MX Linux Forum

klamaux wrote:
As I tried to get access to the live system by typing “demo” or “root”,
there was no success.

As I tried to get access to the live system by typing “demo” or “root”

klamaux wrote: ↑Tue Nov 01, 2022 9:55 am I wanted to open thunar with root access. Something like sudo thunar or gparted (for what you need administrator rights) to manage the partitions for example.
In the last time it changed from typing "root" to "demo". I think, because the sudo operation is more secure than to log in as root.
But now it was not possible at all to log in as any user. The system didnt like that passwords.
So in clear: although I had made a snapshot for "everyone", the password needed to access any rights on the live system was not the announced "root" or "demo", but the one of my snapshot-producing system.

dolphin_oracle wrote: ↑Tue Nov 01, 2022 1:14 pm could still use the log file. zip it up and attached to a forum message.

Adrian wrote: ↑Tue Nov 01, 2022 7:25 pm Nothing out of ordinary jumps from that log to me. It would be interesting if in /etc/passwd on the new system you see "demo" or your old username.

Adrian wrote: ↑Wed Nov 02, 2022 8:39 am You ask me to tell you something I don't know, I don't know what's your problem that needs to be investigated, the user name is in /etc/passwd, the password is in /etc/shaddow... those are reset by "installed-to-live" script for user that has UID=1000 maybe you are using a different user id, not sure about specifics.

I also cannot tell you all the other users, I know this doesn't happen to me, but I don't think reinstalling is a solution, it might fix the issue, but if we don't know what is the parameter that is different in your case it will be just a workaround and it might happen again and we won't actually fix the problem.

Can you please provide a Quick System Info? That has some extra info that might gives us some clues, like default desktop environment, shell, etc.

I wanted to open thunar with root access. Something like sudo thunar or gparted (for what you need administrator rights) to manage the partitions for example.
In the last time it changed from typing "root" to "demo". I think, because the sudo operation is more secure than to log in as root.

I think in all my 1000 linux installations I never used demo as username, but many different names
and my password was never the username. Perhaps next time...... :))

dolphin_oracle wrote: ↑Wed Nov 02, 2022 9:06 pm did the root account password change to root? (the live system should always have a root account)

klamaux wrote: ↑Thu Nov 03, 2022 7:07 am

dolphin_oracle wrote: ↑Wed Nov 02, 2022 9:06 pm did the root account password change to root? (the live system should always have a root account)

I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

sudo installed-to-live start empty=/home general version-file read-only

sudo grep ^demo: /.bind-root/etc/shadow 

sudo grep ^root: /.bind-root/etc/shadow 

sudo installed-to-live cleanup

fehlix wrote: ↑Thu Nov 03, 2022 8:07 am

klamaux wrote: ↑Thu Nov 03, 2022 7:07 am

dolphin_oracle wrote: ↑Wed Nov 02, 2022 9:06 pm did the root account password change to root? (the live system should always have a root account)

I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

dolphin_oracle wrote: ↑Wed Nov 02, 2022 9:14 pm we can simulate the change that snapshot tries to do to passwords, to try to find some problem with the routine.

this short one-line script will do the simulation. we do this on the installed system with your regular user. no file or password will be changed.

while logged in as your usual user:

Code: Select all

user="$(whoami)"; sudo grep $user /etc/shadow; hash=$(sudo mkpasswd -m sha-512 "demo");echo "demo hash is $hash"; sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user

which should give output like this:

Code: Select all

user="$(whoami)"; sudo grep $user /etc/shadow; hash=$(sudo mkpasswd -m sha-512 "demo");echo $hash; sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user
dolphin:$y$j9T$XsM3CedToRpZOtVqy/c4i/$7qyhMMgtX.h4dA22vFZBrrgrrPs5rqRlhhXq31FPKq1:18936:0:99999:7:::
$6$a8SqKyQsEtW.yANz$BTF4QfOghlnAAc2y4ISHAHTX0Og1GvGIyu022a9XXxqw78pFQQg3bKbCOgYclDe/OwXJNNB5CbuY2hvKQ/dSf/
dolphin:$6$a8SqKyQsEtW.yANz$BTF4QfOghlnAAc2y4ISHAHTX0Og1GvGIyu022a9XXxqw78pFQQg3bKbCOgYclDe/OwXJNNB5CbuY2hvKQ/dSf/:18936:0:99999:7:::

these are one-way hashes, so no worries about sharing them. we can't reverse engineer a password.

the first line is the original line in /etc/shadow
the second line is the hash generated for the demo account for the snapshot
the third line is the changed line, which in snapshot is the target /etc/shadow in the snapshot, not the real one, but we pretend here. again, the etc/shadow file is not modified in any way in this test, and no passwords are actually changed.

klamaux wrote: ↑Thu Nov 03, 2022 4:56 pm

fehlix wrote: ↑Thu Nov 03, 2022 8:07 am

klamaux wrote: ↑Thu Nov 03, 2022 7:07 am
I am not quite shure and have to test it later. But I think , there was no success to log in both as demo and as root.

