Re: Forgotten SUSE Linux root Password

On 28 Dec 2005, in the Usenet newsgroup comp.security.misc, in article
<43b31934$0$68650$dbd43001@xxxxxxxxxxxxxxx>, Frank Slootweg wrote:

>Dave wrote:

>> I don't use Linux, but do use Solaris, so perhaps things are a bit
>> different, but I doubt it.

No more than the differences between branded UNIXes. Yes, the warts may
be in slightly different locations, but the warts WILL BE THERE.

>> On a Solaris box, I'd do something like
>>
>> ok> boot cdrom -s // Boot into single use mode on CD

The assumption is that no password is set in the boot ROM preventing
this, but yes

>> # mkdir /tmp/foo
>> # mount /dev/dsk/c0t0d0s0 /tmp/a

ok> b -s
# mount -a
# vi /etc/passwd
# sync
# umount -a
# ^d

>> At this point, 'passwd' would edit the /etc/passwd, not those on the
>> old root partition which is in /tmp/a/etc/passwd

Yeah, I don't remember either SunOS or Solaris having the 'chroot'
command.

[compton ~]$ whatis chroot
chroot (1) - run command or interactive shell with special root directory
chroot (2) - change root directory
[compton ~]$

The O/P was talking about using the passwd command to change root's
password. That command of course doesn't take a file argument (neither
does 'vipw'), so the 'chroot' command is needed to change the system's
idea of what files are where. This isn't needed in boot to single user mode.

>Moe said: "In the case of Linux, you don't even need the rescue system
>disc.", so, AFAICT, he's talking about the real root partition and the
>normal passwd command accessing the real /etc/passwd file.

Exactly - quite similar to the 'b -s' at the 'ok' prompt. Bring it up
single user, and wail away. But for x86 hardware running Linux (and
FreeBSD), I've got systems-on-a-floppy (a very _over-stuffed_ floppy,
but a standard 3.5 inch "1.44" none the less) that can be used as a
rescue system as well. For Linux, google for 'tomsrtbt'.

> Like you, I don't use Linux, but HP-UX. On HP-UX I would boot into ISL
>(Initial System Loader) [1] and do:
>
>ISL> hpux -is
>
> That would boot into (real) single user mode (init state 's') and give
>me a root prompt:

Yup.

>[1] Yes, there's additional security/protection, but also that can be
>circumvented.

Same here, both in SunOS/Solaris and Linux. No need to elaborate. The
standard comment I use is "Physical access beats 5 aces, every time."

>> # vi /tmp/a/etc/shadow
>>
>> I'm not sure how one could *easily* use /bin/passwd to edit the file on
>> the file system at this point.

Lacking the 'chroot' command above, I don't know how easy it might be
either. Would a soft link work? I don't see why not off the top of the
head.

>> At the end of the day, it is all a bit of a non-issue, as it is so easy
>> to use vi to do it!!

Yup

> Well, actually using vi is more complex, at least on HP-UX, because
>it's in /usr/bin and /usr is normally a mounted filesystem, which may be
>down, corrupt, <whatever>.

You got a shell - virtually every one I've worked with have 'echo' and
redirection.

> Also in HP-UX, the passwd command can specify a file other than
>/etc/passwd, so even in your example case there still would be no need
>for vi! :-) (And of course HP-UX also has /etc/shadow-like
>functionality.)

Wonder why they have that capability. What need does it fulfill?
"/etc/passwd" and "/etc/shadow" should always be "there", and not off
on the South 40 someplace.

Old guy
.

Relevant Pages

  • Re: SNMP and virtual IP
    ... Have you updated your routing table of Linux machine with the VIP ... You can check out /sbin/route command for more details. ... Solaris machine using a virtual IP and I have a simple but strange ...
    (comp.protocols.snmp)
  • Re: sun solaris .vs linux
    ... On November 15, 2004 05:06 am, bruce wrote: ... Just curious, all the other posts aside, why you would want to go to Solaris. ... It takes a week to get it to a point of usability that a standard Linux ... likely to get command not found! ...
    (RedHat)
  • Re: Bind Mount Extensions ...
    ... is mounted from "outside of chroot" into "inside of chroot" with ... read-only mode using lofs on Solaris, ... However we can't do this on Linux, or we must use nfs ro mount from ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: linux and Solaris
    ... >> I've recently been looking for a computer networking/admin job here (in ... I have since come across some job postings for Solaris ... I have quite a bit of Linux experience, ... > read the command before hitting Enter, you won't have too many problems ...
    (comp.security.unix)
  • Re: linux and Solaris
    ... > I've recently been looking for a computer networking/admin job here (in ... I have since come across some job postings for Solaris ... Linux, or more specifically, GNU tools have lots of nice user-friendly ... If you are smart enough to RTFM before typing in a command, ...
    (comp.security.unix)