×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Security

How do I recover a lost/forgotten Root password by d3funct
Posted: 9 Jan 01 (Edited 17 Mar 04)

   Here are the instructions into breaking into your own system if you've lost your root-password.  This is taken from an article I found in Linux Gazette, written by Mark Nielsen (http://www.linuxgazette.com/issue41/nielsen1.html).

This document assumes you are partitioned thusly:
  /dev/hda1     swap
  /dev/hda2     /
  /dev/hda3    Dos

Author refers to Redhat 5.2 but this will work with subsequent versions (I've tested it).

Steps:

1.  Make system bootable from CD-rom (either in BIOS or use a boot floppy that will do so).

2. Put Linux Distribution CD into cd-rom drive and turn on computer.

3. Pretend to go through installation of distribution and after it asks you to put in the CD-rom and it gets to the next screen you can now go to the second console window.

4. Press Alt-F2, Alt-F3, Alt-F4, Alt-F5 and then Alt-F1.  You should see the various screens with different messages.  The one we want is Alt-F2.

5. Press Alt-F2.

6. Type "cd /tmp" and press enter.  This takes us to a directory where we can make files, directories, etc...

7. Now we will make a temporary directory and a temporary device for the partition on the hard drive that we want to look at or edit.  Type the following:
 mkdir /tmp/my_dir
 mknod /tmp/my_dev b 3 2   #the two is taken from hda"2"
                            above, so should be wherever your                             "root" partition is.
 mount /tmp/my_dev /tmp/my_dir
 df

 8. "mkdir" makes a directory for us to mount the a partition to.  "mknod" makes a device for 2nd partition on the master hard drive (hda2).  This lets us "see the partition.  In particular, "b 3 2" means "b" is for block device, "3" is the master hard drive on the primary IDE controller and "2" means the second partition.
 "mount" takes the device we can "see" and puts it on top of the directory /tmp/my_dir.
 "df" lets you see what filesystems are mounted and where.

  Now we can iether edit the password file or perhaps something like turning off xwindows from starting up if you have a computer using xdm.  Let's do the password

 9. type: "cd /tmp/my_dir/etc" then "vi passwd"

 10. You need to know how to use vi (a great editor found on almost every UNIX by default). "x" deletes a character, "i" inserts characters, "Esc" turns on and off command mode/insert mode, "wq!" writes, quits and ignores any problems with
read-only files, "h" moves one character to the left, "l" one character right, "k" up one line, "j" down one line.

 11. Now in the passwd file press "j" until you get to the line you want to be on "root"   (for our example)
 root:x:0:0:root:/root:/bin/bash  # here we want to delete                                       the "x" which is telling
                                 us the password is shadowed.
 Now type "wq!" (without the quotes)

    12. Now type "vi shadow"

    You may see a line for root that looks like this
root:$1$Upkf7iIA$.nSNmn0MkoRP2srJsUx.0/:11321:0:999999:7:::
just delete everything between the colons to make it look like
 root::::::::   # that's 8 (eight) colons after the word                   "root"

 Now type "[Esc], :, wq!, enter" to write the file, quit and ignore read-only problems.

   13.  Now you're done editing the file, what is the problem now?  If you reboot you will likely lose all of your changes. You must unmount the directory, THEN reboot.

 14. Do this > "cd /tmp" > "umount /tmp/my_dir" > "df"

 15.  After ensuring you unmounted ok, press CTRL-Alt-Del to reboot.  Also, take the cdrom out fo the cdrom drive.  When your computer restarts I'd recommend having your BIOS boot off the hard drive rather than the CD-rom.  

 That's it, this is very useful in the case of lost/forgotten root passwords.  But it's also good for fixing other problems when you just can't get it booting the right way.  As I said, I plagarised the hell out of his article.  But it was a great article and helped me out immensly.  I hope Mr. Nielsen doesn't mind my copying his work for this forum.  

d3funct
d3funct@comcast.net
The software required `Windows 95 or better', so I installed Linux.

Back to Linux (server) FAQ Index
Back to Linux (server) Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close