[solved] 'passwd', 'passwd.pacnew' and 'passwd-'

IrvineHimself · 2017-04-10 14:58:31

Okay, I messed up big time, then fixed it, but may have left residual security problems?

Essentially, I am looking at tightening up security and was reading the Security page of the wiki. While researching what exactly the various flags for hardening the kernel do, I noticed some of the other suggestions, like 'hidepid' These seemed fairly self explanatory, and I decided to implement them. Then, in a fit of impulsiveness, I decided to restrict root login with 'passwd -l root', and promptly lost all root and sudo capabilities.

I managed to fix this by booting from a USB and editing the 'passwd' and 'shadow' files. Unfortunately, in my initial panic, I accidentally edited 'passwd-' rather than 'passwd'.

Anyway, after my first attempt didn't work, I realised the nature of the problem, and, still panicking, edited both 'passwd.pacnew' and the actual 'passwd'. (I was in a kind daze at this point may also have deleted the root password from 'shadow-' and 'shadow.pacnew', though I am not certain.)

So, finally having root privileges, I restored my sudo password and, on the face of it, everything appears to be hunky dory. The problem is, I am not sure what residual damage, if any, I may have caused. The various 'shadow?' files now seem to have root passwords. But while the 'x' I deleted from the actual 'passwd' file has been restored, it is still missing from 'passwd-' and 'passwd.pacnew'

A couple of questions spring to mind:

1) Bearing in mind I was in a panicked daze and my recollections are a bit hazy, should I restore the deleted 'x' to 'passwd-' and 'passwd.pacnew'?

2) Is there any way to check the integrity of the password files?

3) Out of curiosity, what is the relationship between these files and what do they do?

Thanks for your patience, and 'Yes', I know it was a stupid thing to do.

Irvine

Last edited by IrvineHimself (2017-04-10 17:58:29)

loqs · 2017-04-10 15:30:34

IrvineHimself wrote:

1) Bearing in mind I was in a panicked daze and my recollections are a bit hazy, should I restore the deleted 'x' to 'passwd-' and 'passwd.pacnew'?

See answer to 3.

IrvineHimself wrote:

2) Is there any way to check the integrity of the password files?

See `man pwck`

IrvineHimself wrote:

3) Out of curiosity, what is the relationship between these files and what do they do?

See Pacnew_and_Pacsave and `man 5 passwd`

ewaller · 2017-04-10 15:38:25

IrvineHimself wrote:

3) Out of curiosity, what is the relationship between these files and what do they do?

Or did you mean the difference between passwd and shadow?

passwd used to include the hashes of passwords and, as it is readable by everyone, represented a security hole be allowing brute force attacks on the hashes.
shadow is not readable by everyone and is now used to store the hashes, while allowing the passwd file to continue to readable by all.

https://en.wikipedia.org/wiki/Passwd

IrvineHimself · 2017-04-10 17:00:45

Thanks for your replys.

ewaller wrote:

....... did you mean the difference between passwd and shadow....

I actually meant what is the difference between 'passwd', 'passwd-' and 'passwd.pacnew' (or their shadow equivalents.) EDIT: I got the answer to that question from the reply by 'loqs'. Thanks by the way.

More worryingly, I couldn't run 'pwck' with the -r, (read only,) option. Without the -r option, it reported a segmentation fault.

[memyself@mine ~]$ man pwck
[memyself@mine ~]$ sudo pwck -r passwd shadow
pwck: cannot open passwd
[memyself@mine ~]$ sudo pwck passwd shadow
Segmentation fault
[memyself@mine ~]$

While "pwck: cannot open passwd" might be from a valid exit code? (cf 'man pwck' exit code 3,) the reported "segmentation fault" does not appear to be a valid exit code.

Googling "pwck" "Segmentation fault", (one search term with double quotes included,) returned a list of old bug reports and an alarming buffer overflow exploit.

see
https://www.google.co.uk/search?q=%22pw … n+fault%22
https://bugs.debian.org/cgi-bin/bugrepo … 7366;msg=7
http://www.securitytracker.com/id/1003086

I would be grateful for further guidance here, particularly on how to proceed and whether to be extremely alarmed about the segmentation fault.

Thanks,
Irvine

Last edited by IrvineHimself (2017-04-10 17:09:17)

loqs · 2017-04-10 17:06:14

man 8 pwck wrote:

SYNOPSIS
pwck [options] [passwd [ shadow ]]
....
By default, pwck operates on the files /etc/passwd and /etc/shadow. The
user may select alternate files with the passwd and shadow parameters.

ewaller · 2017-04-10 17:08:30

I need to get in the habit of reading entire sentences O_o

IrvineHimself · 2017-04-10 17:28:21

Sorry, am I reading the manual wrong

......
EXIT VALUES
       The pwck command exits with the following values:
       0 success
       1 invalid command syntax
       2 one or more bad password entries
       3 can't open password files
......

Doesn't literally return exit code 0, so

[memyself@mine ~]$ sudo pwck -r
[memyself@mine ~]$ 
# or
[memyself@mine ~]$ sudo pwck -r /etc/passwd /etc/shadow
[memyself@mine ~]$

Is in fact a success?

Sorry to be a pain,
Irvine

Ps, for reference, (in case others have this problem,) after reading `man 5 passwd` , I restored the deleted x's

loqs · 2017-04-10 17:49:39

$ sudo /bin/false
$ echo $?
1
$ sudo pwck -r
$ echo $?
0

IrvineHimself · 2017-04-10 17:57:50

Thank you loqs, you have been amazingly helpful. Since 'pwck' is reporting a clean bill of health, I will mark this as solved.

Thanks again for your patience,

Irvine

Arch Linux

#1 2017-04-10 14:58:31

[solved] 'passwd', 'passwd.pacnew' and 'passwd-'

#2 2017-04-10 15:30:34

Re: [solved] 'passwd', 'passwd.pacnew' and 'passwd-'

#3 2017-04-10 15:38:25

Re: [solved] 'passwd', 'passwd.pacnew' and 'passwd-'

#4 2017-04-10 17:00:45

Re: [solved] 'passwd', 'passwd.pacnew' and 'passwd-'

#5 2017-04-10 17:06:14

Re: [solved] 'passwd', 'passwd.pacnew' and 'passwd-'

#6 2017-04-10 17:08:30

Re: [solved] 'passwd', 'passwd.pacnew' and 'passwd-'

#7 2017-04-10 17:28:21

Re: [solved] 'passwd', 'passwd.pacnew' and 'passwd-'

#8 2017-04-10 17:49:39

Re: [solved] 'passwd', 'passwd.pacnew' and 'passwd-'

#9 2017-04-10 17:57:50

Re: [solved] 'passwd', 'passwd.pacnew' and 'passwd-'

Board footer