Plesk root password recovery

I was doing a password rotation on a server the other day and for some reason it failed whilst I was updating root. Maybe the password was too long, maybe Virtuozzo doesn’t do proper validity checking but either way I lost access to root.

Luckily if you’ve still got access to a Plesk admin user you can use this to your advantage and get root access back.

First of all you need a user with SSH access, in the Plesk admin panel make sure the account is set up with ‘/bin/bash’ as the root directory and not ‘/bin/bash (chrooted)’.

SSH into the server with that users’ credentials and create two scripts, the first one:

#!/bin/bash
cp /etc/shadow /tmp/shadow.tmp;
chmod 777 /tmp/shadow.tmp;
exit;

The second:

#!/bin/bash
cp /tmp/shadow.tmp /etc/shadow;
chmod 640 /etc/shadow;
exit;

Place them in /tmp or wherever you want to run them from and name them what you like, I’ll refer to them as 1.sh and 2.sh from here on.

Give the scripts execute permissions:

chmod +x /tmp/1.sh /tmp/2.sh

Now go back to your Plesk admin panel and go to Server > Tools & Resources > Scheduled Tasks.

Search for or select the user ‘root’ and add a new task.

Enter */1 in the Minute field and * in the rest of them, in the Command field enter the path to your first script, most probably /tmp/1.sh.

Hit the OK button.

This cron job will run the first script once a minute, on the minute so wait a minute and it will have made a copy of the /etc/shadow file called /tmp/shadow.tmp, check your /tmp folder for this.

Once the file has appeared, remove the task in the Plesk admin panel so it stops copying the file every minute.

In your SSH session open /tmp/shadow.tmp in your favourite editor.

Copy the whole line for a user that you know the password of, you might want to choose the line that matches the SSH user you’re currently using as you definitely know that password.

Replace the line (most probably at the top of the file) for the root user with the one you’ve just copied and then change the username at the beginning of the line from whatever user it is to ‘root’, save your file making sure it’s still called ‘shadow.tmp’.

Now go back to the Plesk admin panel and make a new scheduled task, exactly the same configuration as before but set the command to be ‘/tmp/2.sh’.

Hit the OK button on the task and wait 1 minute for the task to run, after a minute remove the task so it doesn’t carry on running the script. If you’ve done everything right you’ll have replaced the password hash for the root user with a known password and you’ll be able to log in as root using this known password.

Once you’ve logged back in change the root password and clear up the files in your /tmp folder.

Let me know how you get on, I know the scripts could be cleaned up and consolidated but I didn’t want to use a delay so that I wasn’t rushed in making sure I’d edited the files in time, it was easier just to run two cron jobs.

502 Bad Gateway error

Yesterday I was configuring WordPress and Jetpack when I got a 502 Bad Gateway error error from Nginx.

It’s simple enough to fix but I’ve not used Nginx too much, here’s the problem and solution…

When you’re using Nginx as a reverse proxy to Apache sometimes the upstream server can send headers too big to fit in the Nginx buffer. We’re using Plesk Control Panel on our server, so I’m not sure if it’s to do with the defaults set for Nginx within that but to fix it do the following.

Open /etc/nginx/nginx.conf in your favourite editor

Add the following inside the http directive:

proxy_buffers 8 32k;
proxy_buffer_size 64k;

Save it, restart Nginx and Apache, ta da!

Your mileage may vary so play about with the number of buffers and their sizes.

Dropbox

I remember being at college and having to carry a plastic box full of 3.5″ floppy disks around with me. Every so often fluff from the deepest, darkest corners of the earth would infiltrate the shutter and… Abort, Retry, Fail? Shit, all my (hard) work consumed.

A few years pass and USB flash drives arrive on the scene, although they started out expensive, slow and lacking in any great capacity they we’re much more durable than floppy disks and as time went on physical size decreased, storage space and speed increased exponentially.

So for the last few years I’ve been carrying around a 16GB OCZ Rally2, it’s battered and I’ve lost the plastic cap that keeps the USB connector free from dust but it works and it’s quick. Then one day I was walking to work and I found a USB flash drive on the pavement, I picked it up and wondered if I could reunite it with its owner. Plugging it in to a virtual machine in a sandbox I tried to see if I could identify who it belonged to, it had a few Word documents on it but nothing that would help me identify the owner.

I started to think about all the personally identifiable information I had on my flash drive, my CV, letters to my bank, job applications, all things I wouldn’t really want people to read if for whatever reason I mislaid the drive. Looking around the Internet I decided upon the not so elegant solution of creating an encrypted partition on the drive using TrueCrypt, it did the job but I had to rely on being able to install TrueCrypt on any machine I needed to access the encrypted files from.

Recently I stumbled upon Dropbox, a web based file hosting service. They offer a freemium service that gives 2GB of storage which can be increased by referring users to the site and they’ll double the referral bonus space for users registering with an academic email address (this also works for .ac.uk addresses).

Once registered you download the client app, install it and choose a place on your computer to display a shared folder, anything you drop into the folder is synchronised to Dropbox and it appears on any other machine or device you have the software installed on.

What I really like about the service is just how many Operating Systems and devices are supported, I can share files between my Mac, my Windows 7 PC which dual boots to Ubuntu and my Android smart phone. The connection is over SSL and all the files stored on Dropbox are encrypted.

A few years ago, this type of service just wouldn’t have been practical, we’ve got a 20Mbit Internet connection at home and I’m lucky enough to be connected to an academic network at 155Mbit at work so moving files about is virtually seamless. I carry my smart phone with me everywhere so I can grab files on the go plus Dropbox can be accessed through any web browser if you don’t have the rights to install the client.

I don’t have to worry about losing my flash drive, damaging the USB connector or just how long the flash memory chips inside it are going to last, everything is stored on Amazon’s Simple Storage Service (S3) and it just works!

Not only does Dropbox let me keep private files, I can share any of my files with other people, I can create a Public folder that anyone can have access to and I can even upload images to galleries and give people access without them having to have a Dropbox account.