10 ways of resetting a lost linux root
password####################################################
A good password has the problem of being difficult to remember. And sometimes
you might need to get in to a system where the root password is long forgotten
(or left with the system administrator before you).Luckily there are ways of
getting access to systems without having the password. This is of course in a
sense also a security risk. That's why you should always be aware that having
unattended physical access to a computer system means the same as having root
access to the operating system. Unless the information on a system is
encrypted, it's only as save as the room it's in.
The method to use to reset the password if you lost the root (or only) password
depends on the configuration of your system. But it mostly comes down to two
separate tasks:
- get write access to the root partition
- change the password/circumvent control
Here are some things you can try from easy to more
complicated.##############################
1.booting into single user mode from the start menu
Some systems are configured to drop you into root shell without a password if
you reboot them in single user mode. If your system has an option called single
or recovery mode changes are it will drop you directly to the root prompt or as
I know ubuntu does it serves up a menu with 'drop to root shell prompt' as an
option. Sometimes you have to hit escape at startup to enter the boot menu.Once
in the root shell it's as easy as typing passwd followed by your username and
the passwd program will ask you for the new password. passwd without a name
will change the root password.If you don't know the username anymore you can do
#cat /etc/ passwd this prints the password text file where every entry before
the : is a valid username
or
#ls /home which will give you the username of the users on the system with a
home directory (if the default home path is used)
If you have a system which has this boot option and you think this is just a to
obvious security risk (don't want your little sister to change your root
password) you can easily remove this option by editing the file
/boot/grub/menu.lst (if you use the grub boot loader) or /etc/lilo.conf (if you
use lilo)If you use Ubuntu you can set passwords for the menu options in the
startup-manager from the administration menu security tab or remove the option
in the advanced tab.Grub and Lilo both have password optionsto password protect
grub create a md5 hash of your password ( #/sbin/grub-md5-crypt ) and edit the
file /boot/grub/grub.conf add below the line timeout the following line:
password --md5 password-hash-here
grub configuration should be user root group root and 600 permissions.
to password protect boot menu entries just enter lock below the title line in
the /boot/grub/menu.lst file
for protecting lilo edit the /etc/lilo.conf file before the first image stanza
place the option
password=clear-text-password
#####################################################################################
2. booting into single user mode when there's no menu entry at startup
If there's no single or recovery option in the boot menu you can still boot
into single mode by editing the startup entry. To do this in grub, while in the
menu press 'e' this will let you edit the menu entries. Just append single to
the line starting with kernel. press 'b' and the system will boot into single
mode.If your boot manager is Lilo you can pass Linux 1 or Linux emergency as
boot parameters.This approach won't help you on all systems because many
systems will ask you for the root password when booting into single user
mode.(Debian does)
####################################################################################################3.
boot to root shell by using shell as init
If the single user mode has been disabled or is password protected just press
'e' in the grub boot menu and add init=/bin/bash (or any other shell
executable) to the kernel line. Press 'b' to boot and you'll get a root shell
because the init process is replaced with bash while booting. This gives you a
rather limited shell but it's good enough, depending on your system
configuration you might have to mount the root partition read/write before you
can change the password. Do this by entering
#mount -no remount,rw /
After that you can use passwd again as in previous examples.
If your startup manager is Lilo you can give the boot parameters Linux
init=/bin/bash
##########################################################################################################
4. boot from alternative file system
This method is much less likely to be available as it requires some kind of
"alternative file system" to be available. If you have non-root access and
there is a writable partition (/tmp for instance) and you can place a linux
file system relative to that partition for instance by downloading a minimal
linux distro and unpacking it you can then give the root= option to grub and
set the partition where you placed your own file system as root file
system.Executing the mount command will show the available partitions and how
they are mounted. This will only work in very specific circumstances though.
############################################################################################################5.
boot from a bootable usb stick
If you have no way to access single user mode from the boot menu, or if your
single user mode is password protected, you can still use an alternative boot
medium. Many systems these days provide a boot option for booting from a usb
stick. This is actually a very easy method. The access of boot sequence menu
differs by system, most systems display a text like press esc to enter boot
menu or something like that. Sometimes the system is already configured to try
booting from removable medium first. Many systems also allow changing the boot
sequence from the bios. Just change the boot sequence of the system to boot
from usb or choose that option from the boot menu. This does require you to
have a boot-able usb stick of course. There are many ways to make a usb stick
boot-able one of them is described in my article about backtrack, which makes a
great distro to use for this purpose by the way.. Just boot from the usb
device, and open a root shell. The next
thing you have to do is find out which is the root partition. Use fdisk to
list the available partitions:
#fdisk -l
This will show the disks available.You can mount them with the mount command.
