Admin User Screw Up - Need Help Please!

Discussion in 'Mac OS X 10.3 (Panther) Discussion' started by tj2001, Dec 30, 2003.

  1. tj2001 macrumors regular

    Joined:
    Dec 7, 2003
    Location:
    Florida - USA
    #1
    Ok... I was attempting to fix someone else's mess up, but ended up fixing one problem and creating a worse one.

    The only user account (Admin) had a wrong short-name assigned to it... I had assumed that by going into Netinfo Manager and using root I could change this... I had went to users and for that user I change all values that had the wrong "short-name" to the one I wanted and it seemed to work... thing is it stripped "Admin" access from the new short-name user...

    So now there is no user with admin access. When I log in I don't have it set to use root user... it is disabled... I know there has to be a way to grant this user admin status from the terminal or something? Any ideas or please let me know how ti fix this... I would be sincerely thankful.
     
  2. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #2
    Can we assume that you can't get back into Netinfo Manager and change anything because you can't get superuser (root, admin) status?

    Can we assume that there is no recent backup of this system?

    Can you open the Terminal application, type "su", type the root password, and get to the prompt that uses a hashmark instead of a percent sign?
     
  3. zimv20 macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #3
    he should be able to do this

    this won't work unless superuser is enabled
     
  4. zimv20 macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #4
    i'm not sure if this will help you, but...

    if you can't get UI NetInfo to work, log into the console (type ">console" at the username prompt, it'll give you a password prompt) and see if you can log in that way.

    if you can, you might be able to use the niutil command line command to fix things.

    i've never tried this, but it may come in handy.
     
  5. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #5
    I look at it differently... IF it's an OS9 bootable machine. Just boot to 9, take the apps and docs you want and do a complete install. Why waste time going through all that if it is 9 bootable, nicht war? (In my job time is a luxury so I look for the simplest fix!)
    If it's NOT 9 bootable, well, there are a LOT smarter folks than me here.
    Good luck.
     
  6. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #6
    I've used niutil to do NetInfo changes from the command prompt, if you get that far. You'll have to be superuser to make changes.
     
  7. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #7
    I look at it differently... IF it's an OS9 bootable machine. Just boot to 9, take the apps and docs you want and do a complete install, then drag them back. Why waste time going through all that if it is 9 bootable, nicht war? (In my job time is a luxury so I look for the simplest fix!)
    If it's NOT 9 bootable, well, there are a LOT smarter folks than me here.
    Good luck.
     
  8. tj2001 thread starter macrumors regular

    Joined:
    Dec 7, 2003
    Location:
    Florida - USA
    #8
    Correct... any changes I try to do it asks for admin pass & there is no admin. Also if I try to enable root user, once again it asks for admin pass. So nothing there.

    It's a brand new, maybe 3 day old, iMac... so wiping the drive is my next case scenario. Though I'm trying to avoid that.

    I went into the terminal and type "su -" and asked for the password; when I entered the pass it gave a message stating that "usernamehere" is not in the list of sudoers and that it has been logged.

    So now I'm lost... any more ideas. Can someone elaborate on the "niutil" command and how to properly use it?
     
  9. zimv20 macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #9
    try the >console trick first and see if you can get that far. perhaps before that, you want to boot from the install CD and (re)set the root password. use that for the >console login.
     
  10. tj2001 thread starter macrumors regular

    Joined:
    Dec 7, 2003
    Location:
    Florida - USA
    #10
    Not quit sure on exactly what you mean...? So put in the install CD reset the root's or the user's password? Then what "console trick" are you saying the niutil?
     
  11. mmcneil macrumors regular

    Joined:
    Sep 4, 2001
    Location:
    San Diego, CA
    #11
    You need to boot from the install CD [Disk 1]. One of the options is to reset passwords. However, since you do not have root enabled, not sure how this will work.

    You might try reinstalling with the preserve and archive option.

    If you have another drive or partition, try installing OS X on one of them, set up your user correctly and then copy the contents of the old user directory over.
     
  12. bankshot macrumors 65816

    bankshot

    Joined:
    Jan 23, 2003
    Location:
    Southern California
    #12
    What probably happened was that you didn't change the username in the admin group's list of users. Thus you were no longer in the admin group and not able to make any more changes.

    Just reboot into single-user mode. When the computer starts up, hold down Command-S and you'll get a prompt with superuser access. From there, you'll use niutil to re-add the new username to the "admin" group.

    niutil -appendprop . /groups/wheel users newuser

    Replace the "newuser" part with the new username you made. Once you're back up and running, you can get into NetInfo Manager and remove the old username from the admin group since it's not necessary to be in there anymore.
     
  13. tj2001 thread starter macrumors regular

    Joined:
    Dec 7, 2003
    Location:
    Florida - USA
    #13
    bankshot... your reply sounds clear and concise! I will try it tomorrow and will post an update on the outcome. I appreciate everyones effort on trying to rectify this issue. Thank you all very much.
     
  14. Westside guy macrumors 601

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #14
    Shouldn't that be "/groups/admin" instead of "/groups/wheel"? When I just checked netinfo, I'm in the "admin" group but not the "wheel" group. Only root is in "wheel".

    Perhaps this was not true in older versions of OS X? I'm running 10.3.2.
     
  15. bankshot macrumors 65816

    bankshot

    Joined:
    Jan 23, 2003
    Location:
    Southern California
    #15
    Ehh, you're right. Good catch! I copied that from an old note I had when I was first learning about niutil, forgot to change it to the admin group.
     
