Root password forgotten

Root password forgotten

Post by Yong Chuan T » Tue, 16 Jun 1998 04:00:00



I have Debian distribution of Linux installed, but I forgot my root
password, could anyone tell me how I can get root access back? Thanks.
Yong

 
 
 

Root password forgotten

Post by Evan DiBias » Tue, 16 Jun 1998 04:00:00


Quote:>I have Debian distribution of Linux installed, but I forgot my root
>password, could anyone tell me how I can get root access back? Thanks.

You can't...

--

-Evan
------------
"Give people the outline, and they should say [sickly sweet voice, babytalk
almost] 'Ooh, what a cuddly penguin, I bet he is just _stuffed_ with
herring', and small children will jump up and down and scream 'mommy mommy,
can I have one too?'."
-- Linus Torvalds, describing what the Linux penguin should look like

Some people have told me they don't think a fat penguin really embodies the
grace of Linux, which just tells me they have never seen a angry penguin
charging at them in excess of 100mph. They'd be a lot more careful about
what they say if they had.
-- Linus Torvalds



>I have Debian distribution of Linux installed, but I forgot my root
>password, could anyone tell me how I can get root access back? Thanks.
>Yong



 
 
 

Root password forgotten

Post by Stefano Del Cont Bernar » Tue, 16 Jun 1998 04:00:00


Try this: boot Linux from floppy (do you have a boot/root floppy ? take a
look at bootdisk HOWTO) and login as root (in the floppy root filesystem),
then mount your hard disk (where password's file is installed) under a
directory on your floppy filesystem. Now you are able to access to passwd
file on the HD filesystem. Edit the file /etc/passwd removing the encrypted
password from the root user and save it. Remove the floppy and reboot: now
the root has no password so you can login simply with username"root"  and no
password.

Good luck
Stefano


>I have Debian distribution of Linux installed, but I forgot my root
>password, could anyone tell me how I can get root access back? Thanks.
>Yong


 
 
 

Root password forgotten

Post by John Gira » Tue, 16 Jun 1998 04:00:00


: >I have Debian distribution of Linux installed, but I forgot my root
: >password, could anyone tell me how I can get root access back? Thanks.
:
: You can't...

Either Evan is assuming you don't have an alternate boot device, or else
Debian has gone way off-mainstream since I last checked.  Assuming you have
a standard floopy drive and boot disk (or a way to make one), just use that.

cheers
jg

p.s. followsup culled severely.

--
"don't listen when you're told about the best days in your life     Spirit of
 a useless old expression, it means passing time until you die."     the West
 /\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\/

 
 
 

Root password forgotten

Post by Jeremy Crabtre » Tue, 16 Jun 1998 04:00:00



> >I have Debian distribution of Linux installed, but I forgot my root
> >password, could anyone tell me how I can get root access back? Thanks.

> You can't...

You are incorrect. He _can_ . If he has LILO on his drive he can use
'linux single' to get into his system without logging in, he will then
be able to remove the root's password from /etc/passwd . _OR_ he could
boot up using the root/boot floppies he should have made at install
time, then mount his linux drive and follow the same procedure for
removing the password.

--
Vive Macintosh, all hail OS/2, Long live the Amiga, UNIX forever, umm,
and all the other systems I didn't mention. We all compute differently,
get over it.                                          Jeremy Crabtree

 
 
 

Root password forgotten

Post by Ben Sandle » Tue, 16 Jun 1998 04:00:00



> I have Debian distribution of Linux installed, but I forgot my root
> password, could anyone tell me how I can get root access back? Thanks.
> Yong


Boot up and pass the argument "single" to lilo, ie.:
LILO: linux single
It should log you in as root with no password required.  Then change
your passwd.

- Ben

--
Ben Sandler
email me: sandler at ymail dot yu dot edu

"Windows is an operating system, not a religion."
- Ted Waitt, chairman of Gateway

 
 
 

Root password forgotten

Post by Evan DiBias » Tue, 16 Jun 1998 04:00:00


Quote:>Either Evan is assuming you don't have an alternate boot device, or else
>Debian has gone way off-mainstream since I last checked.  Assuming you have
>a standard floopy drive and boot disk (or a way to make one), just use

that.

