Plesk root password recovery

I was doing a password rotation on a server the other day and for some reason it failed whilst I was updating root. Maybe the password was too long, maybe Virtuozzo doesn’t do proper validity checking but either way I lost access to root.

Luckily if you’ve still got access to a Plesk admin user you can use this to your advantage and get root access back.

First of all you need a user with SSH access, in the Plesk admin panel make sure the account is set up with ‘/bin/bash’ as the root directory and not ‘/bin/bash (chrooted)’.

SSH into the server with that users’ credentials and create two scripts, the first one:

#!/bin/bash
cp /etc/shadow /tmp/shadow.tmp;
chmod 777 /tmp/shadow.tmp;
exit;

The second:

#!/bin/bash
cp /tmp/shadow.tmp /etc/shadow;
chmod 640 /etc/shadow;
exit;

Place them in /tmp or wherever you want to run them from and name them what you like, I’ll refer to them as 1.sh and 2.sh from here on.

Give the scripts execute permissions:

chmod +x /tmp/1.sh /tmp/2.sh

Now go back to your Plesk admin panel and go to Server > Tools & Resources > Scheduled Tasks.

Search for or select the user ‘root’ and add a new task.

Enter */1 in the Minute field and * in the rest of them, in the Command field enter the path to your first script, most probably /tmp/1.sh.

Hit the OK button.

This cron job will run the first script once a minute, on the minute so wait a minute and it will have made a copy of the /etc/shadow file called /tmp/shadow.tmp, check your /tmp folder for this.

Once the file has appeared, remove the task in the Plesk admin panel so it stops copying the file every minute.

In your SSH session open /tmp/shadow.tmp in your favourite editor.

Copy the whole line for a user that you know the password of, you might want to choose the line that matches the SSH user you’re currently using as you definitely know that password.

Replace the line (most probably at the top of the file) for the root user with the one you’ve just copied and then change the username at the beginning of the line from whatever user it is to ‘root’, save your file making sure it’s still called ‘shadow.tmp’.

Now go back to the Plesk admin panel and make a new scheduled task, exactly the same configuration as before but set the command to be ‘/tmp/2.sh’.

Hit the OK button on the task and wait 1 minute for the task to run, after a minute remove the task so it doesn’t carry on running the script. If you’ve done everything right you’ll have replaced the password hash for the root user with a known password and you’ll be able to log in as root using this known password.

Once you’ve logged back in change the root password and clear up the files in your /tmp folder.

Let me know how you get on, I know the scripts could be cleaned up and consolidated but I didn’t want to use a delay so that I wasn’t rushed in making sure I’d edited the files in time, it was easier just to run two cron jobs.

Getting ‘eContent’ onto supervised iPads

Apple Configurator - Web Clip

Managing a large number of iPads can be frustrating, getting content onto them even more so. If you want to manage the applications available on the iPads, Apple Configurator is your man, if you want to manage the content on them you need to find another way to do it.

I was asked to load a self created iBook onto a number of iPads, helpfully the iBooks application doesn’t support iTunes File Sharing, a system that lets you copy files between your computer and apps on iOS devices. Other Apple apps do support it, Pages, Keynote, but not iBooks.

So I thought another way to do it would be to put the iBooks file in Dropbox, download it from Dropbox on iPad 1, open it in iBooks, backup iPad 1 (that now has the iBook installed on it) and restore it to the other iPads that need the iBook on them.

Unfortunately, for reasons not know to me this doesn’t work. The iBook appears in the iBooks application, but without the iBooks’ cover art. Tapping on the icon starts something, but after a second the icon disappears and the bookshelf goes back to being empty.

I could have gone to each iPad and logged into Dropbox to get the file on each of them, but I was trying to keep the workflow short. The method I finally came up with, still involves some manual interaction, but cuts it down.

First of all I uploaded the .ibooks file to a public facing web server, when you link to files on Dropbox it doesn’t just serve up the file immediately, you need to click on a download link first. Hosting the file on a normal web server gets rid of this step.

In Apple Configurator I created a new profile, in the profile I configured a new Web Clip, a Web Clip is just a link to a specific site or web page that creates an icon on the home screen.

Apple Configurator - Web Clip
Apple Configurator – Web Clip

The title can be anything, the URL is the link to the file you uploaded earlier. I left all the other settings, hit Save and applied the profile to all the devices that needed the iBook.

On each device all I had to do was tap the new icon on the home screen, it opens Safari and navigates to my .ibooks file on the webserver, it gives the option of opening the file in the iBooks application and that’s it, the iBook is saved to the application.

