Chinaunix首页 | 论坛 | 博客
  • 博客访问: 19268714
  • 博文数量: 7460
  • 博客积分: 10434
  • 博客等级: 上将
  • 技术积分: 78178
  • 用 户 组: 普通用户
  • 注册时间: 2008-03-02 22:54
文章分类

全部博文(7460)

文章存档

2011年(1)

2009年(669)

2008年(6790)

分类:

2008-05-11 22:22:06

某日/etc/passwd文件被我误清空,大惊失色!幸好root尚未logout,我使出全身解数,终于化险为夷。过程摘录如下:

mycomputer#/home/myname>cat >1
#!/usr/bin/ksh
#create a user named infra
mkuser -a pgrp='nobody' infra
cp /etc/passwd /etc/passwd.old
sed -e '/^infra:/s/$/ /usr/bin/infralogon.sh/' /etc/passwd.old >/etc/passwd.tmp
cat /etc/passwd.tmp >/etc/passwd
rm /etc/passwd.tmp
……
mycomputer#/home/myname>sh 1
cp: /etc/passwd.old: No space left on device
mycomputer#/home/myname>df -k
Filesystem    1024-blocks      Free %Used    Iused %Iused Mounted on
/dev/hd4           188416         0  100%     2643     3% /
/dev/hd2          6356992    712376   89%    82284     6% /usr
/dev/hd9var        425984     88508   80%     4866     5% /var
/dev/hd3           245760    204888   17%      402     1% /tmp
/dev/hd1          1122304    154452   87%     2511     1% /home
……
mycomputer#/home/myname>du / |sort -nr
^Cmycomputer#/home/myname>cd /
mycomputer#/>smit chfs
……
mycomputer#/>cd ~myname
ksh: ~myname:  not found
mycomputer#/>cd ~myname
ksh: ~myname:  not found
mycomputer#/>cd /home/myname
mycomputer#/home/myname>ksh 1
……
mycomputer#/home/myname>cat /etc/passwd
infra:!:11:-2::/home/infra:/usr/bin/ksh /usr/bin/infralogon.sh
说明:由于/文件系统已满,造成运行脚本1时,清空了/etc/passwd。

mycomputer#/home/myname>cd /etc
mycomputer#/etc>ls
……
mycomputer#/etc>cat passwd.old
infra:*:11:-2::/home/infra:/usr/bin/ksh
mycomputer#/etc>cat opasswd
infra:*:11:-2::/home/infra:/usr/bin/ksh /usr/bin/infralogon.sh
说明:由于脚本1运行了两次,造成了/etc/passwd文件彻底无法恢复。

mycomputer#/etc>cat >passwd
root:!:0:0::/:/bin/ksh
……
说明:赶紧把相同功能的其它服务器的/etc/passwd拷过来。

mycomputer#/etc>w
  11:35AM   up 35 days,   2:45,  2 users,  load average: 1.50, 1.41, 1.42
User     tty          login@       idle      JCPU      PCPU what
myname  pts/0       11:18AM          0         0         0 -ksh
myname  pts/1       11:34AM          0         0         0 -ksh
说明:还好,没有其他用户在使用机器,看来暂时不会有什么影响。

mycomputer#/etc>pwdck -n ALL
The user "LARRY" was not found in /etc/passwd.
The user "LARRY" does not have a stanza in /etc/security/user.
The stanza for "aix_supp" was not found in /etc/security/passwd.
The user "aix_supp" does not have a stanza in /etc/security/user.
The stanza for "albert" was not found in /etc/security/passwd.
The user "albert" does not have a stanza in /etc/security/user.
The stanza for "allan" was not found in /etc/security/passwd.
The user "allan" does not have a stanza in /etc/security/user.
The stanza for "andrew" was not found in /etc/security/passwd.
……
#/>cd /etc/security
you have mail in /usr/spool/mail/root
mycomputer#/etc/security>mail
……
说明:用pwdck -n赶紧看看,错误有几百行。同时系统给root发了mail,这个跟/etc/passwd有关,涉及到merlinh这个帐户的crontab,看来要赶紧解决问题才行。mail的内容下面就不贴了。

mycomputer#/etc/security>ls
……
mycomputer#/etc>cp /etc/security/passwd /etc/security/passwd050321                                         
mycomputer#/etc>pwdck -y ALL
The user "LARRY" was not found in /etc/passwd.
The stanza for "aix_supp" was not found in /etc/security/passwd.
The user "aix_supp" does not have a stanza in /etc/security/user.
……
Adding "invscout" stanza to /etc/security/passwd.
Adding "imnadm" stanza to /etc/security/passwd.
……
Adding "shenglp" stanza to /etc/security/user.
Adding "shibin" stanza to /etc/security/user.
……
说明:在pwdck -y之前先备份一下/etc/security/passwd,免得再铸成大错。pwdck -y ALL结果有上千行,真是恐怖!

