Difference between revisions of "Reset root password"

From ArchWiki
Jump to: navigation, search
(Pointing out disk encryption as a countermeasure to password recovery)
(38 intermediate revisions by 12 users not shown)
Line 1: Line 1:
If you have been locked out of your root account for whatever reason, you can use these processes to reset your root password and regain access to your system.
+
[[Category:System recovery]]
 +
[[Category:Security]]
 +
[[ar:Password Recovery]]
 +
[[it:Password Recovery]]
 +
[[ja:Password Recovery]]
 +
[[ru:Password Recovery]]
 +
[[zh-cn:Password Recovery]]
 +
This guide will show you how to recover a forgotten root password.  A several methods are available that can help you accomplish this.
  
== Method 1 - LiveCD ==
+
== Using a LiveCD ==
  
1. Boot the Arch ISO LiveCD and mount your partitions to /mnt
+
With a LiveCD a couple methods are available: change root and use the {{Ic|passwd}} command, or erase the password field entry.  Any Linux capable LiveCD can be used, albeit to change root it must match your installed architecture type.
  
2. Bind mount the dev, proc and sys special mount points into your /mnt:
+
=== Change Root ===
  
mount -t bind /dev /mnt/dev
+
# Boot the LiveCD, and [[Change Root|change root]].
mount -t bind /sys /mnt/sys
+
# Use the {{Ic|passwd}} command to reset your root password.
mount -t bind /proc /mnt/proc
+
# Exit [[Change Root|change root]].
 +
# Reboot, and remember your password.
  
3. chroot into your installation
+
=== Password Erase ===
  
  chroot /mnt /bin/bash
+
1. Boot the LiveCD, and mount your root ('''/''') partition. For example:
  
4. Use the passwd command to reset your root password
+
mkdir /mnt/arch
 +
mount /dev/sda2 /mnt/arch
  
5. Reboot and don't loose your password again!
+
2. Edit the password file with your editor.  Example vim:
  
== Method 2 - Single User Mode ==
+
vim /mnt/arch/etc/shadow
  
# At the Grub menu, highlight the entry for your system and press 'e' to edit.
+
3. Delete the second field on the root line (in [[Vim|vim]] this can be done by going to the first letter/symbol in the field and typing '''d/:/''' then '''Enter'''):
# Highlight the 'kernel' line and press 'e' again to edit.
+
 
# Append a space and the number '1' to the end of your kernel line. This tells the kernel to boot to init level 1, or Single User Mode.
+
root:'''$1$9gDquXRP$gbOHLXuqslL.rw81q4pHc1''':14589::::::
# Press enter to save, and 'b' to boot.
+
 
# The system should boot as normal, except instead of booting to a login prompt, it should drop you to a basic shell with a '#' prompt.
+
4. Save the file (''':x''' in vim).
# You can use the passwd command from here to reset your password.
+
 
 +
5. Reboot and root login will not require a password.
 +
 
 +
== Using GRUB to Invoke Bash ==
 +
 
 +
1. Select the appropriate boot entry in the GRUB menu and press '''e''' to edit the line.
 +
 
 +
2. Select the kernel line and press '''e''' again to edit it.
 +
 
 +
3. Append {{Ic|1=init=/bin/bash}} at the end of line.
 +
 
 +
4. Press '''b''' to boot (this change is only temporary and will not be saved to your menu.lst).  After booting you will be at the bash prompt.
 +
 
 +
5. Your root file system should be mounted as readonly so remount it as read/write:
 +
 
 +
# mount -n -o remount,rw /
 +
 
 +
6. Use the {{Ic|passwd}} command to create a new root password.
 +
 
 +
7. Reboot and do not lose your password again!
 +
 
 +
{{Note|Some keyboards may not be loaded properly by the init system with this method and you will not be able to type anything at the bash prompt.  If this is the case, you will have to use another method.}}
 +
 
 +
== Countermeasures==
 +
 
 +
An attacker could use the methods mentioned above to break into your system. No matter how secure the operating system is or how good passwords are, having physical access amounts to loading an alternate OS and exposing your data, unless you use full [[Disk encryption|disk encryption]].
 +
 
 +
== Resources ==
 +
 
 +
* [http://www.howtoforge.com/how-to-reset-a-forgotten-root-password-with-knoppix-p2 this guide] for an example.

Revision as of 19:59, 8 June 2013

This guide will show you how to recover a forgotten root password. A several methods are available that can help you accomplish this.

Using a LiveCD

With a LiveCD a couple methods are available: change root and use the passwd command, or erase the password field entry. Any Linux capable LiveCD can be used, albeit to change root it must match your installed architecture type.

Change Root

  1. Boot the LiveCD, and change root.
  2. Use the passwd command to reset your root password.
  3. Exit change root.
  4. Reboot, and remember your password.

Password Erase

1. Boot the LiveCD, and mount your root (/) partition. For example:

mkdir /mnt/arch
mount /dev/sda2 /mnt/arch

2. Edit the password file with your editor. Example vim:

vim /mnt/arch/etc/shadow

3. Delete the second field on the root line (in vim this can be done by going to the first letter/symbol in the field and typing d/:/ then Enter):

root:$1$9gDquXRP$gbOHLXuqslL.rw81q4pHc1:14589::::::

4. Save the file (:x in vim).

5. Reboot and root login will not require a password.

Using GRUB to Invoke Bash

1. Select the appropriate boot entry in the GRUB menu and press e to edit the line.

2. Select the kernel line and press e again to edit it.

3. Append init=/bin/bash at the end of line.

4. Press b to boot (this change is only temporary and will not be saved to your menu.lst). After booting you will be at the bash prompt.

5. Your root file system should be mounted as readonly so remount it as read/write:

# mount -n -o remount,rw /

6. Use the passwd command to create a new root password.

7. Reboot and do not lose your password again!

Note: Some keyboards may not be loaded properly by the init system with this method and you will not be able to type anything at the bash prompt. If this is the case, you will have to use another method.

Countermeasures

An attacker could use the methods mentioned above to break into your system. No matter how secure the operating system is or how good passwords are, having physical access amounts to loading an alternate OS and exposing your data, unless you use full disk encryption.

Resources