Find the answer to your Linux question:
Results 1 to 9 of 9
Hi, I have a shell running with user root. How can I test if the password I have ( lets say in a temp.txt file ) is the password root ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2011
    Posts
    6

    Is there a way to validate root password?


    Hi,

    I have a shell running with user root.

    How can I test if the password I have ( lets say in a temp.txt file ) is the password root is using?

    If I do su it create a new shell without asking for password.

    Any idea?
    Thanks!

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,384
    My alarm bells are ringing..
    If you are a legitimate root user, you
    a) know the root password
    b) can change it at will

    Can you give more background on why you want to find out the current root password?
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    May 2011
    Posts
    6
    No need for your alarm bells to ring..

    I am running a certain script with root user - x.pl
    Than on the way I am switching to another user and executing another script y.pl
    Then with that user ( that doesn't have root privileges) I am running some commands that need root permissions.
    In order for this to work when the user is not root I want to validate the password first.

    Thanks!

  4. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,384
    ok


    Well, some thoughts:
    - The password is just one thing -although the most obvious-, that would need validation. Homedir, environment, shell, etc...
    - One way is to just try to escalate to root and then check the returncode(s) and/or call "id". id is 0 as root.
    - Is it maybe possible to rewrite the scripts, so that all root commands are in x.pl and all non-root commands are in y.pl?
    - use of the s-bit (listed for completeness sake, *not* recommended)

    - I would probably go for a sudo setup.
    Assuming, that y.pl runs as a dedicated user, you could define in /etc/sudoers.conf that this dedicated user can run commands a,b,c,etc escalated (even without password)

    This is any time better than writing the root password in a user-accessible, cleartext file.
    What can go wrong?
    - maybe a user is added to the same group as the user for y.pl. --> new user may have access to the file and therefore root password
    - that file can be copied -intentionally or not- to another place, that maybe is outside of your controll
    - if the root pw is changed, you would need to sync that file
    Last edited by Irithori; 06-20-2011 at 10:44 AM.
    You must always face the curtain with a bow.

  5. #5
    Just Joined!
    Join Date
    May 2011
    Posts
    6
    Thanks for you answer..

    Regarding the first 2 section , I am not sure how it will help me verify my password.
    I know I am root but I am not sure what is my password.

    Regarding moving all root commands from y.pl to x.pl, believe me, if this was an option I wouldn't have wrote this thread..

    About sudo, I can't assume sudo is installed on the machine I am running.

    And about the root password. don't worry I don't keep it in any file , it was just an example.
    The script get the root password ad when it dies the password dies with it.

    Any more ideas?:-\

  6. #6
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,384
    sudo is a pretty basic package, but you are right: You cannot assume it is available.

    However, you could enforce it.

    1) If (x|y).pl shall be run on a regular schedule
    Use a system management tool like puppet:
    - tell puppet to make sure, sudo is installed
    - let puppet ensure the appropiate modifications to /etc/sudoers.conf
    - before running -or just deploying as e.g. cronjobs- (x|y).pl

    2) If (x|y).pl shall be run just once:
    - package them as rpm.
    - the pre and post install scripts are executed as root, so no need to escalate
    - Further more, you could let your package depend on sudo, therefore ensuring it is available

    3) (x|y).pl are run manually.
    If you run a command, that needs escalated rights, and the pw is wrong, then the command will fail.
    Hence, you can react to the returncode.
    Also, once your script escalated, you can check with id, if you are indeed root.
    If id != 0, then you are not and can exit the script with an appropiate error, aka "Fatal: Not able to acquire root privileges. Aborting."

    It is a slight variation.
    You want to check before escalating.
    My suggestion is to check afterwards.
    Last edited by Irithori; 06-20-2011 at 12:41 PM.
    You must always face the curtain with a bow.

  7. #7
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,533
    How can I test if the password I have ( lets say in a temp.txt file ) is the password root is using?
    Putting the root password in a file as plain text is not an acceptable situation, under ANY circumstances. If someone did that on any system I administer, they would probably be shown the door, with a big boot in the rear end on the way out...
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  8. #8
    Just Joined!
    Join Date
    Jan 2011
    Location
    Cambridge, Ontario, Canada
    Posts
    24
    May I suggest a simpler method:

    - Combine x.pl & y.pl
    - Run the whole thing as root
    - When you need unprivileged access for <command> write: 'su -l <unprivileged-user> -c '<command>' (no password needed here, since you have root shell)

    Edit: Rubberman speaks wisdom. Consult your peers.
    Last edited by PairOfBlanks2; 06-21-2011 at 12:56 AM. Reason: comment on rubberman

  9. #9
    Linux Newbie
    Join Date
    Jun 2004
    Location
    Halesowen, West Midlands, UK
    Posts
    107
    Quote Originally Posted by tprizler View Post
    Hi,

    I have a shell running with user root.

    How can I test if the password I have ( lets say in a temp.txt file ) is the password root is using?

    If I do su it create a new shell without asking for password.

    Any idea?
    Thanks!
    Look in /etc/sudoers and you'll no doubt find an entry with "NOPASSWD" that allows that.
    If you didn't set up a root password, you can set one up with "passwd root".
    If you forgot your root password, replace 'x' with a space or '*' and set a new one.
    root@sdrbox1:~# grep root /etc/passwd
    root:0:0:root:/root:/bin/bash
    That smilie, don't know where it came from it should be colon_x_colon.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •