一种彻底解决UNIX系统管理员口令被忘记问题的新方案 A thorough UNIX system administrator to solve the problem of forgotten passwords by new program
引言 Introduction
----对于广大的SCOUNIX操作系统管理员来说,最不可原谅的过失之一就是忘记了管理员口令(即超级用户口令)。 ---- For the vast majority of SCOUNIX operating system administrator, one of the most inexcusable negligence forget the administrator password (the superuser password). 这个过失会导致极其严重的后果,对此凡是具备UNIX操作系统常识的人都应该知道。 This fault will lead to very serious consequences, which all have the UNIX operating system, common sense should know. 然而令人遗憾的是,时至今日铸错者依然大有人在。 Regrettably, however, to date is still a lot of people who cast the wrong. 看来,对他们固然要责备,但既然问题客观存在,我们就总还须面对现实,想办法去解决才是。 It seems, certainly to blame for them, but since the problem of objective existence, we always have to face reality, think of ways to solve is.
----长期以来,许多人就超级用户口令被忘记的问题发表了各种看法。 ---- For a long time, many people have forgotten the root password to be delivered a variety of views. 一部分人认为,一旦忘记了超级用户口令,只能重装操作系统,此外别无它法。 Some people believe that once forgotten the root password, only to reinstall the operating system, also no other way. 另一部分人则坚决反对这种"重装论",他们提出了一些经过成功实践的解决方案,使得"重装论"者败下阵来。 While others are firmly opposed to this "reload" theory, they have made some practical solutions through the successful, the "reload" theory is defeated. 现在我们可以肯定地说,忘记超级用户口令是有办法解决的。 Now we can say, forget the root password is there a way to solve.
----但同时我们也不得不承认,现行的解决方案有很大的局限性,这些局限性决定了现有方案无论怎样变化和发展也不可能成为一种有着强大生命力的最彻底的解决方案。 ---- But we also have to admit that the current solution has many limitations, these limitations no matter how determined the changes in existing programs and develop a strong and can not be a viable solution to the most thorough the program.
传统解决方案的局限性 The limitations of traditional solutions
----上面已经谈到,目前有多种针对超级用户口令被忘记问题的解决方案。 ---- As already mentioned, there are a variety of super-user password is forgotten for the solution to the problem. 为了叙述上的方便,本文将这些方案统称为传统解决方案。 For narrative convenience, this article will these programs collectively referred to as traditional solutions. 传统方案乍看起来似乎各不相同,但经过认真分析和归纳后就会发现,它们实际上大同小异,都有以下共同点: At first glance it seems traditional programs vary, but after careful analysis and synthesis will find that they are actually very similar, have the following in common:
必须有一套(两张)EmergencyBootFloppy(紧急启动软盘)。 Must have (two) EmergencyBootFloppy (emergency boot floppy). 这套软盘均为文件系统格式,必须在SCOUNIX上制作,并且在不同类型机器上制作的紧急启动软盘相互不能通用。 The floppy disk file system format are to be made on the SCOUNIX, and different types of machines produced in the emergency boot floppy disk with each other can not be universal.
用紧急启动软盘启动后,将硬盘根文件系统mount到某个目录下(一般为/mnt目录),然后进入该目录(即进入硬盘根文件系统的根目录),修改相关目录下与超级用户口令有关的信息(各种方案的不同之处主要体现于此)。 After using the emergency boot floppy, the hard disk root file system mount to a directory (usually / mnt directory), then enter the directory (that is, into the hard disk root file system's root directory), modify the relevant directory with the root password related information (the difference between programs mainly reflected here). 最后回到软盘根目录,拆卸/dev/hd0root,重启机器。 Finally, back to the root directory of a floppy disk, removal / dev/hd0root, restart the machine.
----这些共同点实际上反映了传统方案的局限性: ---- Actually reflect these common limitations of traditional programs:
----一、操作平台局限性:要求自始至终必须在SCOUNIX操作系统平台上实施。 ---- A platform limitations: requirements throughout the operating system must be SCOUNIX platform implementation.
----二、操作工具局限性:对紧急启动软盘的依赖性太大。 ---- Second, the operation tool limitation: dependence on the emergency boot floppy too. 万一软盘发生损毁,必须找一台类型相同的机器再制作一套,这就是前面所说的"专盘专用"的限制。 Floppy disk in case the event of damage, one must find the same type of re-production of a machine, which is the previously mentioned "special plate only" restrictions.