Once the iBook is on the device you’ll want to remove the profile from the devices to remove the icon from the home screen.

Whilst it’s more difficult to get iBooks content onto devices via Apple Configurator, Adobe Acrobat Reader does support iTunes File Sharing so you could drop PDF files onto the devices fairly easily but we specifically needed iBooks support.

Apple Configurator 1.4, iOS 7 and Eduroam

Today I sat down to configure a set of Apple iPads to connect to our institutional Wi-Fi network, we use eduroam based around a WPA2 setup.

For anyone who has already used Apple Configurator you’ll know it’s pretty straight forward. Enter a few network details, give it a certificate if needed, save and refresh your devices.

It didn’t go as easy as that. I’d previously setup an Apple TV to connect to the network so I knew I could use Apple Configurator to do what I needed, I went about entering the network details, SSID, Security Type, Protocols and Trusts etc. But whenever I pushed the profiles to the devices they wouldn’t connect to the wireless network.

Apple Configurator
Apple Configurator – Getting the right settings for Eduroam

It all came down to the Security Type setting, although we use WPA2 Enterprise it didn’t seem to like that option and only when (3 hours later) I tried Any (Enterprise) did it actually work.

Dropbox

I remember being at college and having to carry a plastic box full of 3.5″ floppy disks around with me. Every so often fluff from the deepest, darkest corners of the earth would infiltrate the shutter and… Abort, Retry, Fail? Shit, all my (hard) work consumed.

A few years pass and USB flash drives arrive on the scene, although they started out expensive, slow and lacking in any great capacity they we’re much more durable than floppy disks and as time went on physical size decreased, storage space and speed increased exponentially.

So for the last few years I’ve been carrying around a 16GB OCZ Rally2, it’s battered and I’ve lost the plastic cap that keeps the USB connector free from dust but it works and it’s quick. Then one day I was walking to work and I found a USB flash drive on the pavement, I picked it up and wondered if I could reunite it with its owner. Plugging it in to a virtual machine in a sandbox I tried to see if I could identify who it belonged to, it had a few Word documents on it but nothing that would help me identify the owner.

I started to think about all the personally identifiable information I had on my flash drive, my CV, letters to my bank, job applications, all things I wouldn’t really want people to read if for whatever reason I mislaid the drive. Looking around the Internet I decided upon the not so elegant solution of creating an encrypted partition on the drive using TrueCrypt, it did the job but I had to rely on being able to install TrueCrypt on any machine I needed to access the encrypted files from.

Recently I stumbled upon Dropbox, a web based file hosting service. They offer a freemium service that gives 2GB of storage which can be increased by referring users to the site and they’ll double the referral bonus space for users registering with an academic email address (this also works for .ac.uk addresses).

Once registered you download the client app, install it and choose a place on your computer to display a shared folder, anything you drop into the folder is synchronised to Dropbox and it appears on any other machine or device you have the software installed on.

What I really like about the service is just how many Operating Systems and devices are supported, I can share files between my Mac, my Windows 7 PC which dual boots to Ubuntu and my Android smart phone. The connection is over SSL and all the files stored on Dropbox are encrypted.

A few years ago, this type of service just wouldn’t have been practical, we’ve got a 20Mbit Internet connection at home and I’m lucky enough to be connected to an academic network at 155Mbit at work so moving files about is virtually seamless. I carry my smart phone with me everywhere so I can grab files on the go plus Dropbox can be accessed through any web browser if you don’t have the rights to install the client.

I don’t have to worry about losing my flash drive, damaging the USB connector or just how long the flash memory chips inside it are going to last, everything is stored on Amazon’s Simple Storage Service (S3) and it just works!

Not only does Dropbox let me keep private files, I can share any of my files with other people, I can create a Public folder that anyone can have access to and I can even upload images to galleries and give people access without them having to have a Dropbox account.

Living with Android

I’ve been a Nokia user for ten years, I’ve had an 8210, a 6210, a 6100, a 6310i, a 6600, a 6630, an N80, an N95 and an N96. I liked Nokia OS and Symbian OS which I watched evolve over the years of upgrading and swapping between devices but recently Nokia just haven’t been keeping up the pace needed to keep me interested in their phones.

I’ve played with some of the touch screen devices that Nokia have put out, the 5800 and the N97 and even from my brief exploration it was obvious to me that S60 didn’t quite cut it as an OS for touch screen devices. Caught out by Apple and their release of iPhone OS, Nokia added touch screen functionality into S60 5th Edition and made a complete hash of it. Instead of building the OS from the ground up to revolve around interaction with a touch screen, Nokia built on top of S60, originally designed for devices with keyboards and physical buttons, essentially a legacy OS the interface doesn’t feel fluid or intuitive.

