I agree with other posts that the original question sounds dodgy. To the
original poster: if you really did have a son who passed away, please accept my
condolences, and take the harshness of some of the other replies in the context
that your question does arouse quite reasonable suspicions. It is however
*just* possible that the post in question is legitimate, and since what I
discuss below is quite common knowledge, in UNIX circles anyway, even if the
question is "dodgy", the knowledge is readilly accessible regardless. So after
some internal debate I've concluded that, if the post is legit, a little help
won't hurt, and if it isn't, I'm not telling him something he can't find out by
simply reading the documentation in any event.
Bottom line: anyone with physical access to the drive will get at whatever
(unencrypted) data is on the drive, as any security (including encryption, if
you have enough time available) can be bypassed through simply having physical
access. The following will work for any UNIX, UNIX-like, MAC OS X, or Windows
system (with minor changes to detail, of course). For Gentoo GNU/Linux in
particular the following applies.
Quoting MAL <[EMAIL PROTECTED]>:
> If the machine uses grub, try pressing 'e' when the machine gives a list
> of operating systems to boot, (at startup, right after the BIOS screen).
> This will let you edit the boot command.
>
> select the line that reads:
> kernel blah blah
>
> and press 'e' again - this should let you edit this line.
>
> Add a space and 'single' to the end of the line, then press enter and
> then 'b'.
>
> This /should/ boot the machine into single user mode, bypassing any
> passwords.
This will indeed boot into single user mode (you can also type "1" instead of
"single"), but it will not bypass the password.
However, what you can do is download a bootable installation CD (iso), such as
the current live-cd, boot from the cd rom, then manually mount the hard drive
partitions and look at their contents.
To do this, do what the previous poster suggested, but rather than editing the
lines and booting, make a note of what the partition name is for "root". It
will be the string immediately following the "root=" string in the kernel load
command, e.g. if the kernel load string is "kernel (hd0,0)/bzImage
root=/dev/hda2", then the partition you will want to note is /dev/hda2.
boot from a live-cd, then create a directory to mount the partition on,
e.g. after booting:
("cdimage /#" represents a prompt and is not a part of the command you type. If
you ever worked with DOS, everything preceeding and including the "#" is
equivelent to "C:>")
cdimage /# mkdir /mnt/other
Then mount the partition. For example, if the partition you noted was
/dev/hda2, you would type:
cdimage /# mount /dev/hda2 /mnt/other
Now, the root partition is accessible under /mnt/other. You can cd there and
list the files in the top level directory:
cdimage /# cd /mnt/other
cdimage /mnt/other# ls
Now is the trick to make the system accessible, with a password you know. To do
this we change the "root environment" to the directory you mounted, so that you
can modify the password and have it affect the environment stored on the hard
drive (rather than the temporary environment you've booted into from the CD ROM):
cdimage /mnt/other# chroot /mnt/other /bin/bash
cdimage /# env-update
cdimage /# . /etc/profile
(the prompt MIGHT change slightly at this point)
machinename /# passwd root
New UNIX password: [enter a known password here]
Retype new UNIX password: [reenter the same password again to confirm]
You have now changed the root (administrator) password on the drive you were
trying to access. Now, exit out of the chrooted environment
machinename /# exit
and reboot (removing the CDROM after the system is halted and pressing reset to
reboot).
cdimage /mnt/other# halt
When asked for a username and password after reboot, type "root" as the
username, and the password you entered above. You should now have godlike
powers over the system, so be careful lest you destroy the very information you
are trying to access.
Now of course you'll have to learn something about GNU/Linux, and what your son
was doing, what apps he used to store/retrieve the data in question, etc. That
is far beyond the scope of this comment however (you'll need to obtain and read
some books, etc.)
If you are lying (and engaging in social engineering to access someone elses
private data), then a pox upon you for abusing the public trust and engaging in
such despicable activity. If this suspicion is ungrounded, then the best of
luck in retrieving your company's data. You now have the power to do so
(assuming it is all unencrypted), but tread carefully as you also have the power
to obliterate what is on the machine.
If the partition or data are encrypted, then barring an actual design flaw in
either the software implimentation or the encryption algorithm, you are probably
SOL.
Jean.
--
[EMAIL PROTECTED] mailing list