----三、操作对象局限性:必须依靠硬盘根文件系统的支持。 ---- Third, the operating limitations of the object: we must rely on the hard disk root file system support. 即操作者与修改对象(指与超级用户口令有关的信息)被文件系统隔开,操作者不能直接修改对象,只能调用文件系统提供的服务修改。 The operator and modify the object (defined with super-user password-related information) are separated by the file system, the operator can not directly modify the object, only calling services provided by the file system changes. 这种方式本是信息科学中倡导的层次化思想的一种体现,在正常情况下应予称道;但任何事物都是有两面性的,在非常情况下--诸如解决忘记超级用户口令这一类问题时--该方式反而有可能带来麻烦。 This is the information in this way the level of scientific ideas to advocate a reflection, in normal circumstances should be praised; but there are two sides to everything, in exceptional circumstances - such as the solution forgotten root password in this category issues - the way they might bring trouble.
----三大局限性说明了传统解决方案可行性的脆弱和狭窄,也决定了它们作为凌驾于文件系统之上的高层方案所必然具有的弊端。 ---- Three illustrates the limitations of traditional solutions, the feasibility of the weak and narrow, but also determines the file system on top of them as superior to high-level program must have the drawbacks. 于是,打破这些局限性,探索出一种全新的解决方案,就成为了摆在一切UNIX研究者面前的新课题。 So, to break these limitations, explore a new solution, has become a priority in the face of all researchers UNIX a new topic.
新课题 New topic
----所谓新课题,就是找到一种能够突破传统方案局限性的新方案。 ---- So-called new issues, is to find a way to break through the limitations of the traditional program of the new program. 究竟从何处下手呢? Exactly where to start? 让我们再来看一看三大局限性。 Let us have another look at the three major limitations.
----操作平台局限性似乎不好突破,因为其它操作系统识别不了UNIX的文件系统格式。 ---- Breakthrough platform limitations seem bad, because other operating systems can not identify the UNIX file system format.
----操作工具局限性好象就更难了,因为紧急启动软盘既要在UNIX上制作,又要在UNIX上使用,所以如果操作平台局限性突破不了,它就更突破不了。 ---- Operating tool limitations seems more difficult, because the emergency boot floppy is necessary to make on UNIX, but also used on UNIX, so if you can not break through the limitations of the platform, it could not break even.
----最后看看操作对象局限性。 ---- Finally, take a look at the limitations of operating objects. 操作对象完全由文件系统管理,操作者必须通过文件系统访问它们。 Entirely by the operation of the object file system management, the operator must access them through the file system. 万一文件系统崩溃,那么即使它下面的文件完好无损,操作者也只能认为这些文件已全部丢失--因为文件系统无法访问(例如mount不上来)。 If the file system crashes, even if it is below intact, the operator can only think that these documents have been lost - because the file system can not access (for example, do not mount up). 其实这个时候还是有办法找到那些文件的,方法就是直接访问物理硬盘。 In fact, this time there are ways to find those documents, the method is direct access to the physical hard disk. 道理很简单:就本质而言,文件系统只不过是一个构筑于物理硬盘之上的逻辑组织,平时我们是通过它来访问物 The reason is simple: in essence, is just a file system built on top of the logical organization of the physical hard disk, usually we use it to access the material
理硬盘的;现在这个组织寿终正寝,不能再为我们服务了,于是我们只好"自己动手,丰衣足食"。 Hard disk management; now come to an end the organization can no longer serve us, so we had to "do it yourself and clothing." 直接访问物理硬盘不但可以使文件"失"而复得,而且还有另外一个重要意义 Direct access to the physical hard disk can not only make the file "missing" were being undone, but there is another important
--突破了操作对象局限性。 - Break through the limitations of the operating target.
----操作对象局限性一旦突破,我们就会惊奇地发现突破另外两大局限性简直可以说是顺理成章了。 ---- Once a breakthrough operating limitations of the object, we will be surprised to find that break the limitations of the other two can be said is simply a matter of course. 因为虽然其它操作系统识别不了UNIX的文件系统格式,但在任何操作系统上,我们都可以访问物理硬盘;而只要是带有访问物理硬盘功能的软件,都可以成为我们的操作工具。 Because although other UNIX operating systems can not identify the file system format, but in any operating system, we can access the physical disk; so long as access to physical disk with features of the software, can be a tool for our operations.
