root password...

J

jackfrost

Verified User
Joined
May 11, 2005
Messages
8
How does one change the root password through directadmin? I know its possible for directadmin to use uid 0, and root commands, etc. I'm not sure whats going on on my box, it doesn't seem hacked but the password I normally use isn't working... I really don't want to have the box redone and pay money for it.

Everything works fully, I rebooted the machine but that didn't fix it.


Any ideas?


Thanks,
jf
 
You can't change the root password through DA.

To change the password you must either know the current root password and su to root, or use sudo, or you must have physical access to the server and use a "linux single" reboot to change the password without knowing it.

Jeff
 
Hmm.

I know there used to be some way to do it, but the link on the forum is deleted. Don't know if there is a current way to do it... The funny thing is that directadmin has the capability to change the root password, its just that its not built to allow it directly.

However, I was looking at the plugins, and it seems that you could write a fake plugin that would execute a user file what could write to the passwd file (or something similar). It also appeared possible to setup a listening netcat socket through the installer, creating a shell that one could connect to and run root commands through...

I'm not sure 100% (as I'm not sure if all plugin installs cause directadmin to setuid() to 0 or if only ones that have a flag saying it needs to be installed as a 0) however it looks like I'll be trying...

Just was wondering if anyone else had to do it.

Of course, if something goes wrong I'll end up paying the same amount to redo the server, so I guess it doesnt matter


Anyways, thanks for replying.
jf
 
In my opinion it would be a major security issue to allow a user with less privileges than root to change the root password.

Just my opinion.

Jeff
 
I suppose. Although since the admin account on directadmin is supposed (I think) to be equivalent to root (both system admins) it wouldn't be that major of a security risk, IMO. I mean, the directadmin can install a system level firewall... they would only have to make a plugin that does something similar to get root privledges.

I know directadmin USED to be able to do it because of a thread on here that was deleted/moved...

jf

Edit:

The link to the thread that links to the moved/deleted thread:
http://www.directadmin.com/forum/showthread.php?s=&threadid=7973&highlight=root+password

and the deleted/moved thread itself:
http://www.directadmin.com/forum/showthread.php?s=&threadid=7949&highlight=root+password
 
Last edited:
You can RESET your password through DA. :) How:

Use the hello_world plugin of DA.
Change the file install.sh and add the commands for passwd.

DA runs the install.sh AS root. I had one server wich I was stupid enough not to set AllowUsers root and AllowRoot in the sshd_config. This way I've fixed the problem ;)
 
Last edited:
Ah, I suspected as much. Thanks for the input.

Looking into the hello_world plugin now.

Thanks,
jf
 
So, in case anyone else finds this information useful...

Just as an aside, I had to change the userid of a user to 0 to get in with root privledges then change root password.

using the hello_world.tar.gz from http://www.directadmin.com/hello_world.tar.gz extract the file on another *nix box (windows does some wierd stuff to nix files).

Inside the scripts folder (after extraction), edit the install.sh script

above the "for" line, and under the "#!/bin/sh" line, put the command you would like run as root. In my case,

/usr/sbin/pw usermod useraccount -u 0

(to set useraccount as userid 0).

then cd .. back, and run

tar -zcf plugin_name.tar.gz *

upload it to an http server, and then have directadmin install it as a plugin.


Incase this is self evident, my apologies. But this info was really quite useful in saving me the money (and data loss) from having my server redone.

jf


thanks to fusion as well.
 
jackfrost said:
I suppose. Although since the admin account on directadmin is supposed (I think) to be equivalent to root (both system admins) it wouldn't be that major of a security risk, IMO.
Click to expand...
It's a major security risk on any server using the default installation of DA which doesn't require a secure login to admin, as on those servers the admin password is always passed as cleartext.

Which I'd bet is a majority of the DA installations.

Should DA require a secure login to the control panel?

Perhaps.

Jeff
 
Running DA on SSL and it asking twice for the admin password, is more secure than most system software packages.

If you login your email/ftp etc. without SSL it's unencrypted and a security risk.

I guess it's all up to the way the sysop handles it and not up to the panel. (Remember DA is a helping hand, you still have to make wise disicions yourself :p )

I gues if someone does want to harm you, he can write a plugin that has some nasty stuff in it, but as a sysop you should always check the things you install.
 
jackfrost said:
So, in case anyone else finds this information useful...

Just as an aside, I had to change the userid of a user to 0 to get in with root privledges then change root password.

using the hello_world.tar.gz from http://www.directadmin.com/hello_world.tar.gz extract the file on another *nix box (windows does some wierd stuff to nix files).

Inside the scripts folder (after extraction), edit the install.sh script

above the "for" line, and under the "#!/bin/sh" line, put the command you would like run as root. In my case,

/usr/sbin/pw usermod useraccount -u 0

(to set useraccount as userid 0).

then cd .. back, and run

tar -zcf plugin_name.tar.gz *

upload it to an http server, and then have directadmin install it as a plugin.


Incase this is self evident, my apologies. But this info was really quite useful in saving me the money (and data loss) from having my server redone.

jf


thanks to fusion as well.
Click to expand...

i have tried the above method, but it seems that
my server only have /usr/sbin/usermod

nothing occurs after i called both
/usr/sbin/usermod -u 'username' 0
/usr/sbin/usermod -u 'username' 0 -o
usermod -u 'username' 0
usermod -u 'username' 0 -o
and even
usermod -G 'username' 0
after installed the 'plug-in' , i use set to check for any changes but nothing happened , the uid is still 502

anyone could help?
 
Last edited:
You must log in or register to reply here.
Back
Top