Comments on: How To Reset the Root Password in Linux

By: How to reboot single user mode « JealousGuy’s unreadable blog

How to reboot single user mode « JealousGuy’s unreadable blog — Sat, 07 Mar 2009 11:08:26 +0000

[...] How to reboot single user mode By mantikore http://www.ghacks.net/2009/02/25/how-to-reset-the-root-password-in-linux/ [...]

By: Rupert

Rupert — Thu, 05 Mar 2009 09:17:39 +0000

So, this resets the root password, but keeps all other data unchanged?

Wow, seems like a major security flaw to me and I thought Linux was secure. But I suppose it is the difference between preventing people doing something stupid to their system with root access, and preventing people accessing your sensitive data and messing up your box with root access.

I am guessing there is no way to access this login via SSH or remotely, so you atleast need access to the machine?

By: computer_freak_8

computer_freak_8 — Mon, 02 Mar 2009 21:15:26 +0000

@Raoul:
A-ha! That makes sense, then, since I always specify a root password once I setup a system.

If there’s no password, there’s nothing to enter!

Thanks for the information; it is good to know.

By: Raoul

Raoul — Mon, 02 Mar 2009 10:06:55 +0000

note: it does only work, if you didn’t specify a root password before (the normal case on ubuntu). Else it asks for the root-password when entering singe-user mode.

On (k)ubuntu systems, I would recommend to set a very secure root-password instead of leaving it blank, or to completely disable (lock) the root account by typing:

sudo passwd -l root

But like I already said, with a Knoppix CD, you can change the root-password of every linux. If the BIOS is password-protected, unplug the PC and remove the battery on the motherboard ;)

By: Raoul

Raoul — Mon, 02 Mar 2009 09:42:18 +0000

@computer_freak_8: really, I didn’t need the old password here on kubuntu!

By: Raoul

Raoul — Mon, 02 Mar 2009 09:41:14 +0000

I tested on Kubuntu Intrepid Ibex, and it works here! That is far too easy, for me it’s a real security issue. I always thought one would have to boot a Knoppix CD and update the /etc/passwd file manually to change the root password….

By: computer_freak_8

computer_freak_8 — Thu, 26 Feb 2009 23:42:26 +0000

I’m surprised that this actually works on some distributions. I know that on Ubuntu, and I think Debian, too, the root password is required just before entering the root shell in single-user mode.

By: ic3djava

ic3djava — Thu, 26 Feb 2009 15:55:59 +0000

I tried this on a SUSE Linux Enterprise 9 Server. Upon bootup to Single-User mode (Run Level 3), the system prompted me for the root password. After so many failed attempts it changes the runlevel to reboot (Run Level 6).

Different results but the info will probably come in handy on Fedora or another system someday so it is useful info anyway, thanks!

By: Sai Charan

Sai Charan — Thu, 26 Feb 2009 12:35:25 +0000

I’ve missed Final Thoughts :D

By: How to OWN any Linux box otherwise known as “A Cry for HELP” « Cheap FREE software ! from Jazzy Jeph

Thu, 26 Feb 2009 10:45:12 +0000

[...] Posted by jazzyjeph on February 26, 2009 Although Linux is known for its security amongst other things it seems to be frighteningly easy to reset the Root password thereby giving you complete access to ALL the files of ANY user on the system, this seems like a major oversight that should have been locked down a long time ago or perhaps i’m missing something if anybody can enlighten me. I realise you could remove the Shutdown/Restart options from a desktop or BIOS lock a computer but surely there must be another way, at least in Windows you have to reboot with a LIVE CD to reset the Administrator password.Please feel free to share any ideas on this subject.It was the excellent gHacks website that reminded me of this, you can read more here How To Reset the Root Password in Linux [...]

By: jack

jack — Wed, 25 Feb 2009 23:22:06 +0000

Dotan: in all seriousness…if i had to store a file like that on a PC most likely i would use gpg to encrypt the file with a key not shared out to anyone.

By: jack

jack — Wed, 25 Feb 2009 21:13:12 +0000

Dotan: fortunately this file is actually a hard copy, in a notebook, in my office. ;-) so you’d have to have access to my office and then know where the piece of paper is. ;-)

By: Dotan Cohen

Dotan Cohen — Wed, 25 Feb 2009 19:40:30 +0000

What is the IP address of the machine with your master password file? :)

Seriously, though, in what format do you save that password file? Is a password-protected .ods document considered enough?