Hi!

Forgot about my root password but I have a sudoer account. Is it possible to know the root password without changing it? Thanks.

In a word, no. Password are stored as one way encrypted values expressly so you can't

I'd be surprised, but has anyone created a rainbow table for shadow passwords?

That would be your only potential option...

Sure there are Rainbow tables, but AFAIK salt usage and search space kinda thwarts it... Given the fact a lot of people use weak passwords, trying other methods first should be more efficient IMHO if you need to crack it. OTOH, with physical access to the box no cracking would be needed, but that would mean just wiping the pass.

Nota bene (and not directed at anyone in particular): do not to ask for detailed help with password cracking on LQ. LQ members are not allowed to help anyone with that since we can't confirm any OP's authorisation to do so. It would be a violation of the LQ Rules.

I figured as much - if you give the username, you COULD create a rainbow table tho... maybe... lol

Ok. How about locking down the root user? I mean, if I remove tty* on /etc/securetty, will the user still change and gain root access using the linux recovery mode? How can I allow totally disabling the user to change the root password even in the recovery mode? Thanks.

Ok. How about locking down the root user? I mean, if I remove tty* on /etc/securetty, will the user still change and gain root access using the linux recovery mode? How can I allow totally disabling the user to change the root password even in the recovery mode? Thanks.
If you mean by "recovery mode" the user has physical access to the box then all bets are off. Only way to fixate it would be using ro media like a CDR. If that's not the case, could you describe in detail who has access to the system, in what way and what tasks they are allowed to perform? No doubt you'll end up with a dragon like using SELinux "strict" policy but maybe we can find something less painful :-]

What I mean by recovery mode is running the linux on a single user mode. I know this can be done by messing up with the grub and typing in "linux single". If you do that you automatically gain root access right? But what I want to do is to disable the user who has physical access to the machine to enter the recovery mode or at least gain access to the machine to change it. I am thinking that what if someone could sneak in to your server room and has knowledge on how to do that in the recovery mode and reset your root password. I know this sounds pathetic but I just want to disallow them to login as root. What I did was to comment the ttys in /etc/securetty. That way, they can't login as root.

Or if you have a live-cd linux, you can still change the root password?

This is zooming out to a more holistic view of security... Your system isn't secure if you're only using software mechanisms.

To prevent that, you need to look at the aspect of physical security. Lock the server room door. We have a keypad lock on our server room to prevent unwanted staff access, however there is a window right next to the door, so if someone really wants to gain access, they can just break that. We don't consider our data sensitive enough and the risk high enough to justify the cost and inconvenience of taking precautions against such a security risk.

However, dedicated data centers etc employ 24/7 security personnel to guard the servers and prevent unwanted physical access.

It comes back to taking a holistic view of your security, and to set reasonable expectations of security against your risks and costs...

...most BIOS's have a password protection option. You could put a password on your machine using the system BIOS. That would prevent someone from rebooting the system to get into single user mode (I believe).

But my experience with BIOS passwords is that they are usually kinda limited in length (usually 8 characters). For someone like me who uses VERY long passwords (if I told you just how long, I'd have to kill you. ) that doesn't make me feel very safe. But the upside is that they really couldn't use some program to cycle through password guesses. Well, not easily anyway.

Your only other security risk at that point is someone physically removing your boot drive from the system and putting it onto another system with hardware compatible to your server. Or someone physically opening the server and resetting the BIOS (usually by shorting a jumper somewhere on the motherboard).

I think you could also password-protect GRUB, but that wouldn't prevent someone from using a boot CD to bypass your security (as you stated before).

Doing things like that (disable CD booting / grub etc) also limit your recovery abilities if the worst should happen...

Debian 4.0 has the option to install the entire OS and all other partitions on encrypted partitions. Without the encryption key, there's no reading the data. Of course, if someone just wants to delete everything, it's still possible (in any number of ways, ranging from reformating the hard drive to using a sledgehammer).

Well, all I would have to do is open up your case, reset the jumper setting on the motherboard, and your BIOS password would be gone. Again, it all comes down to the fundamental physical security. If someone has physical access, then you're pretty much screwed. Drive encryption would help protect your data, but they could destroy your computer, or secretly put some keyboard logging hardware device secretly on the computer.

My suggestion would be to just not use computers and go back to typewriters, pencils, and papers.

Remove the CDROM drive then, any floppy drive, disable the USB ports, lock down the BIOS, then lock the server cage or server room door. All the server farms I've visited are definitely locked down and has people that scrutinize visitors in an extreme manner. If you have to worry about server farm maintainers being socially engineered, you may want to find hosting elsewhere...

That being said, I've run into issues in past employment where I had to gain entry into a machine and the previous admin didn't provide the proper passwords for me to log in and perform maintenance...and the admin was no longer employed with the company. I've actually used single-user mode via a Live CD to gain access to the /etc/passwd file and make changes so that I could get gain control system of a system and perform my daily duties. It has happened more than once and I'm so glad the previous admin didn't lock the BIOS or remove the drives, as my management team was putting serious pressure on me to come up with a solution to gaining access to these system. The situation sucked but I learned quite a bit.

unixfool

The last time I ran into that it turned out that the company was not paying its contractors. While I have wiped forgotten root passwords before I elected not to take the job.