations, how should I do that? Like what you described to
set up them independently but give same password?
|
That's one way.
Or copy the password files from one /etc to the other.
There are other ways as well. It just depends on how sophisticated you want to
make this.
| Quote: | One thing I am currious is in the /etc/passwd file, you can not see the
password for root, as it is encrypted. Then where it is stored? some
hidden file under "/"?
|
The system never stores unencrypted passwords. When you (or root) log in, the
password entered at the screen is encrypted and compared to the encrypted
password stored in the system. If they match, then the user is permitted to
enter. If they don't match, then the user didn't enter the proper password.
The encryption is one-way, so you can't get the plaintext password out of the
encrypted one.
- --
Lew Pitcher
Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCEVXwagVFX4UWr64RAlpSAKCQgZbqCNDJ0Cms48QBFKFT+uUh+wCg2Du9
ubrsWn4kfzFEG3cJGU5gYMk=
=aVhN
-----END PGP SIGNATURE----- |
|
| Back to top |
|
|
Keith Keller
*nix forums Guru
Joined: 20 Feb 2005
Posts: 608
|
| Posted: Tue Feb 15, 2005 3:52 am Post subject:
Re: confused:root
|
|
|
On 2005-02-15, Lew Pitcher <lpitcher@sympatico.ca> wrote:
| Quote: |
Keith Keller wrote:
What I think Lew was describing was to copy your /etc/passwd,
/etc/group, /etc/shadow, and if applicable /etc/gshadow files from one
linux install to the other.
Actually, I was hedging my bets. I run Slackware, which doesn't use PAM. IIRC,
Redhat uses PAM, and I didn't want to give bad advice regarding password
synchronization if PAM was involved.
|
If you're just talking about local accounts, and the ''normal'' way of
maintaining local accounts, then PAM won't make a difference. Copying
the files will be more than sufficient for keeping local accounts in
sync. (If the OP has LDAP, NIS, Samba, or some other password database,
or has set up PAM login restrictions, then the copy won't necessarily
preserve these items, but it's my impression that's not the case here.)
| Quote: | I'd probably wind up mounting one partition, and making symlinks in the other
partition's /etc to the first partitions files.
|
I think that's probably not such a good idea. If there are filesystem
problems that require the second install to drop to single-user, there
might not be any password files. Not sure how the box would behave in
that instance, but I would not want to chance it. (The OP can test it
on his box, of course--it might work okay.) Since this box seems like
just a test system, probably no big deal.
--keith
--
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information |
|
| Back to top |
|
|
NoSpamIsAccepted
*nix forums beginner
Joined: 01 Mar 2005
Posts: 30
|
| Posted: Wed Feb 16, 2005 3:34 pm Post subject:
Re: confused:root
|
|
|
Sorry for my curiosity, I know it does not matter, but just want to
know...
" password entered at the screen is encrypted and compared to the
encrypted
password stored in the system."
-- when you say "stored in the system", it must be some file on the
harddisck, right? Actually I my system is RedHat and see a file
/etc/shadow, as root I open the file, and I see something looks like
root encrypted password, they are ascII characters, but not the one I
input on the screen, anyway is it the encrypted password for root?
Thanks. |
|
| Back to top |
|
|
Lew Pitcher
*nix forums Guru
Joined: 21 Feb 2005
Posts: 675
|
| Posted: Wed Feb 16, 2005 4:29 pm Post subject:
Re: confused:root
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NoSpamIsAccepted wrote:
| Quote: | Sorry for my curiosity, I know it does not matter, but just want to
know...
" password entered at the screen is encrypted and compared to the
encrypted
password stored in the system."
-- when you say "stored in the system", it must be some file on the
harddisck, right? Actually I my system is RedHat and see a file
/etc/shadow, as root I open the file, and I see something looks like
root encrypted password, they are ascII characters, but not the one I
input on the screen, anyway is it the encrypted password for root?
|
Yes. In your case, the encrypted passwords are stored in /etc/shadow.
There are several inter-related things here, so pardon me if I appear
longwinded in my explanation.
First off, the storage media for passwords is somewhat flexible. In a
stock, vanilla Linux/Unix system, the passwords would be stored in the
/etc/passwd file. This has proven to be less secure than it could be, so
some systems (including yours) implement a "shadow password" mechanism
(a standard mechanism from BSDish Unix, IIRC), where passwords are
stored in a root-owned private file called /etc/shadow. Other extensions
have been built such that the system can store the passwords in a
database, or acquire authentication through network APIs. For the most
part, though, /etc/shadow is the place where passwords are stored.
The /etc/passwd and /etc/shadow files store a character representation
of the encrypted passwords. This makes easier to edit the password and
shadow files with a text editor, which is a benefit when it comes to
system management and down-system recovery. The algorithm for converting
the binary values that are encrypted passwords to and from this
character representation are well-known, and are something like the
base64 encoding used to transport binary data in text files like emails.
Now, passwords are not stored as their plain text values. Instead, they
are stored as encrypted values, and these encrypted values cannot be
decrypted. This means that, even if the encrypted version of the
password is exposed, the password is still safe. The only way to break
the encrypted password is to repeatedly guess at real passwords,
encrypting each in turn, and comparing the encrypted guess password to
the encrypted real password. If they match, then the unencrypted guess
password is a match to the unencrypted real password. This method
(called a "brute force attack") is normally a bit time consuming, and
doesn't work if you can't guess the original password. It works best on
poorly chosen passwords like personal names, dates, or dictionary words.
So, how does login authenticate agaist one of these passwords, if the
password can't be decrypted? Well, the plain-text password entered at
the login prompt is encrypted, and that encrypted version is compared to
the encrypted password on file. If the encrypted entry password matches
the encrypted stored password, then we know that the unencrypted entry
password would have matched the unencrypted stored password. If the two
encrypted values don't match, then the entered password would not have
matched the unencrypted stored password.
So, to answer your question: Yes, the text value you see in /etc/shadow
is the encrypted password.
- --
Lew Pitcher, IT Specialist, Enterprise Data Systems
Enterprise Technology Solutions, TD Bank Financial Group
(Opinions expressed here are my own, not my employer's)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
iD8DBQFCE4MSagVFX4UWr64RAmzeAKDuc0c7SS19ZGy87o5Moyvf0Boc+ACdFpfR
AKdiKRfQb/LlTauD/TbzVEU=
=8ar/
-----END PGP SIGNATURE----- |
|
| Back to top |
|
|
Nico Kadel-Garcia
*nix forums Guru
Joined: 21 Feb 2005
Posts: 1068
|
| Posted: Thu Feb 17, 2005 2:45 am Post subject:
Re: confused:root
|
|
|
"NoSpamIsAccepted" <clinton__bill@hotmail.com> wrote in message
news:1108571673.868165.314030@l41g2000cwc.googlegroups.com...
| Quote: | Sorry for my curiosity, I know it does not matter, but just want to
know...
" password entered at the screen is encrypted and compared to the
encrypted
password stored in the system."
-- when you say "stored in the system", it must be some file on the
harddisck, right? Actually I my system is RedHat and see a file
/etc/shadow, as root I open the file, and I see something looks like
root encrypted password, they are ascII characters, but not the one I
input on the screen, anyway is it the encrypted password for root?
|
Bingo. This file is read-access only for root: most programs only use the
information from /etc/passwd, which is read-all. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Fri Jan 09, 2009 10:45 am | All times are GMT
|
|
Upvc Doors | Mortgage | Credit Cards | Debt Consolidation | Refinance
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
Setup