mycomputer#/etc>cat /etc/passwd |grep -i larry
larry:!:253:209:Liu Larry,101207,CHN,General,YES,YES,1:/home/dcs:/usr/bin/ksh
larryliu:!:218:209:Liu Larry,101207,CHN,General,NO,YES,1:/home/dcs:/usr/bin/ksh
说明:pwdck -y之后,检验一下/etc/passwd的内容,看看而已。

mycomputer#/etc>pwdck -n ALL
The user "merlinh" was not found in /etc/passwd.
The user "william" was not found in /etc/passwd.
you have mail in /usr/spool/mail/root
说明:再次pwdck -n,发现还有两个漏网之鱼。这说明本机原本还有两个帐户是刚刚那台机器不包括的。

mycomputer#/etc>vi /etc/passwd
……
:q!
mycomputer#/etc>cd /home
mycomputer#/home>ls
……
mycomputer#/home>ls |grep merlin
说明:看来merlinh帐户的HOME目录并不在/home下面,问题有点麻烦。

mycomputer#/home>vi /etc/passwd
……
mycomputer#/home>pwdck -n ALL
The stanza for "merlinh" was not found in /etc/security/passwd.
The user "william" was not found in /etc/passwd.
说明:又查看了好几台AIX,终于找到的帐户merlinh的HOME目录,手工修改/etc/passwd吧。但帐户william的HOME目录找不到,先不管它。

mycomputer#/home>cd /etc/sec*
mycomputer#/etc/security>ls
……
mycomputer#/etc/security>cat passwd050321 |grep -p merlin
merlinh:
        password = b8i3o3cic97S.
        lastupdate = 1064304089
        flags = ADMCHG

mycomputer#/etc/security>vi passwd
……
说明:上次pwdck -y时,/etc/security/passwd中的merlinh内容被删除了,现在备份文件passwd050321终于派上了用场,把这四行复制过来吧。

mycomputer#/home>pwdck -y ALL
The user "william" was not found in /etc/passwd.
mycomputer#/home>w
  12:37PM   up 35 days,   3:46,  2 users,  load average: 1.44, 1.43, 1.41
User     tty          login@       idle      JCPU      PCPU what
myname  pts/0       11:18AM          0         0         0 -ksh
myname  pts/1       11:34AM          1         0         0 -ksh
说明:现在只有william帐户的问题未解决。

mycomputer#/home>find . -nouser
……
说明:又是上千行的输出,看来还有不少工作要做。

mycomputer#/home>ls -l
total 60
drwx------   2 341      staff        512 Sep 25 2003  aditya/
drwx------   2 aix_supp staff        512 Sep 27 2003  aix_supp/
drwxr-xr-x   2 albert   staff        512 May 21 2002  andy/
drwx------   2 338      staff        512 Oct 21 2003  ben/
drwx------   2 353      staff        512 Sep  7 2004  cindy/
drwxr-xr-x   3 litim    staff        512 Jul 12 2002  cloud/
drwxr-xr-x   3 236      staff        512 May 27 2002  danux/
drwxr-xr-x   3 pcrdb2   db2asg       512 Jan  1 00:23 dasusr82/
drwx------   2 337      staff        512 Oct 10 2003  david/
drwxr-xr-x   3 db2as    db2asg       512 Nov 23 15:02 db2as/
……
说明:有些目录对应的OWNER是别人的名字;有些目录对应的OWNER是数字,不过有规律,不是200多,就是300多。

mycomputer#/home>chmown vvvv ./myname
ksh: chmown:  not found
mycomputer#/home>chown vvv:staff ./myname
chown: vvv is an unknown username.
mycomputer#/home>chown myname:staff ./myname
mycomputer#/home>ls -l
……
说明:先熟悉一下chown命令的用法。

mycomputer#/home>ls -l |awk '{if($3~/3/) print $0}'
drwx------   2 341      staff        512 Sep 25 2003  aditya/
drwx------   2 338      staff        512 Oct 21 2003  ben/
drwx------   2 353      staff        512 Sep  7 2004  cindy/
drwxr-xr-x   3 236      staff        512 May 27 2002  danux/
……
mycomputer#/home>ls -l |awk '{if($3~/3/) print $9}'
aditya/
ben/
cindy/
danux/
……
mycomputer#/home>ls -l |awk '{if($3~/3/) print $9}' |tr "/" ""
aditya
ben
cindy
danux
……
mycomputer#/home>for i in `ls -l |awk '{if($3~/3/) print $9}' |tr "/" ""`; do chown $i:staff ./$i; done
chown: aditya is an unknown username.
chown: ben is an unknown username.
chown: danux is an unknown username.
chown: david is an unknown username.
chown: doug is an unknown username.
……
说明:由于对awk命令不熟,还是先解决那些OWNER是数字且含有3的目录吧。最后的这些错误输出,说明aditya这些帐户都是以前就被删除过的帐户,不用管。解决其他目录的方法类似,略。

    关于william帐户的问题,只好跟用户本人联系,问问他的HOME目录到底是什么。到此为止,问题基本搞定,赶紧向领导汇报吧,这事还是不要隐瞒的好。我如实汇报了引发问题的原因、解决问题的方法、遗留的个别问题,还问了问系统以前是否做过mksysb。领导说,mksysb虽然没有,不过问题既然已经这么解决了,OK,后果不严重。我这才长嘘了一口气。好啦,忙了一中午,可以吃饭去喽。

    最后,做个简单的总结:
1、最好有mksysb,这是最保险的办法。
2、不要轻易手工修改/etc/passwd等文件,尤其要小心使用输出重定向。
3、不要企图隐瞒,纸是包不住火的。
4、得到直属领导的认可很重要,这样即使有更大的领导怪罪下来,你的小领导也肯定能帮你扛过去。

阅读(2510) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~