True enough... I should really check these things before I reply to them...
;-)

--

-Evan
------------
"Give people the outline, and they should say [sickly sweet voice, babytalk
almost] 'Ooh, what a cuddly penguin, I bet he is just _stuffed_ with
herring', and small children will jump up and down and scream 'mommy mommy,
can I have one too?'."
-- Linus Torvalds, describing what the Linux penguin should look like

Some people have told me they don't think a fat penguin really embodies the
grace of Linux, which just tells me they have never seen a angry penguin
charging at them in excess of 100mph. They'd be a lot more careful about
what they say if they had.
-- Linus Torvalds



>: >I have Debian distribution of Linux installed, but I forgot my root
>: >password, could anyone tell me how I can get root access back? Thanks.
>:
>: You can't...

>cheers
>jg

>p.s. followsup culled severely.

>--
>"don't listen when you're told about the best days in your life     Spirit
of
> a useless old expression, it means passing time until you die."     the
West

/\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\/
http://skyron.harvard.edu/ --
 
 
 

Root password forgotten

Post by Brent Rade » Tue, 16 Jun 1998 04:00:00




> > I have Debian distribution of Linux installed, but I forgot my root
> > password, could anyone tell me how I can get root access back? Thanks.
> > Yong

> Boot up and pass the argument "single" to lilo, ie.:
> LILO: linux single
> It should log you in as root with no password required.  Then change
> your passwd.

  Ok, so isn't this a bit of a security problem??? Is there any way to stop
someone from re-booting my Linux box like this and changing my root
password?? Of course I would probably be more worried about them breaking
into my house to get to my Linux box.  But if you have a Linux machine
somewhere where a person could do this, could you stop it?

~BR

 
 
 

Root password forgotten

Post by Douglas R. Flo » Tue, 16 Jun 1998 04:00:00




Quote:

>  Ok, so isn't this a bit of a security problem??? Is there any way to stop
>someone from re-booting my Linux box like this and changing my root
>password?? Of course I would probably be more worried about them breaking
>into my house to get to my Linux box.  But if you have a Linux machine
>somewhere where a person could do this, could you stop it?

>~BR

You could add two lines:

restricted
password=your_password

to /etc/lilo.conf in the stanza that boots your Linux box, run lilo,
and when someone tries to boot LILO with "linux single", or any other
option to that stanza, LILO will ask for a password.

This even works with MS-DOS and other OS partitions.  (I have a Linux box
which I installed from CD, which doesn't even have a floppy drive in it,
so I have it password protected, and the case locked.  This will keep out
the midly curious, but anyone with any real intent can still pry the case
open, zap the NVRAM, stick a floppy drive, and boot.  You can use TCFS, to
encrypt your data, but I digress.)

The lilo man page is quite terse, but the docs that come with LILO explain
this in much greater detail (the LILO password protection).

 
 
 

Root password forgotten

Post by Jürgen Exne » Tue, 16 Jun 1998 04:00:00





>> > I have Debian distribution of Linux installed, but I forgot my root
>> > password, could anyone tell me how I can get root access back? Thanks.
>> > Yong

>> Boot up and pass the argument "single" to lilo, ie.:
>> LILO: linux single
>> It should log you in as root with no password required.  Then change
>> your passwd.

>  Ok, so isn't this a bit of a security problem??? Is there any way to stop
>someone from re-booting my Linux box like this and changing my root
>password?? Of course I would probably be more worried about them breaking
>into my house to get to my Linux box.  But if you have a Linux machine
>somewhere where a person could do this, could you stop it?

This issue comes up every other month:

Attack 1: Use boot option "single"
Protection: Add a password to /etc/lilo.config. Then LILO will ask for a
password when it sees an additional parameter to a boot image (see man lilo
for details)

Attack 2: Boot with a boot/root floppy
Protection a: disable boot from floppy in the BIOS

Attack 3a: re-enable boot from floppy in the BIOS
Protection: protect the BIOS with a password

Attack 4a: reset the BIOS to default values
Protection: this attack requires opening the case, so lock it with a pad
lock or place an armed guard next to it.