First create a directory mkdir /newdir or mount the partition on an existing
directory. Then mount the partition you think is the root.
#mount -o,rw /dev/hda1 /newdir
if mount complaints you have to specify partition type, you find the type as a
letter/number combination where it says Id. To show a list of partition type
name/Id combinations use /sbin/sfdisk -T
in this case use mount with -t option:
#mount -o,rw -t ext3 /dev/hda1 /newdir
check if it's the right one with ls:
#ls /newdir (should list a root filesytem)
if it is the wrong partition, just do umount /newdir to unmount it and redo the
previous steps with another partition from the list.
If it is the right partition use chroot:
#chroot /newdir
this will make the newdir your root dir
and then enter passwd to change the root password and reboot your system.
#######################################################################################################
6. boot from CD
This is basically the same as option 5 but requires you to have a Linux live-cd
or rescue-cd. Most linux installation cd's double as recovery cd's by giving
you a rescue option at boot or some drop to root shell menu option anywhere in
the process. You do need to have a cd/dvd player installed to use this option.
The method is exactly the same as in option 5. There are a lot more systems
that allow booting from cd/dvd (most older pc's do) than from usb this makes it
a more viable approach.
#########################################################################################################
7. boot from network
Difficult to do in many cases, but if you have access to the bios or the system
is already configured to try booting from the network, and you have a system
which you can configure as a boot server, it's more or less the same story as 5
and 6. Boot the system into a OS where you have root access and mount the disk,
chroot and you are in.
If you can't access the BIOS to change the boot sequence because it's password
protected, try searching Google for the master password for your BIOS. Or you
can try removing the BIOS battery the BIOS battery is located on the
motherboard and is there to keep the BIOS memory as the power is taken of the
system. Unplug the system, remove the battery and wait for about 120 seconds.
Be warned this will flush all BIOS information (configuration) most systems
will boot fine when you reload default BIOS settings (not all). Some
motherboards have jumpers for resetting BIOS, if you have the motherboard
manual you can look it up. Laptops are sometimes equipped with security
features which make flushing BIOS impossible or even render the system
completely useless when trying to reset BIOS.
##########################################################################################################8.
place an extra disk in the machine
In most cases the BIOS will auto-detect a new disk, so if you place a new disk
containing a boot-able OS and make it the master and the old disk slave, you
can make the system boot from the new disk.
#######################################################################################################9.
remove the disk and place it in another machine
If you can't do any of the above you can always take out the disk and place it
in another Linux system. Than you can mount it, chroot to the disk and again
use passwd to change the root password. Place back the disk and start the
machine.
##########################################################################################################10.
Try to gain root trough known vulnerabilities
If the system has been running for a long time (or not running) without anyone
maintaining it, there's a change it's running a vulnerable service. This would
probably take a lot of time to do. Try fingerprinting the system for running
network services that have not been security patched. If there is a easy root
exploit to run against the machine it might be possible to get in this way.
Securing your system
Securing yourself against all these options is very difficult. You can remove
all removable medium drives, CD/DVD, diskette, fill your usb ports with glue,
passwords on everything. The only real protection is encrypted disks on every
device you can't keep in a secure environment. If someone gains unattended
physical access to your systems they have access to your data.
What you can do is make it very difficult, secure access to your computers as
much as you think is appropriate considering the sensitivity of your data. When
it comes to mobile devices, laptops netbooks and the like you should carefully
consider what would happen if it gets lost or stolen and someone has access to
all your data. Very good Encryption programs are freely available for Linux and
you can even choose to encrypt your whole system, in some distributions this is
an install option.Think there is more to try? Easier ways? Think there are
better ways to protect against it? Mistakes? Leave a comment. It can take a
while before comments are published(different time zone)
Linux DonDinesh Jadhav(RHCE)9867011640"Do not worry about anything; instead
PRAY ABOUT EVERYTHING."
Philippians 4:6
Yahoo! recommends that you upgrade to the new and safer Internet Explorer
8. http://downloads.yahoo.com/in/internetexplorer/
[Non-text portions of this message have been removed]
