[Chester LUG] "Recovering" (SUSE) (root) passwords

Fri Feb 26 16:02:37 UTC 2010

Afternoon --

To follow up with yesterday evening's discussion, here is how to 
"recover" a root password on an installed SUSE (and other with slight 
modifications) Linux system. I use inverted commas because one doesn't 
recover it, it is chnaged to something new; likewise, other users' is 
just removed and re-set.

These steps will only apply when GRUB is installed; other boot-
loaders, like the one on the CD, need a slightly different process.

The process involves starting the system in single-user mode 
(automatically logging in with the root account), changing root's 
password and optionally removing the password associated with other 
local accounts.

1) During boot, enter the GRUB boot-loader screen by pressing Escape.
 - This is where we select which OS to boot. Many contemporary distros 
use the 'hiddenmenu' feature, booting the default OS if the user 
doesn't hit a key within 5secs or so. Catch this time-out and display 
the GRUB menu proper.

2) Ensure the distro item is selected and press 'E'.
 - This will display the configuration for booting that particular OS. 

3) Highlight the 'kernel' line and hit 'E'
- This will edit the individual line of the configuration set.

4) Append to the end of this line the word 'single'
 - This option, or flag, tells the kernel to start a single-user 
console, rather than continuing a normal boot process with Init, after 
loading the kernel.

5) At the shell, change root's password with the 'passwd' command.
 - Single-user mode's single user is root. Double-check the currently-
logged in user with the 'whoami' command, or make sure the prompt 
contains the hash symbol instead of the normal dollar sign.

6) Optionally, edit the /etc/shadow file to remove other users' -- not 
root's -- passwords. Remove the 2nd field.
 - The line should read something similar to:
johndoe:$6$imR8AG.G$nK4HHDTraw.w7xN1IHAM5ot1dc:13562:0:99999:7:::
johndoe::13562:0:99999:7:::
but keep the colons. They're the delimiters that separate each field.

 - the /etc/shadow file mirrors the list of user accounts found in the 
/etc/passwd file. When a user attempts to log-in, the password entered 
is hashed and compared to the stored MD5 hash found in /etc/shadow.

7) Restart the system.
 - The only time you'll have to turn it off and back on again.

8) Log in as root with the new password.
 - If this is not accepted, reboot in to single-user mode again and 
re-set it.

9) Change other users' passwords using 'passwd username'
 - Root, as superuser, can change the passwords of others accounts. 
Other users, however, can only change theirs; sudo must be used for 
others.

10) Stick the kettle on.

Again, this is a generic process that may be slightly different on 
SUSE, but it shouldn't. I'm pretty sure there isn't anything that can 
*totally* knacker up a box, but system-level stuff is always prone to 
slips :) (Confidence FTW)

Hope it helps!

-- 

Ben Arnold
Chester, UK

e: iamseawolf at gmail.com
e: ben at seawolfsanctuary.com
w: seawolfsanctuary.com

nom = { :cookies => :mouth }
nom; nom; nom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20100226/e27f0104/attachment.sig>