LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-29-2014, 06:51 PM   #1
Creek_Walker
LQ Newbie
 
Registered: Oct 2014
Posts: 6

Rep: Reputation: Disabled
Using SystemRescueCD to reset password


My Brother was our IT man and he passed away and no one has a clue about linux. The machine is locked out using XScreenSaver and what I need is to find out what is my boot partition so I can reset the root password using SystemRescueCD or any other means and change the setting on the xscreensaver or just get rid of the xscreensaver for now.

Following the instructions on the SystemRescueCD web page I loaded the CD and turned the machine on and went to the GUI to find out what the partitions were. However the labels were non-informative and the flags were blank.

This is a dump of fdisk -l

Device Boot Start End Blocks ID System
./dev/sda1 2048 655359 326656 83 Linux
./dev/sda2 655360 156248063 77796352 5 Extended
./dev/sda5 657408 6514678 2928640 83 Linux
./dev/sda6 6516736 22138879 7811072 82 Linux swap / Solaris
./dev/sda7 22140928 3385735 585304 83 Linux
./dev/sda8 33859584 44140543 5140480 83 linux
./dev/sda9 44142592 63672319 9764864 83 linux
./dev/sda10 63674368 87631871 11978752 83 linux
./dev/sda11 87633920 105885695 9125888 83 linux
./dev/sda12 Raid 131072 83 linux
./dev/sda13 Raid 131072 83 linux
./dev/sda14 Raid 131072 83 linux

Sorry for the garbage display.

Basically can anyone tell me which partition is the boot?

Right now I'm trying to change the root password on his home computer so I can rescue his workstation and server at work and I don't want to mess them up. Or he'll haunt me.

I'd appreciate any help and no I'm not a hacker, I'm just clueless.
 
Old 10-29-2014, 07:50 PM   #2
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,116
Blog Entries: 9

Rep: Reputation: Disabled
Hi & Welcome to LQ-

I can't tell by the output because there isn't a star or a flag like mine.

Mine has a star indicating my boot partition-
Code:
/dev/sda2   *     4000185   976773167   486386491+  83  Linux
Do you have the Live Linux CD?
What distribution are you running?

You could use a Live CD to reset the password using the "passwd" command.
http://www.cyberciti.biz/faq/linux-s...ssword-how-to/

If that doesn't work for you try this tutorial.

http://fedoraproject.org/wiki/How_to..._root_password
 
Old 10-29-2014, 08:14 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,890

Rep: Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313
Use almost any live cd to view contents of those partitions for more info. You don't have to mess with swap.


Generally you don't need to go to such extremes. I'd attempt to access grub while booting by pressing space bar. Then the normal way is to boot to single user mode and (this is where you'd need to look) mount the partition with most of the system files.

Might let it boot to this screen saver and try an alt console too. He may have left his user a sudoer but usually you'd have to know some credentials.

Last edited by jefro; 10-29-2014 at 08:16 PM.
 
1 members found this post helpful.
Old 10-30-2014, 09:48 AM   #4
Creek_Walker
LQ Newbie
 
Registered: Oct 2014
Posts: 6

Original Poster
Rep: Reputation: Disabled
Debian Jessie is the distro

Partition File System Label

/dev/sda1 jfs nbt
/dev/sda2 extended
/dev/sda5 jfs nrt
/dev/sda6 linux swap
/dev/sda7 jfs opt
/dev/sda8 jfs nhm
/dev/sda9 jfs nvar
/dev/sda10 jfs nusr
/dev/sda11 xfs tmp

There are no labels assigned (results are gparted)

Using fdisk there is no asterick or any other indicator of boot dir.

I used the systemrescuecd instructions here http://www.linux-magazine.com/Online...SystemRescueCd

I had negative results using /dev/sda5 as boot

Last edited by Creek_Walker; 10-30-2014 at 10:06 AM.
 
Old 10-30-2014, 12:00 PM   #5
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,116
Blog Entries: 9

Rep: Reputation: Disabled
The command line utility for Debian is "su" just so you know if and when you need to become root to perform administrative task in the future.

I would try jefro's suggestion. -:FIRST:-

✳Go through Grub✳

1. While booting press "e"
2. Go to second line press "e" again and type "1" at the end.
Than press Enter.
3. Than press "b" and it will boot you into a shell.
4. Just type "passwd" and change your root pass word.
(You don't need to know the old one)

I think the article at Linux Magazine is for rescue mode.
 