  16. tj2001 thread starter macrumors regular

    Joined:
    Dec 7, 2003
    Location:
    Florida - USA
    #16
    Ok I'm at the machiine now and I attempted what was said; booting up into Single-User mode and issuing the command... thing is it seems to hang. I put the command in and it doesn't return a prompt. Does it take a long time to add the value??

    Any more feedback will be appreciated.
     
  17. dchung macrumors newbie

    Joined:
    Jan 2, 2004
    #17
    I did something similar to what you did on my own mac.

    To fix it, I restarted in single-user mode.

    Then I ran visudo. It's an editor that lets you edit the sudoers file in /etc/

    I added my new short name to the sudoers file then restarted.

    I don't remember what I did after this (it was a few months ago). But now that I had su access I was able to clean stuff up in netinfoutil.

    I found out about this on some security website that talked about this vulnerability.

    Hope this helps.
     
  18. bankshot macrumors 65816

    bankshot

    Joined:
    Jan 23, 2003
    Location:
    Southern California
    #18
    Oops, it looks like OS X's single user mode is very bare bones, so the NetInfo daemon is not started yet. So scratch that idea! :(

    Instead, you can do something like what dchung suggested. Boot into single user mode, add yourself to the sudoers file using visudo, then exit the shell and the machine will start up normally. Login as yourself, open Terminal, and do the above niutil command, but with sudo:

    sudo niutil -appendprop . /groups/admin users newuser

    Now, all of this hinges on your knowing enough about vi to edit the sudoers file and save it. If not, I can walk you through the steps. ;)

    Oh, and note that before you run visudo, you need to remount the hard drive as read-write:

    mount -uw /
    visudo
     
  19. Westside guy macrumors 601

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #19
    It shouldn't take that long for the "niutil" command to finish. I wonder if you've got a corrupted netinfo database?

    One possibility (don't do this until there's some feedback from others here) would be to restore the netinfo database from a time before the problem started. This probably won't work if you're working with a laptop, because by default the netinfo backups occur at 3:15am - so unless the computer is on at that time, the backup won't happen.

    Apple has instructions on restoring your netinfo database from backup at

    http://docs.info.apple.com/article.html?artnum=107210

    IF YOU CHOOSE TO DO THIS, DON'T SKIP A STEP. The first instruction basically gives you a backup of the current, possibly corrupted, netinfo database. This means if you run into too many problems you can at least get back to the point you're at now. Backing up is important!!!
     
  20. tj2001 thread starter macrumors regular

    Joined:
    Dec 7, 2003
    Location:
    Florida - USA
    #20
    That's what I'm going to have to do. I'm not at the computer right now... it's going to have to wait until tomorrow again... The gentleman had to go out to dinner; I told him I'd research it more and get a solution.

    Once again I really appreciate your input. I'm really trying NOT to wipe the drive and starting over.
     
  21. tj2001 thread starter macrumors regular

    Joined:
    Dec 7, 2003
    Location:
    Florida - USA
    #21
    Wait... you said to boot into single user add me to the sudoers using visudo and then reboot up regularly and then run that niutil command?

    I'm assuming that adding me to the the "sudoers" list will let me use sudo??
     
  22. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #22
    Right. File /etc/sudoers has lines like this:

    root ALL=(ALL) ALL

    to specify a user name and its privileges. The syntax can be much more complicated, but that's the simplest form of an entry. It's a text file with one entry per line.
     
  23. Westside guy macrumors 601

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #23
    Sudo - in case it's not obvious

    Note that when you run sudo and are asked for a password, it wants YOUR password - not roots. :)

    That one threw me for a bit, since my first thought was "I'm running a command as root, I must need root's password". Heh.
     
  24. tj2001 thread starter macrumors regular

    Joined:
    Dec 7, 2003
    Location:
    Florida - USA
    #24
    Ok can you please post a detailed walk through after I have booted into single user mde to accomplish this and what to do? I'll print it out and take it with me when I go to his house. Thanks Again :)
     
  25. bankshot macrumors 65816

    bankshot

    Joined:
    Jan 23, 2003
    Location:
    Southern California
    #25
    Sure! I'll assume then that you aren't familiar with vi. It's a powerful editor but not user friendly if you're not used to it. ;)

    Just to recap:
    1. Restart
    2. Hold Command-S, wait for the prompt
    3. Type mount -uw /
    4. Type visudo

      Once you type visudo, you're in the vi editor and you should see the sudoers file. The bottom section probably looks like this:

    5. Use the down arrow key to move the cursor all the way to the bottom of the file.
    6. Hit the o key. The cursor should go to a new line and you can begin typing.
    7. Type a new line just like the one with root, but with your username instead:
      (replace newuser, obviously) The first whitespace after the username is a tab character (don't know if this is critical, but best to keep it the same as the other entries).
    8. Hit the ESC key. This gets you out of edit mode.
    9. Type ZZ (that's capital ZZ). It's a shortcut for save and quit. When I tested this, I got an error message about "Can't write .viminfo" or something, but it seems harmless. The sudoers file gets saved and that's the important part. Hit enter to get past this if it shows up.
    10. Now you're back at the prompt, so you can just type exit and the machine will resume normal bootup.
    11. Login as the newuser and start up Terminal.
    12. Type sudo niutil -appendprop . /groups/admin users newuser As Westside guy noted, it's asking for your password.
      [/list=1]

      Now you should have full admin access again! You can go into NetInfo Manager if you want and remove the old username from the admin group. Or not, it's probably harmless, and up to you if you want to tempt fate. :p

      I hope this helps!
     

Share This Page