----现在我们要做的仅仅是:找一个大家最熟悉的操作系统和一个最易寻觅的可以访问物理硬盘的软件。 ---- Now we need to do is: find a most familiar operating system and most likely to find a physical hard disk that can access the software.
----大家最熟悉的操作系统无疑是DOS。 ---- We are most familiar with the operating system is undoubtedly the DOS. 可以访问物理硬盘的软件很多,但最易寻觅的莫过DEBUG.EXE。 The software can access a lot of physical hard disk, but the source is most likely to find DEBUG.EXE. 所谓最易寻觅,是因为DEBUG是DOS本身的一条外部命令,可以说只要是在安装了DOS的机器上都可以找到它。 The so-called most likely to find, because DEBUG is itself an external DOS command, it can be said as long as the DOS installed on the machine can find it. 对DEBUG略知一二的人可能会指出该命令并没有提供访问物理硬盘的选项,但请不要忘记DEBUG是DOS提供给用户的一个汇编语言调试程序,我们完全可以利用它编写、调试和执行一个汇编小程序去访问物理硬盘。 DEBUG know a little of the people may point out that the command does not provide access to the physical hard disk option, but please do not forget that DEBUG is available to the user of a DOS assembly language debugger, we can use it to write, debug, and execute a compilation of small programs to access the physical disk. 应 Should
该说,这对一个能够取得系统管理员身份的人并不困难。 This said, a system administrator to obtain the identity of people is not difficult.
----综上所述,在DOS上运行DEBUG来破除UNIX管理员口令,这就是本文提出的解决SCOUNIX超级用户口令被忘记问题的新方案。 ---- In summary, running on the DOS DEBUG to get rid of UNIX administrator password, which is the proposed solution SCOUNIX super-user password is forgotten at new options.
新方案的应用 Application of the new program
----新方案已经提出,下面我们来看看它是如何应用于实践的。 ---- New program has been put forward, let's see how it is used in practice.
----首先需要指出,由于文章篇幅和性质的限制,本文不可能将新方案实施过程中涉及到的所有知识以"入门讲座"的方式加以介绍。 ---- First of all be noted that, due to article length and nature of the restrictions, this can not be involved in the process of implementing a new program to all knowledge to "Getting Started Seminar" means to us. 因此,在阅读本小节前,读者应具备下列基础:熟悉硬盘主引导扇区和UNIX分区及UNIX文件系统的构造(这对UNIX系统管理员来说不成问题)、了解中断13H入口参数含义、使用过DEBUG命令。 Thus, in reading this little pre-holiday, the reader should have the following basis: familiar with the hard disk master boot sector and partition UNIX and UNIX file system structure (which UNIX system administrator is not an issue), to understand the meaning of interrupt 13H entrance parameters, use through the DEBUG command.
----一台COMPAQDESKPROXL/466服务器,主板内含PCISCSI-2控制器一个,上接富士通硬盘一只,该硬盘主要参数为:1041柱面,64头,32扇。 ---- A COMPAQDESKPROXL/466 server PCISCSI-2 controller board contains a, then on a Fujitsu hard disk, the disk main parameters are: 1041 cylinders, 64, 32. 硬盘上装有SCOUNIX Hard disk with SCOUNIX
SystemV/386Release3.2operatingsystemVersion4.2。 SystemV/386Release3.2operatingsystemVersion4.2. 现在假设其超级用户口令被忘记。 Now assume that the super-user password is forgotten.
----首先,随便找一台安装了DOS的计算机,制作一张DOS系统盘,并在系统盘上拷贝一个DEBUG.EXE文件。 ---- First of all, just to find a computer with DOS-based computers, making a DOS system disk, and copy in the system tray on a DEBUG.EXE file.
C:\DOS>format/sa: C: \ DOS> format / sa:
C:\DOS>copydebug.exea: C: \ DOS> copydebug.exea:
----然后将该盘插入COMPAQ服务器A驱,开机启动DOS操作系统,执行DEBUG命令。 ---- Then insert the disk drive A COMPAQ server, boot DOS operating system, execute the DEBUG command.
