Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Followed acid_kewpie advice and ran a search through the forum before asking question. But i need a little more help.
OK what I have found out...
1. Boot, in GRUB press ctrl x
2. then select single user mode.
3. login as root (no pwd required)
4. type passwd, and re-set password.
5. is that correct? seems to easy!
by the way, its RH 7.2 does that make a difference?!!!
hehe, well done... yeah that's the perfect way to do it if you're on lilo you'd do practiaclly the same thing, running "linux single" or "linux init 1"
sorry, but i don't like when people forget their own passwords, i deal with that crap everyday and it bugs me to think people set a password and don't remember it..
its a whole other story when you take the place of a admin who has left and he didn't leave the password for you to begin with.
Well, actually medamnit, there is such thing as a secure system if your pc can be physically be reached by someone. Even if you too grub off and simply booted directly into Linux, and you couldn't do the little control-x trick, there are still other ways of doing it.
Yeah acid!, some delicious crispy DONUT!!!!!!!!!!!!!!!!!!!
I actually haven't forgotten MY passwd, cousin pulled out his old linux machine and wanted to start using it. I just wanted to be the man of help thanks too you guys I should be able to help him out.
Medamnit, I haven't done it myself, or seen either what other way there is to access some linux box and gain root priviliges. I'm sure if you got a floppy drive, you can do something to boot into single mode user if lilo or grub are disabled. But, I wouldnt know exactly what to do,
Alrighty!, you're your cousins Hero, :P
this is bloody shocking! on a secure OS you should not be able to log in as root, unless you know the root password!!! this is as bad as that screensaver exploit to logon as root in WinNT!
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
yup, i tried it (well, not the grub method, i do know my root password) typing passwd at the Single user prompt DOES NOT require the original password, but then again you DO have to be sitting physically in front of the target box for it to work (single user mode only works directly on the box unless perhaps configured otherwise, and i doubt very much that anyone would set that up too insecurely, and in most cases (other than the case of your own machine) that box is going to be either in a locked closet (or room), or somewhere that doesn't allow such physical access to the target machine, along with any terminals that have single user access. In short, nobody get any ideas as how to hack into that linux box you've been thinking about hitting with this new information
Originally posted by Calum this is bloody shocking! on a secure OS you should not be able to log in as root, unless you know the root password!!! this is as bad as that screensaver exploit to logon as root in WinNT!
no it's not. are you seriously suggesting that if a server for a company goes down for example, and somehow the password for root becomes corrupted, or maybe someone changed it maliciously, there sghould be NO way to get that server working again? reformat the thing???? Lilo and Grub both have numerous security option that can require additional passwords in order to boot the system into a non predefined state, i.e. single user mode.
if you say so, but security is only as secure as the weakest link in the chain. A company, as you say, would probably have all that stuff configured in a secure fashion. Many home users may not know how to, or even that the capability exists to either login as root without the password, or to stop someone from doing so.
Anything that can be exploited is an exploit.
Well how far do you want to go to secure your computer as a home user? Someone needs to have physical access to your computer to change the root password in that way.
I'm sure any creative person who has physical access to your computer can find many ways to break it. A hamer should do a bit of damage. Do you also consider that as a weak link in the chain?
not really, actually linux is very secure, for a lot of reasons, and i think that it's fine the way it is, but there's always room for improvement.
The winNT exploit i mention also requires physical access, but unlike linux (and this is the important bit) there is no way to configure winNT so that the exploit won't work, because M$ has not released a patch for it, and it's a closed source system.
So, actually, no i think it's fine so long as everybody does as they're supposed to, but the more backdoors get left open, by undereducated companies for example, the more people are going to use those backdoors. and so on.
I don't know much about it and i'm not up for an argument, i'm just saying an exploit is an exploit, if it ends up getting exploited by somebody...
Originally posted by Calum I don't know much about it and i'm not up for an argument, i'm just saying an exploit is an exploit, if it ends up getting exploited by somebody...
if you are going to suggest that say, the su command is an explot, and logically say... rm is an exploit.. then yes it is an exploit.. but if rm isn't one, then neither is the ability to boot to single user mode.
I've got a SuSE Linux box but don't know the root password.
I've tried the following, but it doesn't work as it still asks for a root password.
Any ideas??
>>>>>
I' tried....
1. At LILO prompt: linux single
2. The machine then boots into Single User mode, but then instead of getting a # prompt, it asks for the Root password - which is not 'blank', as I've tried that.
I've also tried booting from a floppy boot disk, but I get the same, as if whilst booting, it detects the hard disk, and reads those root password files.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.