![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
pantherchild.livejournal.com~I've been in training for the past...well, it's been forever. My team has two to three more weeks of training in our future....sad!
~We took the RHCE three days early, and there were a few people from our group who did not pass. Because of this, they were given the opprotunity to retake (and all passed, thankfully!) However, it left the three of us who DID pass out on a limb. We didn't nee to be in training...but we're not set up in cubes. So, we spent the first day staking out cubes. I got the short end of this stick--someone moved their department into my cube temporarily!
~I spent the next few days with a splitter listening into other people's calls,a nd watching the workflow process. (This means looking bored. I didn't even have anywhere to set up my computer!)
~Finally, I found a guy who would actually let me take some of his calls. I didn't have access to an account in our ticket manager, so I used his and took about eight calls. Not many, but they were all good experience. Nothing like telling someone that they're totally SOL to make your first day fun. The guy whose cube I'd stolen was listening in and giving me hints on IRC.
~All that's a long, boring intoduction to The Call that I recieved today. I have to admit, it was the BEST CALL EVER. After the usual intorduction and checking to make sure that he was supported, we started to get into his problem.
User: So, the great thing about having a college aged son in computer science is that...
Me: *wince*
User: ...he likes to play with things. And I have a [Linux] testing box at work that I let him mess around with when he's home.
Me: *wince wince*
User: ...and I can't log in as root now.
Cubemate on IRC: HAHAHAHHAHAAAAAAA. BEAT THAT CHILD.
Me: Well, sir, can you tell me what run level you're in?
User: It's in some kind of fail safe mode...I couldn't log in with my normal root password. I think my son created some kind of other user called sysadmin and I could use that password...I tried to do a passwd root, but it wouldn't let me.
Me: Sir, have you asked your son what he did to the computer?
User: Not really. He's not sure.
Me: Well, let's take a look at your /etc/passwd and see what's there.
~He opens the file, and we notice that there's an odd line int he file.
root:x:500:0:root:/root:/bin/bash
~Now, root's userid (the first number there) MUST be 0. If it's not, you have major issues. All system users (daemons and the like) have UIDs <=499. All users created by someone on the machine have UIDs >=500. So, it just looks like the kid broke the hell out of root and tried to recreate it. Not too bad, right?
~I tell him to edit the file and change the UID. That should fix root up pretty well, and he can passwd root and be all good. Right? (Shhh, we'll get to /etc/shadow in a minute.)
~He can't edit the file.
~An ls -l shows that /etc/passwd has permissions of rw-r--r--. At this point, I have to put him on hold so I can giggle insanely. As I'm giggleing, I get on IRC and tell people what's happening so they can share in the laughter.
~I get back on with the customer, and walk him through singleuser mode. We get in there, and he comments 'wow, I guess we're getting into the ugliest mode huh?' To which I have to respond, "No, sir, there's one uglier, but hopefully we won't have to cross that line." Referring, of course, to the dreaded rescue mode.
~Finally, we get in, and he fixes that file. Turns out, there were about two roots or root-like accounts defined. We gave root a nice, normal UID of 0 and changed the other account to read bogus. :-)
~Back into run level 5, and he can log in. THe password is still wonky (yeah, we should have fixed that in singleuser, but I forgot), so we passwd root, then take a look at /etc/shadow. There are TWO lines for root, explaining the password shennanigans.
~By this point, the guy's telling me he's going to send his son an invoice for his time and demand Scotch. I tell him to have a drink for me too. By this point, it's 6:15, I'm suposed to be off at 6:00, and my boss has kicked my chair twice demanding that I come out drinking.
~It takes me until 6:30 to actually finish the ticket, and get out of there.
~The funniest part of this is that during training, the aforementioned boss would break our systems as a troubleshoot exersize. Several times, he's deleted the root account, removed /etc/shadow, removed /etc/passwd, removed both of them, made one or both immutable, changed permissions....etc. All the time he's doing this, he tells us that people never really do this sort of thing to their systems unless they hate you.
~I did get told that I was his 'go to gal for singleuser mode!' and that i shoudl feel 'really accomplished' for fixing the issue. And that I was awesome. :-D Yay for positive reinforcement.