A:\>debug A: \> debug
----现在我们就编写一段汇编语言程序(以下简称app),来读出硬盘0柱0头1扇区的内容。 ---- Now we write a assembly language program (hereinafter referred to as app), to read the hard disk sector 0 column 0 1 content. 该扇区存放的是主引导记录,读出它是为了确定SCOUNIX分区的起始位置。 The sector is stored in the master boot record, read it in order to determine the starting position SCOUNIX partition. app是调用中断13H实现的,以后我们还要反复用到它,当然入口参数将随所读内容物理地址的变化而变化。 app calling interrupt 13H is achieved, after we have repeatedly used it, of course, read the entry parameters with the contents of the physical address changes.
-a -A
2039:0100MOVAX,0201 2039:0100 MOVAX, 0201
2039:0103MOVBX,1000 2039:0103 MOVBX, 1000
2039:0106MOVCX,0001 2039:0106 MOVCX, 0001
2039:0109MOVDX,0080 2039:0109 MOVDX, 0080
2039:010CINT13 2039:010 CINT13
2039:010EINT20 2039:010 EINT20
2039:0110 2039:0110
-g -G
Programterminatednormally Programterminatednormally
----现在我们可以用"dump"命令查看被读到内存里的扇区内容。 ---- Now we can use the "dump" command to view memory sectors to be read the contents. 从偏移11BEH处开始是分区表,其中类型标志字节为63H的分区是SCOUNIX分区。 Starting at offset 11BEH from the partition table, the type of flag byte is 63H which partition is SCOUNIX partition. 该分区起始于1柱面0磁头1扇。 The partition starts at cylinder 0 head 1 1.
----下面,读出UNIX根文件系统i-node表的第一个扇区,以确定根目录的物理位置。 ---- Now, read the UNIX root file system i-node table of the first sectors to determine the physical location of the root directory.
----根据UNIX分区起始位置可知根文件系统始于2柱0头1扇。 ---- According to the starting position we can see the root partition UNIX file system begins with a 2 column 0. 并且,由于2柱0头1扇是引导块,2扇是超级块,3、4扇为间隔,所以i-node表必定始于第5扇。 And, because a 2 column 0 is the boot block, super block 2, 3, 4 fans for the interval, so the i-node table must be started in the first five.
----我们用app读出它(CX的赋值应改为"0205")。 ---- We read it with the app (CX assignment should be changed to "0205").
----读出后用"dump"命令查看偏移1040H至107FH的64个字节,这就是2号i-node,即根目录的i-node。 ---- Read out with the "dump" command to see the offset 1040H to 107FH of 64 bytes, which is 2 i-node, that is the root directory i-node.
----下面我们就根据i-node计算根目录在硬盘上的物理地址。 ---- Here we calculate the i-node under the root directory on the hard disk's physical address.
----我们从偏移1040H看起: ---- We offset 1040H looks:
----ED41H表示文件类型与存取权限为"drwxr-xr-x"; ---- ED41H that file type and access permissions "drwxr-xr-x";
----1000H表示文件连结数为16; ---- 1000H file link that number to 16;
----0000H表示文件属主ID为0; ---- 0000H indicates that the file owner ID is 0;
----0200H表示文件组ID为2; ---- 0200H indicates that the file group ID of 2;
----80020000H表示文件字节数为640个; ---- 80020000H indicates that the file is 640 bytes;
----DA0500H表示第一个数据块地址。 ---- DA0500H said first data block address. 由于其它12个数据块地址均为0,所以可断定根目录在硬盘上只占了一个数据块。 As the other 12 data block address are 0, so it can be concluded only on the hard disk root directory of a data block. 现在我们必须依据DA0500H计算出这个数据块存放在硬盘的第几柱面、第几磁头、第几扇区。 Now we have to calculate this based on DA0500H data block stored in the hard drive of the first of several cylinders, the first of several heads, the first of several sectors. 计算公式如下: The formula is as follows:
C=TRUNC(P/(H*S)) C = TRUNC (P / (H * S))
C1=C0+C C1 = C0 + C
H1=TRUNC((PC*H*S)/S) H1 = TRUNC ((PC * H * S) / S)
S1=PC*H*S-H1*S+1 S1 = PC * H * S-H1 * S +1
----其中: ---- Of which:
----C1、H1、S1分别为数据块物理地址柱面号、磁头号、扇区号 ---- C1, H1, S1, respectively, the physical address for the data block cylinder number, head number, sector number
----P等于数据块地址翻译成十进制数后再乘以2 ---- P equal to the data block address translation into decimal and then multiply by 2
----H为硬盘磁头数 Number for the disk heads ---- H
----S为每磁头扇区数 ---- S the number of sectors per head
----C0为根文件系统起始柱面 ---- C0 starting cylinder for the root file system
----C只是一个中间量 ---- C only an intermediate amount of
----将DA0500H代入上述公式,并根据H=64,S=32,C0=2,可算出C1=3,H1=29,S1=21。 ---- Will DA0500H into the above equation, and according to H = 64, S = 32, C0 = 2, can be calculated C1 = 3, H1 = 29, S1 = 21.
