LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Root password recovery (http://www.linuxquestions.org/questions/linux-security-4/root-password-recovery-380680/)

Jabber 11-07-2005 02:11 AM

Root password recovery
 
Hi,

I have problem with root password recovery. :-(

Distro: Redhat Fedora Core 3.

As I searched through the mailing list I found couple of ways to recover the root password.

1. Using single user mode
2. Using Linux installation CD and changing the files /etc/passwd and /etc/shadow. This included removing shadowing option in /etc/passwd file and removing the password hash in /etc/shadow.

Problem: I can not login in single user mode its password protected. And I do not know the password.

I used the second option but I could not reset the root password. Second time I tried this approach the /etc/shadow file was missing.

I need help on resetting the password. Is there any way to prevent unauthorized password modification? Is password change notification to sysadmin possible?

Let me know if you need more info.

Thanks a lot... in advance... :)

Devel.

We faced such problem due to an unethical staff of our company...

ashamril 11-07-2005 02:37 AM

Quote:

2. Using Linux installation CD and changing the files /etc/passwd and /etc/shadow. This included removing shadowing option in /etc/passwd file and removing the password hash in /etc/shadow.
i'm not sure u did this but do u mount your root partition b4 u edit the files?

# mount /dev/hda2 /tmp/root

Jabber 11-07-2005 03:30 AM

Thanks for your reply ashamril.

Ooooops...

I think I have missed the part...

Quote:

Originally posted by ashamril

# mount /dev/hda2 /tmp/root
Here is what I did with the system...

I reboot the system with Fedora installation CD. went into rescue mode. changed the file passwd and shadow in /etc dir and rebooted the system again..

Did I miss anything else? It would be great if you outline the steps in detail.

:)

Jabber..

/bin/bash 11-07-2005 05:06 AM

Quote:

changed the file passwd and shadow in /etc dir and rebooted the system again..
You shouldn't need to change /etc/shadow only remove the astericks from the file /etc/passwd, e.g.
root:*:0:0::/root:/bin/bash
change to
root::0:0::/root:/bin/bash

After booting into rescue mode type mount to see where your linux root partition (in my example /dev/hda2) is mounted. Make sure it is mounted rw, if not then remount it as rw, e.g.
If /dev/hda2 is mounted read-only at mountpoint /mnt/sysimage then do this:
mount /dev/hda2 /mnt/sysimage -o remount,rw

Now you can edit the file /mnt/sysimage/etc/passwd and make root non-password protected.

<edit> This is probably among the "Top 10 asked questions" here and searching the forums will produce many hits for you to look through.

Jabber 11-08-2005 04:00 AM

Quote:

Originally posted by /bin/bash
You shouldn't need to change /etc/shadow only remove the astericks from the file /etc/passwd, e.g.
root:*:0:0::/root:/bin/bash
change to
root::0:0::/root:/bin/bash

Thanks /bin/bash..

I did as you said and it worked..

Jabber.

/bin/bash 11-12-2005 02:17 AM

HTH

reaping_ripper 11-27-2005 04:23 PM

How do i do when:
passwd: Autentication token manipulation error.

I run gentoo

EDIT: Problem solved thanks to kuser


All times are GMT -5. The time now is 08:07 PM.