UNKWN Posted November 19, 2017 Share Posted November 19, 2017 Good evening, I lost my password for my webinterface. I tried to shut down the server and I deleted the /config/passwd file but i still couldn't log in (I tried "root" as username with no password but it said, that the password is wrong) Please help Best regards Quote Link to comment
Frank1940 Posted November 19, 2017 Share Posted November 19, 2017 Pull your flash drive. Stick in another computer. Go to the config folder. Delete the passwd , smbpasswd , shadow files. Eject the flash drive. Put the flash drive back in the server and start it back up. This procedure should leave all passwords blank. You can now reassign new ones. 2 Quote Link to comment
UNKWN Posted November 19, 2017 Author Share Posted November 19, 2017 4 minutes ago, Frank1940 said: Pull your flash drive. Stick in another computer. Go to the config folder. Delete the passwd , smbpasswd , shadow files. Eject the flash drive. Put the flash drive back in the server and start it back up. This procedure should leave all passwords blank. You can now reassign new ones. It worked. Thank you so much! Quote Link to comment
FreeMan Posted November 19, 2017 Share Posted November 19, 2017 Remember - that's just how insecure your server is! Keep it physically safe, and don't expose it to the wild web world - someone out there will crack and or delete your password files just that easily, too. Quote Link to comment
Frank1940 Posted November 19, 2017 Share Posted November 19, 2017 (edited) 54 minutes ago, FreeMan said: Remember - that's just how insecure your server is! Keep it physically safe, and don't expose it to the wild web world - someone out there will crack and or delete your password files just that easily, too. I will point out that this won't work (that I described) on a running unRAID server. These files are copied over to a location somewhere inside the Linux OS operating system (which is completely in RAM) during the initial boot process. (Now, you could change flash drive from the OS and then reboot the server to achieve this same result.) I also seem to recall if you gain root access to the Linux OS, you can delete those files inside of the Linux OS and accomplished the same thing . But once a hacker gains root access, the last thing he is probably going to do to mess around with the password structure as that will probably be detected very quickly with very little gain to the hacker. He is going to do whatever he really wants to accomplish first-- Steal data, malware encrypt the files, turn the server into a bot, etc. I do agree with you that an unRAID server should never be exposed to the Internet! It will be attacked within a couple of minutes. It will then only be a matter of time until it is compromised. How long that will take is matter of the skill of the hacker and the vigilance of the administrator. We see at least a half dozen threads a year of folks how have foolishly decided to place their unRAID server inside of a DMZ on their home router. Most of the time, the server is brought to its knees by attacks from the outside to gain access... Edited November 19, 2017 by Frank1940 Quote Link to comment
pwm Posted November 19, 2017 Share Posted November 19, 2017 9 minutes ago, Frank1940 said: We see at least a half dozen threads a year of folks how have foolishly decided to place their unRAID server inside of a DMZ on their home router. Most of the time, the server is brought to its knees by attacks from the outside to gain access... Remember that when people have enough skills about how to properly secure the relevant ports, then you will not see any thread about it. But there are an almost infinite number of ways to do things wrong, so the probability of a mishap is rather high given that the unRAID system isn't factory-hardened. Quote Link to comment
ImBadAtThis Posted December 5, 2017 Share Posted December 5, 2017 (edited) On 11/19/2017 at 3:32 PM, Frank1940 said: Pull your flash drive. Stick in another computer. Go to the config folder. Delete the passwd , smbpasswd , shadow files. Eject the flash drive. Put the flash drive back in the server and start it back up. This procedure should leave all passwords blank. You can now reassign new ones. I am in my flash drive and cannot for the life of me find this config/passwd, /smbpasswd, or /shadow files. I'm using unraid v6. Where am I going wrong? Edited December 5, 2017 by ImBadAtThis Quote Link to comment
Frank1940 Posted December 5, 2017 Share Posted December 5, 2017 13 minutes ago, ImBadAtThis said: I am in my flash drive and cannot for the life of me find this config/passwd, /smbpasswd, or /shadow files. I'm using unraid v6. Where am I going wrong? What OS are you using. I checked it just now with both my windows 7 computer and using Krusader (Docker) in unRAID and the files were there. You might want to check the configuration of your file browser/explorer to make sure that the display of system files is enabled. I know that in Win7, it blocked by default. (I believe that most OS's use these same names for these files.) Quote Link to comment
ImBadAtThis Posted December 5, 2017 Share Posted December 5, 2017 Ive got it sorted. Managed to scrounge up a monitor and keyboard and did a command line passwd reset. Thanks for the response though! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.