MX Linux Forum

I wanted to open thunar with root access. Something like sudo thunar or gparted (for what you need administrator rights) to manage the partitions for example.
In the last time it changed from typing "root" to "demo". I think, because the sudo operation is more secure than to log in as root.

I think in all my 1000 linux installations I never used demo as username, but many different names
and my password was never the username. Perhaps next time...... :))

dolphin_oracle wrote: ↑Wed Nov 02, 2022 9:06 pm did the root account password change to root? (the live system should always have a root account)

klamaux wrote: ↑Thu Nov 03, 2022 7:07 am

dolphin_oracle wrote: ↑Wed Nov 02, 2022 9:06 pm did the root account password change to root? (the live system should always have a root account)

I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

sudo installed-to-live start empty=/home general version-file read-only

sudo grep ^demo: /.bind-root/etc/shadow 

sudo grep ^root: /.bind-root/etc/shadow 

sudo installed-to-live cleanup

fehlix wrote: ↑Thu Nov 03, 2022 8:07 am

klamaux wrote: ↑Thu Nov 03, 2022 7:07 am

dolphin_oracle wrote: ↑Wed Nov 02, 2022 9:06 pm did the root account password change to root? (the live system should always have a root account)

I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

dolphin_oracle wrote: ↑Wed Nov 02, 2022 9:14 pm we can simulate the change that snapshot tries to do to passwords, to try to find some problem with the routine.

this short one-line script will do the simulation. we do this on the installed system with your regular user. no file or password will be changed.

while logged in as your usual user:

Code: Select all

user="$(whoami)"; sudo grep $user /etc/shadow; hash=$(sudo mkpasswd -m sha-512 "demo");echo "demo hash is $hash"; sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user

which should give output like this:

Code: Select all

user="$(whoami)"; sudo grep $user /etc/shadow; hash=$(sudo mkpasswd -m sha-512 "demo");echo $hash; sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user
dolphin:$y$j9T$XsM3CedToRpZOtVqy/c4i/$7qyhMMgtX.h4dA22vFZBrrgrrPs5rqRlhhXq31FPKq1:18936:0:99999:7:::
$6$a8SqKyQsEtW.yANz$BTF4QfOghlnAAc2y4ISHAHTX0Og1GvGIyu022a9XXxqw78pFQQg3bKbCOgYclDe/OwXJNNB5CbuY2hvKQ/dSf/
dolphin:$6$a8SqKyQsEtW.yANz$BTF4QfOghlnAAc2y4ISHAHTX0Og1GvGIyu022a9XXxqw78pFQQg3bKbCOgYclDe/OwXJNNB5CbuY2hvKQ/dSf/:18936:0:99999:7:::

these are one-way hashes, so no worries about sharing them. we can't reverse engineer a password.

the first line is the original line in /etc/shadow
the second line is the hash generated for the demo account for the snapshot
the third line is the changed line, which in snapshot is the target /etc/shadow in the snapshot, not the real one, but we pretend here. again, the etc/shadow file is not modified in any way in this test, and no passwords are actually changed.

klamaux wrote: ↑Thu Nov 03, 2022 4:56 pm

fehlix wrote: ↑Thu Nov 03, 2022 8:07 am

klamaux wrote: ↑Thu Nov 03, 2022 7:07 am
I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

Hi Fehlix,
here is the output attached in jpg

sudo isomount snapashot-iso-name-here.iso

grep  demo /mnt/iso/sq1/etc/group

sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow

sudo isoumount all

fehlix wrote: ↑Thu Nov 03, 2022 5:25 pm

klamaux wrote: ↑Thu Nov 03, 2022 4:56 pm

fehlix wrote: ↑Thu Nov 03, 2022 8:07 am
On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

Hi Fehlix,
here is the output attached in jpg

Thanks.
At least the text picture shows the passwords have been reset.
Actually, it would be helpful to post text as text and not as picture/image.
Would you mind to post the above as text, I'd try to avoid to do a OCR scan, to get the text,
so I can check the password did real changed to the defaults.

Ok, now assuming the password are changed.

Can we check what is actually on the Snapshot ISO:

Please do this:
Open terminal within the directory the snapshot-iso is located.
First let's mount the iso:

Code: Select all

sudo isomount snapashot-iso-name-here.iso

Now, we have a look into hashs and group member ship:
Show groups 'demo' is in:

Code: Select all

grep  demo /mnt/iso/sq1/etc/group

Show the hash's for both root and demo:

Code: Select all

sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow

Ok, when done close the iso-mounts

Code: Select all

sudo isoumount all

And as mentioned, please post command output as text - as I tend to ignore text-pics
Thanks

klamaux wrote: ↑Fri Nov 04, 2022 6:30 pm I put all your scripts and outputs in one file attached.
hope that helps to recognize the problem

sudo isomount snapshot-20221031_1539.iso
sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow
root:$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/:19090:0:99999:7:::
demo:$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/:19274:0:99999:7:::

HASH='$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/'
mkpasswd demo "$HASH"
$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/

root:$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/:19090:0:99999:7:::
HASH='$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/'
mkpasswd root "$HASH"
$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/

user="$(whoami)"; 
sudo grep $user /etc/shadow; 
hash=$(sudo mkpasswd -m sha-512 "demo");
echo "demo hash is $hash"; 
sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user

user:$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1:19274:0:99999:7:::
demo hash is $6$uHdAK1R3ATVMIKDC$bDNHa6yDOVWh59GIkB1f3bbZ8dmhS6SybhG7S9s3o5oXqFFCfnrrTYUMCjqEjkBDAH9F6erq/0VQ71yyJccul.
user:$6$uHdAK1R3ATVMIKDC$bDNHa6yDOVWh59GIkB1f3bbZ8dmhS6SybhG7S9s3o5oXqFFCfnrrTYUMCjqEjkBDAH9F6erq/0VQ71yyJccul.:19274:0:99999:7:::

user:$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1:19274:0:99999:7:::

HASH='$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1'
mkpasswd demo "$HASH"
$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1