[CentOS] Lost root access

Thu Feb 3 13:40:16 UTC 2011
Rafa Griman <rafagriman at gmail.com>

Hi :)

On Wed, Feb 2, 2011 at 3:44 PM, James Bensley <jwbensley at gmail.com> wrote:
> So on a virtual server the root password was no longer working (as in
> I couldn't ssh in anymore). Only I and one other know it and neither
> of us have changed it. No other account had the correct privileges to
> correct this so I'm wondering, if I had mounted that vdi as a
> secondary device on another VM, browsed the file system and delete
> /etc/shadow would this have wiped all users passwords meaning I could
> regain access again?
>
> (This is past tense because its sorted now but I'm curious if this
> would have worked? And if not, what could I have done?).


As the other said: DON'T delete /etc/shadow.

Someone also mentioned you could modify the hash in /etc/shadow. This
will work if you are root or have the right permissions with sudo.

If you can reboot the system, what really works great is passing the
following option to the kernel on the lilo/grub screen when the system
boots:

     init=/bin/bash

This will give you a shell without being asked for a password (unless
the sys admin has done his homework ;) Now that you have shell access
... you are in charge so you can:

     - mount the / partition and chroot

     - edit /etc/shadow and delete the password hash

     - whatever you can imagine ... you decide ;)


HTH

   Rafa