Sunday, 7 September 2008

How to get Root access on Call Manager 5/6 Server

When Cisco first announced the Unified Communication Server (CallManager) would be based on Linux, my first question was “How much of the system would be available to users?”

I think it is great that Cisco does not require Engineers to understand the underlying system CallManager is built on, but some of us are curious. This tutorial will show you how to create a user on a CUCM 5/6 server with shell access and root privileges.

WARNING: This should not be performed on a Production System! I am not responsible for any destruction to production systems.

  1. Boot the CUCM server with CentOS 5.1 Disk1
  2. Type ‘linux rescue’ at the boot: prompt
  3. Use the chroot command to change the root to the CUCM partition

Type 'chroot /mnt/sysimage'

  1. Backup the /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow files

cp -a /etc/passwd /etc/passwd.bak
cp -a /etc/group /etc/group.bak
cp -a /etc/shadow /etc/shadow.bak
cp -a /etc/gshadow /etc/gshadow.bak

  1. These files are protected by the ext2 immutable flag. Check to see if the immutable flag is set. If the immutable flag is set, you will see an ‘i’.

lsattr /etc/passwd /etc/group /etc/shadow /etc/gshadow

  1. Remove the immutable flag

chattr -i /etc/passwd /etc/group /etc/shadow /etc/gshadow

  1. Add a new user and set a password

useradd username
passwd username

  1. Add the immutable flag

chattr +i /etc/passwd /etc/group /etc/shadow /etc/gshadow

  1. Add the new user to the /etc/sudoers file and give root privileges.

vi /etc/sudoers

Add the following line to the file to give the new user root privileges.

username All=(ALL) ALL

  1. Exit Linux rescue mode
  2. Login with the new account
  3. Test various root level linux commands with ’sudo’ prefix, take a look at the filesystem and play around

1 comment:

Anonymous said...

thanks for the interesting information