On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

Hi Fehlix,
here is the output attached in jpg

sudo isomount snapashot-iso-name-here.iso

grep  demo /mnt/iso/sq1/etc/group

sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow

sudo isoumount all

fehlix wrote: ↑Thu Nov 03, 2022 5:25 pm

klamaux wrote: ↑Thu Nov 03, 2022 4:56 pm

fehlix wrote: ↑Thu Nov 03, 2022 8:07 am
On the installed system, would you do just this little test
by running four commands on the terminal commadn line:

Code: Select all

sudo installed-to-live start empty=/home general version-file read-only

and

Code: Select all

sudo grep ^demo: /.bind-root/etc/shadow 

and

Code: Select all

sudo grep ^root: /.bind-root/etc/shadow 

and

Code: Select all

sudo installed-to-live cleanup

and post the text output.
Thanks

Hi Fehlix,
here is the output attached in jpg

Thanks.
At least the text picture shows the passwords have been reset.
Actually, it would be helpful to post text as text and not as picture/image.
Would you mind to post the above as text, I'd try to avoid to do a OCR scan, to get the text,
so I can check the password did real changed to the defaults.

Ok, now assuming the password are changed.

Can we check what is actually on the Snapshot ISO:

Please do this:
Open terminal within the directory the snapshot-iso is located.
First let's mount the iso:

Code: Select all

sudo isomount snapashot-iso-name-here.iso

Now, we have a look into hashs and group member ship:
Show groups 'demo' is in:

Code: Select all

grep  demo /mnt/iso/sq1/etc/group

Show the hash's for both root and demo:

Code: Select all

sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow

Ok, when done close the iso-mounts

Code: Select all

sudo isoumount all

And as mentioned, please post command output as text - as I tend to ignore text-pics
Thanks

klamaux wrote: ↑Fri Nov 04, 2022 6:30 pm I put all your scripts and outputs in one file attached.
hope that helps to recognize the problem

sudo isomount snapshot-20221031_1539.iso
sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow
root:$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/:19090:0:99999:7:::
demo:$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/:19274:0:99999:7:::

HASH='$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/'
mkpasswd demo "$HASH"
$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/

root:$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/:19090:0:99999:7:::
HASH='$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/'
mkpasswd root "$HASH"
$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/

user="$(whoami)"; 
sudo grep $user /etc/shadow; 
hash=$(sudo mkpasswd -m sha-512 "demo");
echo "demo hash is $hash"; 
sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user

user:$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1:19274:0:99999:7:::
demo hash is $6$uHdAK1R3ATVMIKDC$bDNHa6yDOVWh59GIkB1f3bbZ8dmhS6SybhG7S9s3o5oXqFFCfnrrTYUMCjqEjkBDAH9F6erq/0VQ71yyJccul.
user:$6$uHdAK1R3ATVMIKDC$bDNHa6yDOVWh59GIkB1f3bbZ8dmhS6SybhG7S9s3o5oXqFFCfnrrTYUMCjqEjkBDAH9F6erq/0VQ71yyJccul.:19274:0:99999:7:::

user:$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1:19274:0:99999:7:::

HASH='$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1'
mkpasswd demo "$HASH"
$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1

fehlix wrote: ↑Fri Nov 04, 2022 8:08 pm

klamaux wrote: ↑Fri Nov 04, 2022 6:30 pm I put all your scripts and outputs in one file attached.
hope that helps to recognize the problem

Thanks. Hmm... that's a PDF not a text file...
Anyway. Let's see:
The iso-check to see whether we have the default passwords for root and demo on the ISO:
This is on the PDF file:

Code: Select all

sudo isomount snapshot-20221031_1539.iso
sudo grep -E 'demo|root' /mnt/iso/sq1/etc/shadow
root:$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/:19090:0:99999:7:::
demo:$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/:19274:0:99999:7:::

let's verify the passwords using "mkpasswd password hash"-check:
demo:

Code: Select all

HASH='$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/'
mkpasswd demo "$HASH"
$6$00.QWA6/nuUAwCgp$6zY9ZGc4MpNnZ.jfvkvFiDTANiT4q8Wj.2rECol6Al4xg/tv73NNLn5ogTapiXyaVQYEpjjqK1r3/AQ93sHN1/

root:

Code: Select all

root:$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/:19090:0:99999:7:::
HASH='$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/'
mkpasswd root "$HASH"
$6$EXsoyVzjA73dLzJH$20oBidQ6O8Kw/T6CNgn4MsSJgp1RzKoekIS9Q8kH.19VhsaIbBR5VTfROP.4lbQWYiLctAZWViCXms6oZeYiV/

Seem's demo and root password are set on the ISO as it should be, as "demo" and "root".
Next, the scripts by DO:
On the PDF is seen this - wrapping into one line per command.

