We're running a small Centos 5 server in a virtual machine for a class assignment. For reasons unknown, starting about a week ago a number of services started failing. When we tried to investigate we discovered that we could no longer login as root. We booted into single user mode and reset the root password, but even after doing so, still got an error message of "Login incorrect" when logging in. We can login in as other users. At first we were not able to run the command su root. We would recieve the error message "cannot set groups operation not permitted." However we resolved that error by running the command chmod u+s /bin/su in single user mode. We still cannot log directly into root.
Any thoughts on how to get root access back. It's problematic because we still can't get some services like ssh running with the setup we've got. The screen also locks up whenever we try to boot into the gui with run level 5, instead of the command line with level 3
Best Answer
Look at the logs generated when you try to log in (they're in
/var/log
, I think/var/log/auth.log
but the name might be different on CentOS).Do you keep
/etc
under version control? If you do, check what's changed. If you don't, consider doing it in the future. I recommend etckeeper.Since this is a virtual machine, try mounting its filesystem on the host with Guestfs. (On a physical machine, you could mount the disk in another computer.) Alternatively, boot from a live CD or USB. This will allow you to explore the filesystem.
A possible explanation for your problem is that you've installed a security feature incorrectly, causing
su
to lose its setuid bit and other problems. Or you might have unduly changed some files' permissions. It's rather hard to tell without more information, and even with more information, such forensics can be difficult even when you have your hands on the machine.I would recommend no longer using this VM for production. Install another, and extract any data you want to keep off the first VM.