{"id":268,"date":"2018-01-23T13:02:13","date_gmt":"2018-01-23T13:02:13","guid":{"rendered":"http:\/\/labiol.xyz\/?p=268"},"modified":"2019-04-10T17:45:26","modified_gmt":"2019-04-10T17:45:26","slug":"vcsa-problem-z-haslem-root-a","status":"publish","type":"post","link":"https:\/\/www.labiol.xyz\/index.php\/2018\/01\/23\/vcsa-problem-z-haslem-root-a\/","title":{"rendered":"VCSA, problem z has\u0142em root-a"},"content":{"rendered":"<p>VCSA to Linux z aplikacjami VMware. Lokalne konta u\u017cytkownika podlegaj\u0105 tym samym restrykcj\u0105, jak w &#8220;zwyk\u0142ym&#8221; Linuksie. Dodatkowo w przypadku restartu has\u0142a (root) post\u0119pujemy wg utartego schematu restartu systemu, przej\u015bcia w tryb single user, uruchomienia i restartu has\u0142a.<\/p>\n<p>Jednak jak w ka\u017cdym produkcie s\u0105 r\u00f3\u017cne szczeg\u00f3\u0142y o kt\u00f3rych trzeba pami\u0119ta\u0107.<\/p>\n<ol>\n<li>grub jest zabezpiezony has\u0142em. \u017beby si\u0119 dosta\u0107 do single user nale\u017cy zna\u0107 has\u0142o &#8220;vmware&#8221; lub ew. ostatnie has\u0142o root, je\u015bli by\u0142o zmieniane (sic!) &#8212; i to ma sens tylko w przypadku gdy has\u0142o nam wygas\u0142o. Je\u015bli zupe\u0142nie nie pami\u0119tamy has\u0142a to zostaje nam livecd.<\/li>\n<li>w single user po zmianie has\u0142a zanim zrestartujemy system trzeba wykona\u0107 polecenia:<br \/>\n<span style=\"font-family: Courier New; font-size: small;\">mkfifo \/dev\/initctl<br \/>\nreboot -f<\/span><\/li>\n<li>System root mo\u017ce znajdowa\u0107 si\u0119 tylko w trybie read-only. Aby go prze\u0142\u0105czy\u0107 do trybu rw nale\u017cy wyda\u0107 nast\u0119puj\u0105ce polecenie:<br \/>\n<span style=\"font-family: Courier New; font-size: small;\">mount -o remount,rw <\/span> \/<\/li>\n<li>W przypadku zablokowania has\u0142a na wskutek niepoprawnych pr\u00f3b logowania nale\u017cy pami\u0119ta\u0107 o wyzerowaniu licznika\u00a0 (<a href=\"https:\/\/kb.vmware.com\/s\/article\/2045805\">https:\/\/kb.vmware.com\/s\/article\/2045805<\/a>):\n<pre>pam_tally2 --user <i><i><span style=\"font-family: Courier New; font-size: small;\">username<\/span><\/i><\/i><\/pre>\n<p><i><span style=\"font-family: Courier New; font-size: small;\"> przyk\u0142ad: <\/span><\/i><\/p>\n<pre><i>     pam_tally2 --user root --reset \n     pam_tally2 --user root \n<\/i><\/pre>\n<p>Uwaga: wszystkie polecenia mog\u0105 by\u0107 w &#8220;niedomy\u015blnej&#8221; \u015bcie\u017cce. Zwykle trzeba je szuka\u0107 w \u015bcie\u017cce \/sbin (\/sbin\/pam_tally2)<\/li>\n<li>Z webClienta mo\u017cemy zmieni\u0107 termin wa\u017cno\u015bci has\u0142a dla root-a, oraz z\u0142o\u017cono\u015b\u0107 polityki hase\u0142 (dla domeny vsphere.local &#8211; generalnie)<\/li>\n<li>Zmiana czasu po jakim konto si\u0119 blokuje:\n<pre> chage -M ilosc_dni<\/pre>\n<p>weryfikacja<\/p>\n<pre> chage -l root<\/pre>\n<p>(poprosi o has\u0142o je\u015bli konto by\u0142o zablokowane).<\/li>\n<\/ol>\n<p>\u0179r\u00f3d\u0142a:<\/p>\n<ul>\n<li><a href=\"https:\/\/kb.vmware.com\/s\/article\/2069041\">https:\/\/kb.vmware.com\/s\/article\/2069041<\/a><\/li>\n<li><a href=\"https:\/\/www.altaro.com\/vmware\/reset-root-password-vcsa-6-x\/\">https:\/\/www.altaro.com\/vmware\/reset-root-password-vcsa-6-x\/<\/a><\/li>\n<li><a href=\"https:\/\/kb.vmware.com\/s\/article\/2147043\">https:\/\/kb.vmware.com\/s\/article\/2147043<\/a><\/li>\n<li><a href=\"https:\/\/kb.vmware.com\/s\/article\/2045805\">https:\/\/kb.vmware.com\/s\/article\/2045805<\/a><\/li>\n<\/ul>\n<p>Document update: 10.04.2019.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>VCSA to Linux z aplikacjami VMware. Lokalne konta u\u017cytkownika podlegaj\u0105 tym samym restrykcj\u0105, jak w &#8220;zwyk\u0142ym&#8221; Linuksie. Dodatkowo w przypadku restartu has\u0142a (root) post\u0119pujemy wg utartego schematu restartu systemu, przej\u015bcia w tryb single user, uruchomienia i restartu has\u0142a. Jednak jak w ka\u017cdym produkcie s\u0105 r\u00f3\u017cne szczeg\u00f3\u0142y o kt\u00f3rych trzeba pami\u0119ta\u0107. &hellip; <\/p>\n","protected":false},"author":1,"featured_media":251,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-268","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vmware"],"_links":{"self":[{"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/posts\/268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/comments?post=268"}],"version-history":[{"count":15,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/posts\/268\/revisions"}],"predecessor-version":[{"id":472,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/posts\/268\/revisions\/472"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/media\/251"}],"wp:attachment":[{"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/media?parent=268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/categories?post=268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.labiol.xyz\/index.php\/wp-json\/wp\/v2\/tags?post=268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}