Hi all,
Something happenned with the /etc/passwd file which makes it completely
unusable, while the passwd.dir and .pag are apparently still good, because the
system is still working as usual and accepting users.
I'm on DU 4.0b and I haven't yet dealt with such situation.
I've been looking at log files and other clues to find out if a hacker or even
just a user could've been responsible for this, but as the date on that passwd
file says, it's been more than the 7 days that syslog keeps the log files so I
don't have any clues dating back to the day it happenned.
I was trying to find a way to reverse what mkpasswd does, hopefully to recreate
the original passwd file from it's hashed counterparts, but I haven't found the
way yet, so if anybody knows how to do this, I'd appreciate the help.
Or is there any other way to recreate the system passwd file?
Would there be a backup made automatically by unix and hidden somewhere?
--
Didier Godefroy
Received on Thu May 20 1999 - 18:52:03 NZST