Hello All,

We have lost the root password to our RedHat Linux 8.0 server. We found out that we could type;

LiLo: Linux Single or Linux 1

at the Lilo prompt. But since the machine boots up to a graphical interface we are trying to figure out how to break out of the graphical interface to get to the Lilo prompt.

Any help would be appreciated.

John S.

johns@rrcol.com

In singe user mode you shouldn't get a gui.

Edit your kernel arguments and add "single" to the end.

I kinda despise myself for being such a newbie. Perhaps I need to explain a bit a more.

The machine starts and goes though enabling everything and ends up in a GUI login screen.

but way before that, it comes to a screen that has options of what linux version(?) to load. if I hit "e" to edit that line, it gives me 3 lines like:

root (disk0, part1)
boot =/vmlinuz/something or the other
something = /bin/or_something_or-the-other

(Sorry, I am not near that machine at this time, so I could not specify the exact contents of the 3 lines)

I can hit "o" or "O" to include commands in this script(?)

should I include "single" as the last line? or would it go somewere else.

I appreciate your help.

-John

If I remember correctly, you must press [Ctrl]-[x] to exit the LILO graphical screen.

Then at the prompt, type
linux single
OR
linux emergency

One of the 3 lines should contain the word kernel. At the end of that line type a space then the word "single" there should be an option to save that line then boot with these temporary settings.

if your box has a disk drive, just boot from your rescue disk, mount the root partition of your harddisk and edit $mountpoint/etc/shadow to clean up the root password.
eg you have a line:
root:$1$c5jQCl$dYjklö34kg5jjeHkE/:12143:0:99999:7:::
in there, just change it to:
root::12143:0:99999:7:::
then reboot and just type enter when asked for root pwd.

Hi Isme,

I searched the stack of junk by the Server, and did not find anything like a rescue diskette or an Emergency diskette. I will have to revisit this issue on Monday, and try David Ross's method of typing Single at the end of the line has the "Kernel" entry.

If I have the cd ISO images, can I make a rescue Diskette?

Thanks for your assistance.

That IS the cd rescue You plop in the the CD and then at the opening prompt type 'rescue' without the ' ' .

It's suggested to try single first (usually ? ) then move onto more drastic ways such as editing your password files. However, since you are going to be changing root's password anyway, I guess it's whatever is easiest for you. You should be aware of how easy this is for you in the end and do your best to:
1. Ensure you will always remember root's password ;
2. Do everything you can to remove the ease that you encounter to gain root access. If you can do it, why can't anyone else just as easily?

Sorry if I sound like a freak, I've been reading literally hundreds of pages of security docs for the last couple of days and am becoming more and more paranoid someone might see my email to me about my car's exhaust

Cool

Thanks David, and the rest of the gang,

After following David's advice, and appending single to the end of the entry that had kernel, managed to change the password.

You guys are the best. Thanks for helping out to take care of the problem.

but judging by what you said masterC how can you prevent and intruder from doing this to your machine? like if it is just as easy as that to "reset" the root password, and like you said it would just be as easy for someone else to do it...so what has to be done to prevent this? like i know i will never forget my password, so is there anyway to make it non reversable?

Most of the suggestions above take in having physical access to the PC in question and as long as you have a password for LILO or GRUB this could deter some of the suggestions couldn't it?

yes i realize it is more so directed towards physical access...but no matter what kind of access it is let it be sittin in front of the target machine are sitting behind your machine in la la land, trying to access someones machine, i am just curious about a way to prevent the "reseting" of the root password

I would probably never forget my password as well. Luckily, the previous admin was a College intern, working part time. I am glad this "backdoor" was available. I wanted to access some info off this machine and wipe it out, and install Windows 2003 on It... Just kidding!!! I have to install Redhat 9 on it. Physical Security was not an issue, as access to the machine area is by card access only.

There are ways to keep anyone from overwritting current files or even appending to them, one way:
chattr +i
On the file. Root cannot even append to the file if this is applied. You will have to:
chattr -i
To remove that restriction to actually change the files. It's a quick and easy thing to do to:
/etc/passwd
/etc/group
/etc/shadow

Just remember you did it should you choose to. This is obviously un-doable should one gain root access, but this will keep them from gaining root access an easier way.

HTH

Cool

Just so you don't get over confident you should know that it is possible to boot from a cd/floppy and reset the password. You may want to set the boot order to boot from the HDD first.

NOTE: Even thi isn't full proof as you can transplant the HDD to another machine.