UbuntuThis forum is for the discussion of Ubuntu Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Any body knows how to reset a root password after inserting a live cd,
ie . i need to reset my existing ubuntu root password, other options all i tried its gud , but need to knw hw to do this while having a live cd and resetting it !!!!!!
Yeah, google it, and post back here if you don't find the information you need. If you find the information you need, I guess you should paste in the link here on this thread to help out others later on.
Once your live cd is up, mount your root partition (if it's still not mounted), for example, on /mnt/sda1:
Code:
mount /dev/sda1 /mnt/sda1
and edit (as root) its /etc/shadow (file where passwords are stored) with your prefered text editor:
Code:
nano /mnt/sda1/etc/shadow
Now, go to the line that begins with 'root' (normally the first) and look between the two firsts semicolons (':'). It should look something like this:
Code:
root:$3$kjhsSJSKSSjuiljs:13895:0:99999:7:::
The bold part is the encrypted password. If you delete it, you will reset the password. If you want to put another password instead, you can copy some from the working shadow file (real /etc/shadow) just after changing it with /usr/bin/passwd .
If you normally login to root with sudo instead of su or direct root login, you'll need to delete your user password instead of your root password (normal behavior with ubuntu, ie, look for the user you created with the installation/the user you normally use).
Once you deleted/changed the right password, you can reboot without the live cd and login and, if you want, reset to the definitive password with /usr/bin/passwd once you gained root privileges (or not if you use sudo instead of su/direct login).
Hi again, vibinlakshman.
Normally, live CDs give automount facilities for the partitions on the PC they're running on. If you found out your system /etc/shadow (where ever it was), it was because the live CD did the work for you.
If you couldn't mount your system root partition, it was probably by one of these reasons (or all of them):
* Your hard disk is an IDE disk: it should be named /dev/hda instead of /dev/sda
* Your system disk is not the firs: it should be called /dev/sdb, /dev/sdc...
* Your system root partition is not the first in the disk: it may be called /dev/sda2, /dev/sda3...
For disk discovering, you can use this simple command :
Code:
ls /dev/{s,h}d??
For partition discovering, you can use fdisk or df to discover which is your system root, or just mount them all and look inside them.
Some systems won't allow sudo or let root log in with a zeroed root password. If you find this is the case, you could copy your regular user's password hash for root's. Then boot up normally and use your own password to run "sudo passwd" and change roots password.
So, I guess the next logical discussion point is "How-to prevent unwanted intrusions into /etc/shadow". Protecting passwords is a crucial, but not only, security issue. If it's this easy to break a system's security, what might be the next countermeasure.
So, I guess the next logical discussion point is "How-to prevent unwanted intrusions into /etc/shadow". Protecting passwords is a crucial, but not only, security issue. If it's this easy to break a system's security, what might be the next countermeasure.
Agreed. I'm quite concerned with how easy it is to change the root password in this way. Is there a way to prevent or at least make the process harder?
As long as one has physical access to a linux box, resetting the root password is the easiest thing. Of course, there are quite a lot of measures one can take (password on BIOS, etc), but there will always(?) be ways to work around them. So keep your hardware locked up somewhere, and focus on software based security measures.
Hi every one!!
If you can not physically lock your computer, you can always password lock your BIOS and your Boot loader (LILO, GRUB, etc) and crypt lock your system partition(s). With that, every time your computer starts up, it may ask for passwords to decrypt partitions. This is (I think) a good security enhancement, but will always be more options to get inside your system:
If some one opens your computer and resets the BIOS, BIOS password will disappear (not at all necessary: I've seen some new machines with BIOS reset button accessible from outside the machine!)
If some one boots your computer up with a live CD, Boot loader password is just skipped
If some one takes your Hard Disk and plugs it on a different machine, BIOS password is also skipped
If some one has a powerful machine, will be able to --force brute-- break your partition(s) password(s) and be able to read and modify your passwords on /etc/shadow (hard work, but possible). Also, encrypting disks may --will!-- decrease system speed.
I think that complete security is impossible. You can only make things harder for possible intruders. And this is true --and will remain as is forever, I think-- for all operating systems: If someone can enter the system (as you will), anyone with enough informatics knowledge/power will also be able to do.
Am I wrong?
emi
Edit: /etc/shadow protecting issue has always been a crucial issue for system developers and admins. Whole linux security system is enhanced to prevent /etc/shadow reading and writing and, still more, passwords are encrypted to prevent a little more intrusions on that. Hackers know that and will usually look for system holes to obtain root access to your computer, sometimes just to be able to read /etc/shadow and then be able to force brute break its passwords, sometimes to directly do whatever they are looking to do on your computer (as read sensible data or move a satellite to wherever they want ).
Somewhere between common sense (strong passwords, physical protection) and supergluing your CD drive shut, is that place where comprehensive security provides enough reasonable protection for whatever information may be permanently stored on your PC.
And sometimes you just need to be careful with what is actually in permanent, on disk storage. Strong encryption on specific files, very sensitive information kept separate from your actual PC, very strong passwords changed at intervals all work to make it more difficult to get your information - but not impossible for the truly persistent thief. It does narrow down the list of those who will take the time to get to your information.
Where I work, we use token authentication or strong and long (15 character minimum) passwords with frequent, enforced changes. The workstations are in protected, limited access areas with the servers in more highly protected, even more limited access areas. There are other security measures, too, on physical access using small devices. This does not prevent all surreptitious attempts or stop the occasional, though limited intrusion, but it does support high accessibility. For you and me, that's a bit extreme and certainly a very expensive solution.
Still we have important information that we ought to protect. So what else do you think you and I can do?
I've read that many sysops will remove the cable for the cdrom device for servers. They don't want someone accidently leaving in a cdrom and have the system fail to reboot, or have reads of a faulty cdrom bog down the server. This is in an access controlled server room.
Remember that USB devices can be used to boot as well on many systems. If you want to prevent that, you could disable the ability in BIOS and password protect the bios. Allowing USB keyboards & Mice but not allowing using a usb pendrive is trickier. Perhaps disabling vfat, ntfs and usbstorage when building the kernel would do it for most people. Using PolicyKit may be better. Or both for layered security.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.