Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

lost root password, how can i recover? 5

Status
Not open for further replies.

owenbrown

MIS
May 22, 2003
32
US
hi,

I got a old computer that i havent touched for a while, but I forgot the root password, I have the machine next to me and the redhat 7.3 cd's

How do i reset the root password? I have files I need on there and dont want to nuke the whole drive.
 
With most distro's in you boot into single user mode, you get root access without entering the password - so you can run passwd and change it.

With lilo, at the boot prompt, type:

linux 1

or

linux single

(provided the kernel image you use is referenced as 'linux' - hitting <tab> at the boot prompt will sho you what's available) If your lilo has a graphic rather than a boot promt, hit <space> or <esc> to get to it.

If you use grub rather than lilo, I can't remember how to force it to boot to run level 1 - but it should be easy to find via google.

Some distro's have an initrc file that forces single user mode to request a password. However, you can get round this by setting a differemt initrc file on the boot line by passing the parameter:

init=/bin/bash


 
See my reply to a posting here >
thread54-491517 entry from last documents the process you need to use to recover your system root password.

Let me know if you have any problems with that .....

Good Luck,
Laurie.
 
If u are using graphical Lilo then just press control+x to get it to command mode..
to find out the title for u r linux just press tab

... Assuming linux as a title for ur linux image.. at boot: prompt type
linux single or linux -s
This will boot u r linux to single user mode without password. u can change the password by issuing command passwd at # prompt.

If u r using grub as boot loader. select the linux option from grub and press &quot;a&quot; to enter into kernel parameter option u just enter word single in the kernel parameters.
this will boot u r linux in single user mode..

best luck...

 
You probably got the Grub & Lilo mixed up a bit there amitatharkar but, yes CTRL-x at the Grub window then linux single ... allows you to vi /etc/passwd, /etc/shadow then do a init 3 to bring the server up allowing you to login (with your newly added account)... not that I condone adding a user to a system that you do not have permission to access!! ......

Another good reason to secure your servers in a secure/locked environment, and disable the CTRL-ALT-DEL key sequence!

Good Post &quot;amitatharkar&quot; that deserves a &quot;Star&quot;
 
And yet another way....( I'm not sure if you can reboot into single user mode and run passwd, but just incase )

1) reboot into single user mode
2) edit /etc/passwd, find the line for root (usually first line)
3) you'll see something like this..


root:X:0:0.....etc

delete the X which is your password encrypted, now you're root password will be blank.

reboot and login and change your password right away


Kurin Lambert
webmaster@earthmatrix.org
 
No offense, but why not change the password while in single user mode? There is a possibility that someone logs in as root before you get to change it, and you can't be certain that an empty password works (it would not on my systems).

//Daniel
 
You are absolutely right Daniel, I think that would be the best way also. But someone already said that and everyone had a different way to do the same thing so I thought I would add yet another way ;) That's what I like about linux....many ways to do the same task.






Kurin Lambert
webmaster@earthmatrix.org
 
I booted in single user mode, but it still asks for a username and password, got any tips?
 
This is a cut & paste of one of my documents that may help you recover. (the second part willl probably do it &quot;Hint&quot; edit the password file&quot;)

Good Luck,
Laurie.

Ok so you walk into the comms room and some one has been playing with your Linux PC and now it won't boot into the OS !

So where do we start?

Right the system comes up and you get the LILO boot loader screen and after 5 or so seconds the system begins to start the secondary bootloader process but stops at the point of &quot;Checking root filesystem (NULL):&quot; and informs you that it was unable to continue as there is a problem with the superblock .....

You are dropped to a prompt and informed to:

&quot;Give root password for maintenance&quot;

(or type Control-D for normal startup):

So where do we go from here? From the information on the screen we can deduce that the root partition cannot be loaded so &quot;IF&quot; the system had been working before then whoever had been playing with it has changed something in a file that has prevented it from knowing where to load root

If that person is available then the first thing to do is to ask them what files they have been looking at or modifying, we can make an educated guess or do some analysis to see what has been modified?

So lets do just that... issue the root password and you are dropped into a shell command weird as it may look this is an ordinary Bash shell with access to usual commands, this is what I get ....