I’m a Mac user so the obvious choice should have been an iPhone, don’t get me wrong I like iPhone OS and it ticks all the usability boxes but I’ve never liked the idea of someone controlling the content I put on my device, I’ve bought it, I want to do what I want to it. The Apple App Store is truly amazing and it’s done amazing things to drive the uptake of smart phones but I want full control from end to end.

I got a HTC Hero as an upgrade handset from Orange, I’d read a lot about Android and even though the Hero only had Android 1.5 I was still impressed with the way it worked. It’s a very connected OS to use, if I’m browsing the web on it I can quickly share a page to a social network or easily select some text to translate via Google. The Market, Android’s equivalent of the App Store has lots to choose from, however I think something has to be done to stop it being flooded with badly coded apps, something Apple wins on.

At this point I was pretty much sold on Android so I decided to get a HTC Desire which currently has Android 2.1, better for me as we use Microsoft Exchange at work and I like to keep my calendar and email synced on my device, something that didn’t work perfectly on 1.5. The AMOLED screen on the Desire is simply stunning indoors and at night but outside in the sunlight it’s practically unusable. HTC have done a good job with their Sense interface and social networking sites such as Facebook and Twitter integrate with it well, my one moan about this is that no matter what I do all my Facebook contacts are synced to the phone book on the phone, I’d like to keep these separate.

The in-built web browser works well and renders pages quickly, I had Opera Mini on my N96 so I installed it on the Desire too but I increasingly find myself using the in-built browser as it’s just as fast if not faster. I also couldn’t seem to find how to turn Turbo Mode off in Opera Mini, Opera provide a service that pre loads and compresses web pages to reduce the use of bandwidth. This however means sites see your visit coming from Opera’s servers located outside of the UK, stopping access to some sites that that need your IP address to be in the UK.

Whilst I’m on about the web, the ability to use the Desire as a 3G modem is only supported on Windows, you can use paid for third party software but I’d love to see native support for Linux and OS X, either by USB or Bluetooth but at the moment the stack doesn’t support Bluetooth DUN or PAN. However browsing full web pages on the Desire isn’t a chore and unless I was desperate to use a real keyboard it’s just as easy to use the Desire.

The 5MP auto focus camera is OK, it struggles in low light and pictures are sometimes blurred when viewed at 100%, but for quick uploads to Twitter it’s fine. Google Maps sometimes feels slow to load map data even when using the phones WiFi to a broadband connection but Latitude works well and even the new navigation option got me to where I’ve needed to be speaking out road names and directions.

Mail works well, Exchange support has improved in 2.1 but still has a long way to come. It doesn’t support all of Microsoft’s security policies but the bug(?) is being tracked by Google. My Exchange calendar syncs fine and I can respond to and create meeting requests from the device, also worth mentioning is the ability to access the company directory available through Exchange.

So maybe I’ve still not found the perfect phone but the Desire is almost there. The recently leaked 4th generation iPhone looks like it could be a good device but for some reason I still don’t feel I can trust Apple! Let’s see what Android 2.2 brings!

Other applications I’m using

Advanced Task Killer – Not sure this is really needed as Android dynamically closes apps as the system needs more RAM, but I like knowing that apps I’m not using aren’t using data whilst I’m out and about. Although I’ve got an unlimited data plan it’s good to help preserve battery life.

beebPlayer – There’s no official BBC iPlayer app for Android, beebPlayer does a fantastic job solving this problem. Access to all the iPlayer content and links to live BBC TV channels and radio.

twidroid – This app has a much nicer interface than the bundled Twitter application Peep. There’s a paid “Pro” version of the app that includes video upload but the free version still does search, trends, URL shortening, Image upload and lots more.

Smooth Calendar – I wanted a widget that would show the next few appointments in my calendar, Smooth Calendar does exactly that.

Barcode Scaner – Simple to use barcode scanner that can also read QR Codes.

ShopSavvy – Scan a barcode and this app lets you know if you can get the item cheaper online or locally.

Shazam – Give it a few seconds of music and Shazam identifies the artist and track.

Qik – Android version of Qik, record and upload video to the web.

FileGo – Free file manager, does everything you need it to!

Data Counter Widget – A simple small widget to show how much data I’ve used over WiFi and the mobile network, you can set it to reset automatically on your billing day.