On Thu, Feb 3, 2011 at 3:14 PM, Rafa Grimán <rafagriman at gmail.com> wrote: > On Thursday 03 February 2011 20:42 Robert Heller wrote >> At Thu, 3 Feb 2011 20:12:17 +0100 CentOS mailing list <centos at centos.org> > wrote: >> > Hi :) >> > >> > On Thursday 03 February 2011 14:59 Giles Coochey wrote >> > >> > > On 03/02/2011 14:40, Rafa Griman wrote: >> > > > Hi :) >> > > > >> > > > On Wed, Feb 2, 2011 at 3:44 PM, James Bensley<jwbensley at gmail.com> > wrote: >> > > >> So on a virtual server the root password was no longer working (as >> > > >> in I couldn't ssh in anymore). Only I and one other know it and >> > > >> neither of us have changed it. No other account had the correct >> > > >> privileges to correct this so I'm wondering, if I had mounted that >> > > >> vdi as a secondary device on another VM, browsed the file system >> > > >> and delete /etc/shadow would this have wiped all users passwords >> > > >> meaning I could regain access again? >> > > >> >> > > >> (This is past tense because its sorted now but I'm curious if this >> > > >> would have worked? And if not, what could I have done?). >> > > > >> > > > As the other said: DON'T delete /etc/shadow. >> > > > >> > > > Someone also mentioned you could modify the hash in /etc/shadow. This >> > > > will work if you are root or have the right permissions with sudo. >> > > > >> > > > If you can reboot the system, what really works great is passing the >> > > > following option to the kernel on the lilo/grub screen when the >> > > > system >> > > > >> > > > boots: >> > > > init=/bin/bash >> > > > >> > > > This will give you a shell without being asked for a password (unless >> > > > the sys admin has done his homework ;) Now that you have shell access >> > > > >> > > > ... you are in charge so you can: >> > > > - mount the / partition and chroot >> > > > >> > > > - edit /etc/shadow and delete the password hash >> > > > >> > > > - whatever you can imagine ... you decide ;) >> > > >> > > That would do it... There is single-user-mode (runlevel 1), just add >> > > the word single to the kernel parameters line before bootup >> > > >> > > It will give you the same result and mount stuff without the need to >> > > chroot etc... >> > >> > Yes, but S|Single|1 asks for root password to login ... And he doesn't >> > have the root password ;) >> >> RedHat / RHEL / CentOS does not do that! > > > True, just tried it with RHEL 6 and CentOS 5.3. Well it should ask for a > passwd ... at least IMHO. > > Then again ... an admin should configure grub/lilo to ask for a password if you > pass parameters to the kernel during boot time :) > > >> At least never on any of my >> machines -- is there some config option for that? Yes, for manual fchk >> it does, but not otherwise. > > > I'll check, but no idea. In CentOS 5, use "~~:S:wait:/sbin/sulogin" in "/etc/inittab" to enter runlevel S with a password. In CentOS 6, use "SINGLE=/sbin/sushell" in "/etc/sysconfig/init" to enter runlevel S without a password (default) and "SINGLE=/sbin/sulogin" in "/etc/sysconfig/init" to enter runlevel S with a password.