(Repair filesystem)1#

Lets do the mount command

(Repair filesystem)1# mount <CR>

and we get the following back: /dev/hda1 on / type ext2 (rw)

none on /proc type proc (rw)

now this is misleading because you could assume that the / partition of the first disk is mounted read/write BUT as the boot process failed then the disk is mounted but in single user as read only (as it is only later in the boot sequence that the disks get mounted read write)

So now lets do a bit more analysis .... as you know most of the startup and configuration files in linux live in /etc YES? so lets look there

(Repair filesystem)2# cd /etc; ls -lrt <CR>

This changes us into the etc directory and then does a long listing of the files in an order that shows us what was the most recently modified files and what do we find ? third from bottom is the file &quot;fstab&quot; now isn't this where the mount information is defined? that's suspicious why would have that been modified ? I think we may have found our problem.

So we cat the fstab file and low-and-behold look here someone has hashed out the first line no wonder it can't mount it correctly at boot time.

Ok so all we have to do is vi the file and reboot ? ...........

Oh dear! we cant write the file because it's read only ! so what can we do ?

Ok so here's the quick way ...... No lets leave that for later. Here's the long way and useful instructions for using linux rescue.

What you need is the Linux boot disk and CD-ROM, throw both of them into the PC and reboot (remember what disk you have ?? /dev/hda1 ?).

The system starts from floppy and takes you to the first bootloader, at the prompt type linux rescue <CR>

the system goes off and comes back asking you to choose a language.. do so and <CR>, then prompts you for keyboard type choose and <CR>, you are then informed that you will be taken to a shell and the system will reboot when this shell is terminated <CR>

Now you should be at a prompt, Right POINTS TO REMEMBER we are running a VIRTUAL OS from the CD-Rom the only place that we can write to is /tmp

So lets get to work, what we want to do is mount the hard drive and modify the /etc/fstab file?, so this how we do it:

ext2:> mkdir /tmp/pewe <CR>

ext2:>mount -f ext2 /dev/hda1 /tmp/pewe <CR>

ext2:>cd /tmp/pewe/etc <CR>

ext2:>pcio fstab (modify the file save the file &quot;into its original name&quot; and exit)

ext2:>cd /; reboot (remove the floppy disk & CD-ROM in the process)

Now you will probably find that the system will boot BUT it may stop at the same place and ask for you to run fsck so

(Repair filesystem)1# fsck /dev/hda1 <CR>

and reply YES to the prompts NOW hopefully the system will reboot normally.

Now Here's the quick way, issue the root password then remount the disk read/write modify the file and reboot.

(Repair filesystem)1# mount -o remount,rw / <CR>

(Repair filesystem)2# vi /etc/fstab ...... :wq!

(Repair filesystem)3# init 6 <CR>

Done.
Laurie Baker.
 
If single user mode is still asking for a password - then it sounds like the inittab file specifically requests that a password is required for that run level too. I know debian does this.

See the second post in this thread re passing an init=/bin/bash parameter at the boot prompt in lilo or bash when booting into single user mode (will work for both lilo or grub), this will bypass any password though you'll need to mount filesystems manually afterwards if required.
 
1. Boot the machine with rh cd #1
2. Type &quot;linux rescue&quot; at the boot prompt
3. Skipping Netowrk and say NO to other stuffs
4. You will finally enter the black screen prompt mode
5. # mkdir /mnt/repair
6. # mount /dev/hda2 /mnt/repair (assume the root filesystem &quot;/&quot; is at /dev/hda2)
7. # cd /mnt/repair
8. # chroot /mnt/repair
9. # passwd (change root password)
10. # exit (x2)
11. System will reboot itself and done

This is the steps to rewrite root password for rh 8 & 9 and may be similar to 7.3 I think. Hope these help.
 
I tried the below, but when I goto mount / it tells me
could not open /proc/partitions so UUID and label conversion cannont be done.

How can i get around that?

Some distro's have an initrc file that forces single user mode to request a password. However, you can get round this by setting a differemt initrc file on the boot line by passing the parameter:

init=/bin/bash


 
I wrote a FAQ on this group that covers this very topic. Look in the FAQ tab under security. It's a little bit of work, but I guarantee it will work.

An infinite number of monkey typing at an infinite number of keyboards will eventually populate the internet.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top