Getting admin by adding a new user to sudoers when you're locked out of an Azure Linux VM
So I got locked out of an Ubuntu VM that's running in Azure Long story, but an employee left and somehow the "admin" user I had access to no longer had "sudo" powers anymore. I needed to run apt-get update && apt-get upgrade but literally had no user available with admin on the box.
If the machine was local, I could perhaps boot into recovery mode but this is a VM in the cloud.
I do however, have access to the Azure portal because I do own the VM. While the operating system doesn't think I'm powerful inside, I am powerful outside. ;)
Corey Sanders, the head of the IAAS team was kind enough to remind me of the CustomScriptForLinux "VM Extension." VM Extensions can inject/install software like Chef and Puppet into VMs. I talked to Kundana Palagiri about this on Azure Friday (http://friday.azure.com)
He pointed me to his "AddUser.sh" script on GitHub. It's pretty straightforward, but how do I run it?
#!/bin/bash # Script to add a user to Linux system if [ $(id -u) -eq 0 ]; then username="$1" password="$2" echo "Creating $username" egrep "^$username" /etc/passwd >/dev/null if [ $? -eq 0 ]; then echo "$username exists!" exit 1 else pass=$(perl -e 'print crypt($ARGV, "password")' $password) useradd -G adm,dialout,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev -m -p $pass $username [ $? -eq 0 ] && echo "User $username has been added to system!" || echo "Failed to add a $username!" fi else echo "Only root may add a user to the system" exit 2 fi
I don't have root, but Azure has root. Azure has all the power, in fact. I need to run this script with parameters (my new username and password) then SSH in and put things right. I can return my original user to sudoers:
sudo adduser <username> sudo
And there's other administration I may want to do, including deleting this user I just added. Doing this dance is how I'm going to regain access to my VM, though.
NOTE: There are other ways to regain access to a Linux VM if you've lost a SSH Key or forgotten your password, like the VMAccess Extension in PowerShell. However, not everyone has a Windows machine, and I wanted in fast without any local setup. I'm going to use the Custom Script extension.
First, I'll log into the Azure Portal at http://portal.azure.com and select the VM, then under All Settings, select Extensions. Click ADD and pick Custom Script for Linux.
Note that my bash script has two parameters, so I'll put my preferred USERNAME and PASSWORD in the Arguments box there and hit done.
After it's done, I click look at the detailed results. Do note that the Azure Portal is called into the backend REST services that manage all of Azure so you can certainly script all of this if you need to.
Now I can SSH into the machine (I use bitvise) and then add my original user back into sudoers.
At this point I can generally tidy up this machine and put it as it was. I've regained control of a Linux VM that I no long had root on.
Please check out http://friday.azure.com, subscribe on iTunes, and tweet and tell your friends! There are over 150 episodes of Azure Friday, each just around 15 min long!
Sponsor: Big thanks to Aspose for sponsoring the blog feed this week! Are you working with Files?Aspose.Total for .NET has all the APIs you need to create, manipulate and convert Microsoft Office documents and many other formats in your applications. Start a free trial today.