Linux Password Reset Procedures To start when using the edit SHADOW file method, you need a Linux boot disk or a rescue disk. You can use your installation CD as a rescue disk; most distros have an option to allow you to boot into rescue mode. With my Redhat Linux CD, I have to enter "linux rescue" to start the rescue mode. But this might be a bit different in each distro. You can also download one of the many single-floppy Linux distributions (e.g. Tom's RootBoot ), and use it to bring up the machine.
Method: VI SHADOW Note: on older systems, you may have to edit /etc/passwd mkdir /mnt/hdx mount /dev/hda2 -t ext3 /mnt/hdx chmod +w /mnt/hdx/etc/shadow vi /mnt/hdx/etc/shadow root:^7password%in%hash!@:10852:0:99999:7::: root::10852:0:99999:7::: chmod -w /mnt/hdx/etc/shadow sync umount /mnt/hdx reboot Method: CHROOT mkdir /mnt/hdx mount /dev/hda2 -t ext3 /mnt/hdx chroot /mnt/hdx passwd
Method: LILO or GRUB Method: Boot into Single-User Mode If you are using LILO, at the LILO boot prompt (graphical LILO users can press Ctrl-x to exit the graphical screen and go to the boot: prompt), If you have a new version of LILO which gives you a menu selection of the various kernels available press Tab to get the LILO: prompt and then proceed: linux single If your system requires you to enter your root password to log in, then try: linux init=/bin/bash Once the system finishes booting, you will be logged in as root in single-user mode. Once the system has booted, you can change the root password using the password command: passwd GRUB The instructions for GRUB users are similar. Press 'e' at the GRUB prompt to select boot parameters. Select the line for the kernel you want to boot, and go to the end of it. Add "single" as a separate word, and then press ENTER to exit the edit mode. Once back at the GRUB screen, press "b" to boot into single user mode. GRUB Method o Reboot the system, and when you are at the selection prompt, highlight the line for Linux and press 'e'. You may only have 2 seconds to do this, so be quick. o This will take you to another screen where you should select the entry that begins with 'kernel' and press 'e' again. o Append ' single' to the end of that line (without the quotes). Make sure that there is a space between what's there and 'single'. If your system requires you to enter your root password to log into single-user mode, then append init=/bin/bash after 'single'. Hit 'Enter' to save the changes. o Press 'b' to boot into Single User Mode. o Once the system finishes booting, you will be logged in as root. Use passwd and choose a new password for root. o Type reboot to reboot the system, and you can login with the new password you just selected.
How to Prevent someone else from reseting your root password Password protect the BIOS o Follow vendor instructions. The following will require a password to boot into single-user mode by making init run 'sulogin' before dropping the machine to a root shell. 'sulogin' requires the user to input the root password before continuing. #/etc/inittab "initdefault" ~~:S:wait:/sbin/sulogin Unfortunately, the above step won't protect us against people who know what they are doing and pass init=/bin/bash to the kernel at the LILO prompt. To prevent unauthorized access I would suggest that you password protect LILO/GRUB by following these steps:
Password protecting GRUB and LILO How to Protect LILO: # /etc/lilo.conf (add the following line before the first image stanza) password=# /sbin/lilo -v (to let the changes take effect) # chmod 600 /etc/lilo.conf (password is in plain text) How to password-protect GRUB o Type /sbin/grub-md5-crypt and press Enter o Enter the password you chose for GRUB when prompted. This will return an MD5 hash of your password. o Open /boot/grub/grub.conf o Add password --md5 below the timeout in the main section (replace with the hash you got). o The next time you reboot, the GRUB menu will not let you access the editor or command interface without first pressing [p] followed by the GRUB password.