[CentOS] Lost root access

Robert Heller heller at deepsoft.com
Thu Feb 3 19:42:20 UTC 2011


At Thu, 3 Feb 2011 20:12:17 +0100 CentOS mailing list <centos at centos.org> wrote:

> 
> Hi :)
> 
> On Thursday 03 February 2011 14:59 Giles Coochey wrote
> > On 03/02/2011 14:40, Rafa Griman wrote:
> > > Hi :)
> > > 
> > > On Wed, Feb 2, 2011 at 3:44 PM, James Bensley<jwbensley at gmail.com>  wrote:
> > >> So on a virtual server the root password was no longer working (as in
> > >> I couldn't ssh in anymore). Only I and one other know it and neither
> > >> of us have changed it. No other account had the correct privileges to
> > >> correct this so I'm wondering, if I had mounted that vdi as a
> > >> secondary device on another VM, browsed the file system and delete
> > >> /etc/shadow would this have wiped all users passwords meaning I could
> > >> regain access again?
> > >> 
> > >> (This is past tense because its sorted now but I'm curious if this
> > >> would have worked? And if not, what could I have done?).
> > > 
> > > As the other said: DON'T delete /etc/shadow.
> > > 
> > > Someone also mentioned you could modify the hash in /etc/shadow. This
> > > will work if you are root or have the right permissions with sudo.
> > > 
> > > If you can reboot the system, what really works great is passing the
> > > following option to the kernel on the lilo/grub screen when the system
> > > 
> > > boots:
> > >       init=/bin/bash
> > > 
> > > This will give you a shell without being asked for a password (unless
> > > the sys admin has done his homework ;) Now that you have shell access
> > > 
> > > ... you are in charge so you can:
> > >       - mount the / partition and chroot
> > >       
> > >       - edit /etc/shadow and delete the password hash
> > >       
> > >       - whatever you can imagine ... you decide ;)
> > 
> > That would do it... There is single-user-mode (runlevel 1), just add the
> > word single to the kernel parameters line before bootup
> > 
> > It will give you the same result and mount stuff without the need to
> > chroot etc...
> 
> 
> Yes, but S|Single|1 asks for root password to login ... And he doesn't have 
> the root password ;)

RedHat / RHEL / CentOS does not do that!  At least never on any of my
machines -- is there some config option for that?  Yes, for manual fchk
it does, but not otherwise.

> 
>    Rafa
> 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                           



More information about the CentOS mailing list