因此根目录在硬盘上的物理地址为:3柱面29头21扇。 Therefore, the root directory on the hard disk's physical address is: 3 cylinder 29 21.
----用app把它读出来(CX和DX的赋值应分别改为"0315"和"1D80")。 ---- With the app which reads (CX and DX, respectively, the assignment should be changed to "0315", and "1D80").
----读出后用"dump"命令查看,可以发现偏移1050H至105FH是/etc目录的i-node号 ---- Read out with the "dump" command, you can find the offset 1050H to 105FH is the / etc directory i-node number
和文件名,其中i-node号为22H,即34D。 And file name, which i-node number is 22H, the 34D. 因为每个扇区有8个i-node,所以34号 Because each sector has eight i-node, so the 34
i-node必定在2柱面0头9扇。 i-node must be in the 2 cylinder 0 9.
----用app读出它(CX和DX的赋值分别改为"0209"和"0080")。 ---- Read it with the app (CX and DX, respectively, assigned to "0209" and "0080").
----用"dump"命令可看出偏移1040H至107FH正是/etc目录的i-node。 ---- With "dump" command can be seen offset 1040H to 107FH is the / etc directory i-node. 我们把它的 We put it
数据块也读出来。 Data blocks are read out. 先计算第一个数据块的物理地址。 First calculate the first data block physical address. 将2D0700H代入公式,算出/etc第 Will 2D0700H into the formula, calculate the / etc first
一个数据块物理地址是3柱面50头27扇。 Physical address of a data block is the 3 cylinder 50 27.
----用app读出它(CX和DX的赋值分别改为"031B"和"3280")。 ---- Read it with the app (CX and DX, respectively, assigned to "031B" and "3280").
----用"dump"命令可看出偏移11A0H至11AFH是/etc目录下的passwd文件名。 ---- With "dump" command can be seen to 11AFH offset 11A0H is the / etc directory passwd file name. 我们 We
用"enter"命令把它改成zls,然后再运行app(AX的赋值应改为0301)。 With the "enter" command to put it into zls, and then run app (AX the assignment should be changed to 0301).
----现在退出DEBUG命令。 ---- Now exit the DEBUG command.
----取出软盘,重启机器,引导UNIX操作系统。 ---- Remove the floppy disk, restart the machine, boot the UNIX operating system.
----按照引导顺序,UNIX显示出硬件配置信息后就该提问超级用户口令了,但就在此 ---- According to the boot sequence, UNIX hardware configuration information showing the root password after the question, but in this
时它却突然发现/etc/passwd文件失踪了! When it suddenly found / etc / passwd file missing! (其实只是被改名为zls,但UNIX对此一无 (In fact, just being renamed zls, but this one is no UNIX
所知。 Know. )没有了这个文件,UNIX无法提问超级用户口令,于是它只好在屏幕上显示如下 ) Without this files, UNIX can not question the root password, so it had to on the screen shown below
信息并允许用户以系统管理员身份直接进入系统维护态: Information and allows users to directly enter the system as a system administrator to maintain state:
su:Unknownid:root su: Unknownid: root
/etc/tcbck:file/etc/passwd / Etc / tcbck: file / etc / passwd
ismissingorzerolength ismissingorzerolength
/etc/tcbck:eitherslash(/)ismissingfrom / Etc / tcbck: eitherslash (/) ismissingfrom
/etc/auth/system/filesortherearemalformedentries / Etc / auth / system / filesortherearemalformedentries
in/etc/passwdor/etc/group in / etc / passwdor / etc / group
/etc/smmck:restoremissingfiles / Etc / smmck: restoremissingfiles
frombackupordistribution. frombackupordistribution.