Code: Select all

user="$(whoami)"; 
sudo grep $user /etc/shadow; 
hash=$(sudo mkpasswd -m sha-512 "demo");
echo "demo hash is $hash"; 
sudo sed -r "s=^($user):[^:]*:=\1:$hash:=" /etc/shadow |grep $user

and you posted on the pdf this:

Code: Select all

user:$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1:19274:0:99999:7:::
demo hash is $6$uHdAK1R3ATVMIKDC$bDNHa6yDOVWh59GIkB1f3bbZ8dmhS6SybhG7S9s3o5oXqFFCfnrrTYUMCjqEjkBDAH9F6erq/0VQ71yyJccul.
user:$6$uHdAK1R3ATVMIKDC$bDNHa6yDOVWh59GIkB1f3bbZ8dmhS6SybhG7S9s3o5oXqFFCfnrrTYUMCjqEjkBDAH9F6erq/0VQ71yyJccul.:19274:0:99999:7:::

The last two lines are fine and can verified to be valid has of demo passwords.
Now, let's look the first line, which shows the hash of the current user password:

Code: Select all

user:$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1:19274:0:99999:7:::

let's try this test:

Code: Select all

HASH='$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1'
mkpasswd demo "$HASH"
$6$OlzZcNKz533xjqN5$n.dnSf0mgX1kxFSSLE3ccuRgMtjO.hDEO9UoFrszhx.9DdLTdg2gGG4Ntl3nQz.iG1SsmGsrIwwBCM1TH1fYm1

Ooops.. the dispayed user password on the installed system is "demo"
But, this type of hash is not what normally the MX-Instalelr would generated,
b/c user passwords on installed don't use sha-512 "$6$' password hash#s but "$y$"-yescrypt -hash.
...
So, I'm not sure what all this is about.
The passwords on the snapshot-ISO are defaults.
The user password on installed system password shown is "demo",
The password hash is not one, which MX installer would create.
The information provided so far is inconsistent regarding the issue mentioned.

klamaux wrote: ↑Sat Nov 05, 2022 4:32 pm I think you should know one thing, what could be a reason for this trouble:
Sometimes it happens because of different computers and systems, I forget my password
and then I learned a trick to log in :
start a live system and edit the /etc/passwd by erasing the "x" after the user.
Then the system starts without asking for password and on the console the command passwd
lets you choose a new password.

passwd myuser

klamaux wrote: ↑Sat Nov 05, 2022 4:32 pm What was my fault in the procedure?

user-green wrote: ↑Wed Nov 02, 2022 9:59 pm I think you somehow modified account settings by yourself. As a result, you might encountered an unusual situation, I think.

fehlix wrote: ↑Sat Nov 05, 2022 5:03 pm

klamaux wrote: ↑Sat Nov 05, 2022 4:32 pm I think you should know one thing, what could be a reason for this trouble:
Sometimes it happens because of different computers and systems, I forget my password
and then I learned a trick to log in :
start a live system and edit the /etc/passwd by erasing the "x" after the user.
Then the system starts without asking for password and on the console the command passwd
lets you choose a new password.

Use chroot-rescue-scan from LiveUSB inseatd,
it gives you a chroot-terminal on the installed system, where you simply reset the installed user password like
this

Code: Select all

passwd myuser

klamaux wrote: ↑Sat Nov 05, 2022 4:32 pm What was my fault in the procedure?

I'm not sure what and how those issues have been created.
Quoting @user-green

user-green wrote: ↑Wed Nov 02, 2022 9:59 pm I think you somehow modified account settings by yourself. As a result, you might encountered an unusual situation, I think.

Suggest, to make an additional fresh installation and start adjusting with your tweaks until the snapshot password issue shows up. And report here any modifications made. So we may see the issue.
Currently I can not see the reason, and you may be the only one with those.
( Also you may consider to adjust your text-reporting style using those [code]code-tags[/code]
b/c any additional extra pdf- or ocr-activities would not increase my motivation to look further into the issue.)