Old 10-30-2014, 09:35 PM   #6
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,890

Rep: Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313
Boot would be pretty small.

Just to be sure /boot is not /root so we understand. /boot could be a partition or it could be almost anywhere. Older systems tends to be first or in lower part.

/boot could be under /root too as many people may have it.

Why didn't you look in the partitions for clues?

Last edited by jefro; 10-30-2014 at 09:37 PM.
 
Old 10-31-2014, 04:04 AM   #7
Creek_Walker
LQ Newbie
 
Registered: Oct 2014
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jefro View Post
Use almost any live cd to view contents of those partitions for more info. You don't have to mess with swap.


Generally you don't need to go to such extremes. I'd attempt to access grub while booting by pressing space bar. Then the normal way is to boot to single user mode and (this is where you'd need to look) mount the partition with most of the system files.

Might let it boot to this screen saver and try an alt console too. He may have left his user a sudoer but usually you'd have to know some credentials.
Pressing spacebar does not access grub. Holding down the shift key does

I enter grub and type e and enter "init=/bin/bash" on the end of the linux line .....ro elevator=deadline quiet init=/bin/bash. Oh and I've tried init/bin/sh and results are the same.

Ctrl X or F10 to reboot I'm taken to a prompt "root@(none):/#"

At that point I'm supposed to enter this

mount -o remount,rw /

Enter passwd twice

Unfortunately the keyboard does not respond at "root@(none):/#"

Any of the password resets I've come across on the internet will not work. This is true for every machine I've tried this on in the office.
 
Old 11-03-2014, 11:01 AM   #8
exvor
Senior Member
 
Registered: Jul 2004
Location: Phoenix, Arizona
Distribution: Gentoo, LFS, Debian,Ubuntu
Posts: 1,537

Rep: Reputation: 87
Assuming that your block size is 512 byes. The below partitions are only 64 megabytes in size. I would guess that these are raid 0 or raid 1 boot partitions but I am assuming a lot.

./dev/sda12 Raid 131072 83 linux
./dev/sda13 Raid 131072 83 linux
./dev/sda14 Raid 131072 83 linux


Quote:
Ctrl X or F10 to reboot I'm taken to a prompt "root@(none):/#"

At that point I'm supposed to enter this

mount -o remount,rw /

Enter passwd twice

Unfortunately the keyboard does not respond at "root@(none):/#"
I also assume here that the reason the keyboard stops responding is that there is a driver that is located in a module that needs to load in order for it to work.

Like posted above I would boot from a install disk like Ubuntu and then attempt to mount the partition. I believe the Ubuntu boot disk will detect the raid array on boot and if indeed it is boot you should be able to mount it. I would assume that the other partitions are encrypted and if so and the key is not saved somewhere on the computer you are in a bad spot as there is almost no way to decrypt them. Your best bet at that point is to try and guess the password to the main account ( we cant really help you with that as that is breaking security and we cannot verify if you are actually allowed onto this machine ).

If they are not encrypted and you can find and mount the root partition you can do a chroot into that parttion and then change the password using passwd command.

chroot "/mnt/<whatever>"

Look up Chroot command online for more info as there are useful switches for it.

I hope this helps.

Last edited by exvor; 11-03-2014 at 11:09 AM.
 
1 members found this post helpful.
Old 11-04-2014, 03:56 PM   #9
Creek_Walker
LQ Newbie
 
Registered: Oct 2014
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by exvor View Post
Assuming that your block size is 512 byes. The below partitions are only 64 megabytes in size. I would guess that these are raid 0 or raid 1 boot partitions but I am assuming a lot.

./dev/sda12 Raid 131072 83 linux
./dev/sda13 Raid 131072 83 linux
./dev/sda14 Raid 131072 83 linux




I also assume here that the reason the keyboard stops responding is that there is a driver that is located in a module that needs to load in order for it to work.

Like posted above I would boot from a install disk like Ubuntu and then attempt to mount the partition. I believe the Ubuntu boot disk will detect the raid array on boot and if indeed it is boot you should be able to mount it. I would assume that the other partitions are encrypted and if so and the key is not saved somewhere on the computer you are in a bad spot as there is almost no way to decrypt them. Your best bet at that point is to try and guess the password to the main account ( we cant really help you with that as that is breaking security and we cannot verify if you are actually allowed onto this machine ).