~And tequilla. Thank God for tequila.~
~We took the RHCE three days early, and there were a few people from our group who did not pass. Because of this, they were given the opprotunity to retake (and all passed, thankfully!) However, it left the three of us who DID pass out on a limb. We didn't nee to be in training...but we're not set up in cubes. So, we spent the first day staking out cubes. I got the short end of this stick--someone moved their department into my cube temporarily!
~I spent the next few days with a splitter listening into other people's calls,a nd watching the workflow process. (This means looking bored. I didn't even have anywhere to set up my computer!)
~Finally, I found a guy who would actually let me take some of his calls. I didn't have access to an account in our ticket manager, so I used his and took about eight calls. Not many, but they were all good experience. Nothing like telling someone that they're totally SOL to make your first day fun. The guy whose cube I'd stolen was listening in and giving me hints on IRC.
~All that's a long, boring intoduction to The Call that I recieved today. I have to admit, it was the BEST CALL EVER. After the usual intorduction and checking to make sure that he was supported, we started to get into his problem.
User: So, the great thing about having a college aged son in computer science is that...
Me: *wince*
User: ...he likes to play with things. And I have a [Linux] testing box at work that I let him mess around with when he's home.
Me: *wince wince*
User: ...and I can't log in as root now.
Cubemate on IRC: HAHAHAHHAHAAAAAAA. BEAT THAT CHILD.
Me: Well, sir, can you tell me what run level you're in?
User: It's in some kind of fail safe mode...I couldn't log in with my normal root password. I think my son created some kind of other user called sysadmin and I could use that password...I tried to do a passwd root, but it wouldn't let me.
Me: Sir, have you asked your son what he did to the computer?
User: Not really. He's not sure.
Me: Well, let's take a look at your /etc/passwd and see what's there.
~He opens the file, and we notice that there's an odd line int he file.
root:x:500:0:root:/root:/bin/bash
~Now, root's userid (the first number there) MUST be 0. If it's not, you have major issues. All system users (daemons and the like) have UIDs <=499. All users created by someone on the machine have UIDs >=500. So, it just looks like the kid broke the hell out of root and tried to recreate it. Not too bad, right?
~I tell him to edit the file and change the UID. That should fix root up pretty well, and he can passwd root and be all good. Right? (Shhh, we'll get to /etc/shadow in a minute.)
~He can't edit the file.
~An ls -l shows that /etc/passwd has permissions of rw-r--r--. At this point, I have to put him on hold so I can giggle insanely. As I'm giggleing, I get on IRC and tell people what's happening so they can share in the laughter.
~I get back on with the customer, and walk him through singleuser mode. We get in there, and he comments 'wow, I guess we're getting into the ugliest mode huh?' To which I have to respond, "No, sir, there's one uglier, but hopefully we won't have to cross that line." Referring, of course, to the dreaded rescue mode.
~Finally, we get in, and he fixes that file. Turns out, there were about two roots or root-like accounts defined. We gave root a nice, normal UID of 0 and changed the other account to read bogus. :-)
~Back into run level 5, and he can log in. THe password is still wonky (yeah, we should have fixed that in singleuser, but I forgot), so we passwd root, then take a look at /etc/shadow. There are TWO lines for root, explaining the password shennanigans.
~By this point, the guy's telling me he's going to send his son an invoice for his time and demand Scotch. I tell him to have a drink for me too. By this point, it's 6:15, I'm suposed to be off at 6:00, and my boss has kicked my chair twice demanding that I come out drinking.
~It takes me until 6:30 to actually finish the ticket, and get out of there.
~The funniest part of this is that during training, the aforementioned boss would break our systems as a troubleshoot exersize. Several times, he's deleted the root account, removed /etc/shadow, removed /etc/passwd, removed both of them, made one or both immutable, changed permissions....etc. All the time he's doing this, he tells us that people never really do this sort of thing to their systems unless they hate you.
~I did get told that I was his 'go to gal for singleuser mode!' and that i shoudl feel 'really accomplished' for fixing the issue. And that I was awesome. :-D Yay for positive reinforcement.
~And tequilla. Thank God for tequila.~
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}