Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: How do I prevent my machine from announcing OS version, daemon version, etc in the banner message? Next Document: Is a portscan of a machine malicious/illegal/unfriendly? See reader questions & answers on this topic! - Help others by sharing your knowledge root; what do I do?) Basically, you want to boot from CD/floppy or in single-user mode. Single-user mode in some versions of unix still prompts for the root password, but can nevertheless be used to recover from messing up the root line in /etc/passwd farther along, e.g. changing the shell to something inappropriate. And in some versions of unix it doesn't ask for the password. To boot in single-user mode, in a prom monitor (e.g. L1-A on a Sun, or press ESC while booting an SGI), you want a command like "single" or "boot -s" or "b -s". At the linux LILO prompt, you want something like "linux s". If "linux s" gives you problems, "linux init=/bin/sh" might bypass the normal boot sequence and just give you a shell, but you'll have to remount the root filesystem (see below). After single-user mode, it's cleaner to reboot rather than to press ^D to do the multiuser boot, because the init "runlevel" mechanism is hacky. It might be more rewarding to boot from OS installation media. They usually give you the opportunity to run a shell (e.g. in irix inst, type "sh"; in redhat linux, press ctrl-alt-F2; in solaris, get a menu with the right button in the background and select "command tool" in the "utilities" submenu). In this case, do a "df" to find your root partition on something like /root or /mnt (or, in solaris, /a). Sometimes it's easier to make like a "cracker" and break in to it. I imagine that most people who forget their root password have machines which can easily be broken into... Once you're in, you can edit the password file (or /etc/shadow as appropriate), or you can change the password without supplying the old one as root by typing "passwd root". (Depending on how you got there, a plain "passwd" might not know it's root's password you're trying to change.) If you clear the password entry, be disconnected from the internet until you've set a new root password (probably after a normal reboot). If the above doesn't answer your question, please look for a faq specific to your version of unix; if you end up posting here, please state precise version of unix including version number (e.g. "irix 5.3", not just "5.3"). Problems editing the password file or running "passwd root" include: /usr might not be mounted in single-user mode (and /bin might be a symlink to /usr/bin, so most things might be on /usr). You can probably just type "mount /usr" or "/sbin/mount /usr". Other filesystems might also be unavailable but probably aren't needed just to change the password (and you're about to reboot to get things back to normal after you change root's password). The root filesystem might be mounted read-only, depending on how you got there. "mount / -o remount,rw" might fix this. User Contributions:Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: How do I prevent my machine from announcing OS version, daemon version, etc in the banner message? Next Document: Is a portscan of a machine malicious/illegal/unfriendly? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: flaps@dgp.toronto.edu (Alan J Rosenthal)
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: