View previous topic :: View next topic |
Author |
Message |
r3m0t n00b
Joined: 27 May 2004 Posts: 14
|
Posted: Mon May 31, 2004 3:36 pm Post subject: Recovering from a forgotten root password |
|
|
I changed my root password today and then forgot it. Here's what I did:
1) Booted into the LiveCD
2) chrooted:
Code: | # mount /dev/hda4 /mnt/gentoo
# mount /dev/hda1 /mnt/gentoo/boot
# mount -t proc none /mnt/gentoo/proc
# chroot /mnt/gentoo /bin/bash
|
3) changed the password:
4) closed off:
Code: | # exit
# umount /mnt/gentoo/boot /mnt/gentoo/proc /mnt/gentoo
# shutdown -r now
|
(technically, I exited twice, then had to press reboot on my computer, then having to sit through a disk check... but never mind)
Of course, if you want to secure your system properly, either lock/remove the floppy and CD drives or change the boot and add a BIOS "superviser" password. |
|
Back to top |
|
|
jeffrice Tux's lil' helper
Joined: 25 Jun 2003 Posts: 89 Location: New York, USA
|
Posted: Mon May 31, 2004 3:42 pm Post subject: Re: Recovering from a forgotten root password |
|
|
r3m0t wrote: | Of course, if you want to secure your system properly, either lock/remove the floppy and CD drives or change the boot and add a BIOS "superviser" password. |
Encrypt your fs. If you don't trust the physical security of the local terminal and the box itself, don't trust a BIOS password. BIOS passwords, etc are not a way to "secure your system properly", since your hard drive can be removed ane read on a different machine.
J _________________ A computer is like an Old Testament god, with a lot of rules and no mercy. -Joseph Campbell
Kingfisher Athlon-XP: 2.6.7-love8-ck5 +nptl |
|
Back to top |
|
|
Kope Tux's lil' helper
Joined: 17 May 2004 Posts: 136
|
Posted: Mon May 31, 2004 7:13 pm Post subject: |
|
|
Yup. EVERY BIOS can be changed, trivially.
Encrypt the entire disk. Put /boot on a usb stick and use that to boot the box and unencrypt the disk. Such a set up gives you true two-factor authentication access to your data. _________________ "Computers are useless -- they only give you answers!" -- Pablo Picasso |
|
Back to top |
|
|
Tazok Guru
Joined: 25 Oct 2003 Posts: 310
|
Posted: Mon May 31, 2004 10:47 pm Post subject: |
|
|
Kope wrote: | Yup. EVERY BIOS can be changed, trivially.
Encrypt the entire disk. Put /boot on a usb stick and use that to boot the box and unencrypt the disk. Such a set up gives you true two-factor authentication access to your data. |
Would you also include the decryption-key on the usb stick?
And what exactly do I have to do, to boot from a usb stick? |
|
Back to top |
|
|
Kope Tux's lil' helper
Joined: 17 May 2004 Posts: 136
|
Posted: Tue Jun 01, 2004 1:18 am Post subject: |
|
|
Yes, you'd inlude the decrypton key on the USB stick (and, if you're smart, on a cd that you burn, carefully label, and stick in your safe-deposit box for when you lose your USB stick).
As to the "how tos" see this. It's a little out of date, but not so much that you can't work out the differences. _________________ "Computers are useless -- they only give you answers!" -- Pablo Picasso |
|
Back to top |
|
|
XeonTux. n00b
Joined: 08 May 2004 Posts: 52
|
Posted: Tue Jun 01, 2004 4:17 am Post subject: |
|
|
99% of the people here probably know this already, but it is even easier to remove the root password. You do not need to chroot. Simply mount the drive in question and edit the line in /etc/passwd for root's account.
For anyone who thinks this makes linux weaker than ms windows, point them to the ntpasswd utility |
|
Back to top |
|
|
jeffrice Tux's lil' helper
Joined: 25 Jun 2003 Posts: 89 Location: New York, USA
|
Posted: Tue Jun 01, 2004 2:55 pm Post subject: |
|
|
XeonTux. wrote: | 99% of the people here probably know this already, but it is even easier to remove the root password. You do not need to chroot. Simply mount the drive in question and edit the line in /etc/passwd for root's account.
For anyone who thinks this makes linux weaker than ms windows, point them to the ntpasswd utility |
The rule is the same for every file system that doesn't store data encrypted: of the bad guy can mount your drive, assume they can do whatever they want. If you can't control the physical security of the box, full encryption (with a removable key) is the only way for a degree of confidence over the data.
Many security experts advise you to assume that once your data is in someone else's hands, encryted or not, it isn't your data anymore. _________________ A computer is like an Old Testament god, with a lot of rules and no mercy. -Joseph Campbell
Kingfisher Athlon-XP: 2.6.7-love8-ck5 +nptl |
|
Back to top |
|
|
furanku l33t
Joined: 08 May 2003 Posts: 905 Location: Hamburg, Germany
|
Posted: Sun Jun 06, 2004 4:53 pm Post subject: |
|
|
You don't even need a bootable cdrom to change the root passwd. See here.
If you think that's a serious security issue: To make a computer really safe, you have to restrict physical access to it. The simplest way to deny a service is to turn the computer off, the easiest way to steal data to unmount the harddisk physically and take it with you...
Frank |
|
Back to top |
|
|
Kioshen Tux's lil' helper
Joined: 23 Sep 2003 Posts: 109 Location: Montreal, PQ
|
Posted: Tue Jun 08, 2004 1:47 am Post subject: |
|
|
If you are using GRUB, use the following steps to boot into single-user mode:
1. If you have a GRUB password configured, type p and enter the password.
2. Select entry for the workstation you wish to modify root's password and type e for edit. You will be presented with a list of items in the configuration file for the title you just selected.
3. Select the line that starts with kernel and type e to edit the line.
4. Go to the end of the line and type single as a separate word (press the [Spacebar] and then type single). Press [Enter] to exit edit mode.
5. Back at the GRUB screen, type b to boot into single user mode.
6. After you get a shell prompt, enter passwd enter your new root password.
7. Reboot your workstation.
8. Just let it boot normally now since the modification earlier was temporarily.
Congrats you just modified your root's password ! _________________ -= United we share =-
Adopt an unanswered post today!
Why emerge -U will kill your Gentoo |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
|
Back to top |
|
|
|