If they are not encrypted and you can find and mount the root partition you can do a chroot into that parttion and then change the password using passwd command.

chroot "/mnt/<whatever>"

Look up Chroot command online for more info as there are useful switches for it.

I hope this helps.
Yeah the system wasn't loading the driver for the usb keyboard and a ps/2 keyboard worked.

We've already hired a linux network engineer to access the passwords on one of the shop computers and our IT man had hidden the password dir to deter attempts to bypass the password. It took about 2 hours for the tech to locate and change the password for the shop. So now I'll just play with his home computer and see if I can locate it and make the changes.



Thanks for all the replies. Now I have some linux to learn.

Last edited by Creek_Walker; 11-04-2014 at 04:19 PM.
 
Old 11-04-2014, 08:58 PM   #10
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,890

Rep: Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313Reputation: 2313
Thanks for the update.

This was good.
"If they are not encrypted and you can find and mount the root partition you can do a chroot into that parttion and then change the password using passwd command.

chroot "/mnt/<whatever>" "
 
Old 11-05-2014, 05:52 PM   #11
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,116
Blog Entries: 9

Rep: Reputation: Disabled
I highly recommend this book.
It has saved me a lot of headaches and I suspect it will save you from the same.

Practical Guide to Fedora and RHEL (PDF) (6th edition)
http://gegeek.com/documents/eBooks/A...%20Edition.pdf

The 7th edition is online-
http://www.amazon.com/Practical-Guid.../dp/0133477436
 
Old 11-05-2014, 07:58 PM   #12
Creek_Walker
LQ Newbie
 
Registered: Oct 2014
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jefro View Post
Thanks for the update.

This was good.
"If they are not encrypted and you can find and mount the root partition you can do a chroot into that parttion and then change the password using passwd command.

chroot "/mnt/<whatever>" "
Yeah the password is encrypted and I found it in the etc/shadow file and now I'm reading up on how to change the permissions. I watched the tech doing it but trying to catch what he was doing was like trying to catch a 200lb greased pig. LOL

One step at a time.
 
Old 11-05-2014, 07:59 PM   #13
Creek_Walker
LQ Newbie
 
Registered: Oct 2014
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Ztcoracat View Post
I highly recommend this book.
It has saved me a lot of headaches and I suspect it will save you from the same.

Practical Guide to Fedora and RHEL (PDF) (6th edition)
http://gegeek.com/documents/eBooks/A...%20Edition.pdf

The 7th edition is online-
http://www.amazon.com/Practical-Guid.../dp/0133477436
Thanks I'll definitely check it out.
 
Old 11-05-2014, 08:10 PM   #14
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,116
Blog Entries: 9

Rep: Reputation: Disabled
Quote:
Originally Posted by Creek_Walker View Post
Thanks I'll definitely check it out.
Your Welcome-
 
Old 11-07-2014, 01:19 PM   #15
exvor
Senior Member
 
Registered: Jul 2004
Location: Phoenix, Arizona
Distribution: Gentoo, LFS, Debian,Ubuntu
Posts: 1,537

Rep: Reputation: 87
Quote:
Originally Posted by Creek_Walker View Post
Yeah the password is encrypted and I found it in the etc/shadow file and now I'm reading up on how to change the permissions. I watched the tech doing it but trying to catch what he was doing was like trying to catch a 200lb greased pig. LOL

One step at a time.
No I meant if the partition was encrypted. Passwords are always encrypted and wont show you what they are in the /etc/shadow file. If you can ever read this file then i bet your able to mount the partition. Just chroot with the root account and change the password using passwd command . Then you should be good to go.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Freenode webchat invalid password msg - How to reset freenode password? codeslayer2010 General 1 02-01-2013 06:31 PM
Linux 2.6.15.1 The password lost , RESET PASSWORD ANDYCHAN Linux - General 2 08-18-2012 08:05 AM
How to reset password ? vibinlakshman Ubuntu 15 07-08-2012 09:13 AM
How to retrieve( or reset) root password in Mandrake Linux, as I forgot my password? Reghunath Linux - Software 4 05-08-2008 04:11 AM
reset password duki Linux - Newbie 5 09-05-2007 04:12 AM


All times are GMT -5. The time now is 10:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration