I'm locked out of my main account, its suddenly become unreadable, and the super user password is no longer working. I have a few other users on the machine, so I can get in there, but can't do anything because the root password has changed. I can't even read my main users home directory. I don't know if this is connected, but suddenly my installed PPAs had lost their GPG keys and I kept getting errors about that when I ran apt-get update. Well not all of them, but a lot of them.
Is there anything I can do like boot up from a pentesting distro like tails and see whats going on? Only my home directory is encrypted. I have loads of unbacked up data on my machine, I can't just reinstall the OS now. I'm in trouble if I can't fix this. I don't know what to do, I've never experienced anything like this before, and I used to have an external harddrive so I would just reinstall if this happened but I can't do that in this case.
I'm booting up with a live CD right now, I read that you can just edit the /etc/shadow and erase the root users password. I'm hoping this still works. I'm in the /etc/shadow file now and I see the root user has a ! as its password. I read that if I delete that, then no more root password. That still doesn't solve the problem of my encrypted home directory being in accessible. Can I change my users password by making a new hash and replacing it with the hash in the shadow file?
UPDATE: I edited the shadow file and was able to set a new root password. But then I couldn't seem to use the root passowrd. Theres also a /etc/shadow- file, and the root user is assigned a number for a password there.
Only my main user has been locked down, the file permissions of my home directly somehow changed to dr-x-----. I'm still the owner of the directory. I can sudo into the home directory but its encrypted. chkrootkit says that tcpd is infected, but nothing other than that.
Lynus gave me 3 warnings that were minor.
No comments:
Post a Comment