Protection 2b: remove the floppy drive

Attack 3b: put the floppy drive back
Protection: same as 4a

Attack: open the case, remove the HD, and hook it up to another computer
Protection: see 4a

Baseline: If you have physical access to the computer, then you can do
everything and no software can prevent it.

jue
--
Jrgen Exner; jurgenex AT microsoft.com
Sorry for this anti-spam inconvenience

 
 
 

Root password forgotten

Post by Lars Torben Wilso » Tue, 16 Jun 1998 04:00:00





> > > I have Debian distribution of Linux installed, but I forgot my root
> > > password, could anyone tell me how I can get root access back? Thanks.
> > > Yong

> > Boot up and pass the argument "single" to lilo, ie.:
> > LILO: linux single
> > It should log you in as root with no password required.  Then change
> > your passwd.

>   Ok, so isn't this a bit of a security problem??? Is there any way to stop
> someone from re-booting my Linux box like this and changing my root
> password?? Of course I would probably be more worried about them breaking
> into my house to get to my Linux box.  But if you have a Linux machine
> somewhere where a person could do this, could you stop it?

Physical access to the machine is the problem, and if it is possible,
all other security measures become superfluous.

Torben

 
 
 

Root password forgotten

Post by Christopher B. Brow » Thu, 18 Jun 1998 04:00:00





>>: >I have Debian distribution of Linux installed, but I forgot my root
>>: >password, could anyone tell me how I can get root access back? Thanks.
>>:
>>: You can't...

>>Either Evan is assuming you don't have an alternate boot device, or else
>>Debian has gone way off-mainstream since I last checked.  Assuming you have
>>a standard floopy drive and boot disk (or a way to make one), just use that.

>If it is only root access that has been lost, just go to bugtraq and
>find a hole in a suid root program that you have not yet applied the
>fix for and exploit it.

I hesitate in some ways to ask this; how does one do that?

From what I can see, exploiting suid requires constructing little bits of
machine language and dropping them some place *real* particular.

I daresay that *my* intent is "strictly honourable;" to understand the
system better.  (On my systems, I obviously already have root access.  I
hardly need a hack for that.) That obviously isn't necessarily true for all
the possible gentle readers.

--
Those who do not understand Unix are condemned to reinvent it, poorly.  
-- Henry Spencer          <http://www.hex.net/~cbbrowne/lsf.html>

 
 
 

Root password forgotten

Post by Jae » Thu, 18 Jun 1998 04:00:00



Quote:> Ok, so isn't this a bit of a security problem??? Is there any
> way to stop someone from re-booting my Linux box like this
> and changing my root password?? Of course I would probably be
> more worried about them  breaking into my house to get to my
> Linux box.  But if you have a Linux  machine  somewhere where
> a person could do this, could you stop it?  Physical access
> to the machine is the problem, and if it is possible, all other
> security measures become superfluous.

  Just out of curiousity - is does your machine hold that much vitial
information that you would have to worry about this?

  Anyways - scroll back and find my post w/ the slide program. Then
you won't have to worry about forgetting your root passwd.

-Jae

 
 
 

Root password forgotten

Post by David M. Co » Fri, 19 Jun 1998 04:00:00




Quote:>  Ok, so isn't this a bit of a security problem???

Oh, god, not this thread again.

Dave Cook

 
 
 

Root password forgotten

Post by A. van Di » Fri, 19 Jun 1998 04:00:00



>   This message is in MIME format.  The first part should be readable text,
>   while the remaining parts are likely unreadable without MIME-aware tools.

> ---559023410-851401618-898108585=:24215
> Content-Type: TEXT/PLAIN; charset=US-ASCII

> >   Ok, so isn't this a bit of a security problem??? Is there any way to stop
> > someone from re-booting my Linux box like this and changing my root
> > password?? Of course I would probably be more worried about them breaking
> > into my house to get to my Linux box.  But if you have a Linux machine
> > somewhere where a person could do this, could you stop it?
>   which is why you disable the root account and find the program called slide.
>   slide uses your own password to give you root privledges, making the
> actual root login unnecessary.
>   I'm going to attach the tar.gz file so anyone who is interested in
> the program can get it.

Why don't you just mention the URL. This is not a binary newsgroup. Thank YOU.
--
"Thunder Rolled... It rolled a six"
                      Terry Pratchett, Guards! Guards!