INIT:SINGLEUSERMODE INIT: SINGLEUSERMODE
****PASSWORDFILEMISSING!**** **** PASSWORDFILEMISSING !****
EnteringSystemMaintenanceMode EnteringSystemMaintenanceMode
# #
----进入维护态后,当然就可以"为所欲为"了。 ---- Into the maintenance state, the course can "do whatever they want" the. 但最好先设置一个新的超级用户口令。 But a good idea to set a new root password. 要想这样做,首先必须恢复passwd文件名。 To do so, we must first restore the passwd file name.
#mv/etc/zls/etc/passwd # Mv / etc / zls / etc / passwd
----然后,就可以用/bin/passwd命令设置新的超级用户口令了。 ---- Then, you can use / bin / passwd command to set a new root password.
结束语 Conclusion
----在本文行将结束时,我们再来作一个小小的总结。 ---- Towards the end of this article, let us make a small summary.
----传统方案有操作平台、操作工具和操作对象局限性。 ---- Traditional programs are operating platform, object manipulation tools and operating limitations. 新方案则突破了这三大局限 This new program has three major limitations are exceeded
性。 Of.
----一、新方案突破了操作平台局限性。 ---- A new program exceeded the limitations of the operating platform. 传统方案的操作平台必须是UNIX,而新方案则是DOS。 Traditional programs operating platform must be UNIX, and the new program is DOS. DOS比UNIX普及得多,中国的绝大部分计算机用户对UNIX陌生,但对DOS却相当熟悉,使用起来也有亲切感。 UNIX is much more than the popularity of DOS, the vast majority of Chinese computer users familiar with UNIX, but DOS is quite familiar with them but also intimacy.
----二、新方案突破了操作工具局限性。 ---- Second, the new program exceeded the operational tool limitations. 传统方案的操作工具必须是两张紧急启动软盘,而新方案仅使用一张DOS系统盘,其上只需拷贝一个DEBUG.EXE文件。 Traditional program manipulation tools must be two emergency boot floppy disk, and the new program to use only a DOS system disk, just copy it on a DEBUG.EXE file. 紧急启动软盘只能专盘专用,DOS系统盘却不存在这个问题--用任何一台机器上的DOS制作出的系统盘,可以用来解决任何一台机器上的UNIX超级用户口令被忘记的问题。 Emergency boot floppy disk can only be specifically dedicated, DOS system disk does not have this problem - any machine with a DOS system disk to produce, can be used to solve any one machine on the UNIX root user password is forgotten the problem. 至于用来访问物理硬盘的软件,当然更不是非DEBUG不可,任何软件--只要支持访问物理盘--均可。 The software used to access the physical hard disk, and certainly not non-DEBUG is not any software - just to support access to physical disk - can be. 作者推荐使用Norton8.0软件包里的diskedit程序,对不懂汇编语言编程的人来说该程序无疑是一个最好的选择。 Authors recommend using the software package of diskedit Norton8.0 procedures, people do not know assembly language programming for the program is undoubtedly the best choice.
----三、新方案突破了操作对象局限性。 ---- Third, the new program exceeded the limitations of the operating target. 传统方案的操作对象是文件系统管理下的文件,而新方案撇开了文件系统,直接在底层修改数据。 Traditional programs operating under the management of the file system object files, and put aside the new program file system, modify the data directly in the underlying.
----最后需要说明的是,对于SCOOpenServerRelease5,因条件所限,作者还没有使用过,所以关于新方案在该版本上执行时步骤是否需要修改以及如何修改的问题,如果有机会,作者会加以适当的补充。 ---- A final note is that, for SCOOpenServerRelease5, due to limited conditions, the authors have not used, so the new version of the program is executed on the steps need to modify and how to modify the problem, if given the opportunity, the authors will be appropriate to add. (小鹰) (Kitty Hawk)
Tidak ada komentar:
Posting Komentar