Thursday, December 03, 2009

Reset Linux Root Password Using The GRUB

Before I start the central aspect of this article - resetting the Linux root password, let me quickly introduce you to boot loaders and the GRUB.

A boot sequence is the initial set of operations that the computer performs when the power of a computer is switched on. A boot loader typically loads the main Operating System for the computer.

A computer's central processor can only execute program code found in the Read-Only-Memory (ROM) and Random-Access-Memory (RAM). However, when the computer is switched on, it does not have an Operating System in its ROM or RAM. So a computer initially executes a small program stored in a ROM, which in-turn loads the required code and data into the RAM for execution.

This small program which performs this process is known as a bootstrap loader, bootstrap or a boot loader. This program is generally not the Operating System, but a miniature program which will load the required Operating System into the RAM from the non-volatile storage.

There are several popular boot loaders used today - GRUB, BOOTMGR, LILO and NTLDR. The GNU GRUB (GNU GRand Unified Bootloader) is a boot loader package from the GNU Project and is one of the most popular boot loaders available today. LILO (LInux LOader) is a generic boot loader for Linux. NTLDR (NT Loader) is the boot loader for all releases of Microsoft’s Windows NT Operating System. In later versions of Windows like Vista and Windows 7, NTLDR was replaced by the Windows Boot Manager (BOOTMGR).

In this article, we restrict ourselves to the GRUB loader. Typically, a few dual-boot environments and a few Linux based Operating Systems use the GRUB as their boot loader. Here is a screen-shot of the GRUB loader of Red Hat Enterprise Linux 5 -

There are many scenarios where we might need to reset the root password of our Linux system. Consider you have been assigned to a Linux system to work with and the previous owner forgot to give you the root password; maybe you are in the middle of an important project and you don’t have the root password of the system when you need it urgently and the worst part - the system administrator is not in sight; or maybe you just forgot it. The possibilities are limitless.

But remember, before you attempt to change or replace the password of any machine, make sure you have the necessary permissions from the management authorizing it. If not, it can be mistaken as an attempt to hack into the machine, which is not ethical.

  • Start the system, when the selection screen comes up, navigate to the line for Linux and press 'e'
  • Now, select the entry that begins with the word - 'kernel' and again press 'e'
  • Append 'single' to the end of the existing line. Make sure there is a space between the existing content and 'single'
  • Press 'b' to boot into Linux as the root

You are now in the special mode called the "Single-User Mode".

If prompted for the root password here, restart the system and in the previous step, append 'init=/bin/bash' after 'single'

  • Use 'passwd' to specify the new root password

I am sure that reading this procedure would have caused apprehensions in the minds of several readers about the security of their systems. Using this method, anybody can hack your system. So if you want to be careful and avoid such situations, you will need to restrict any modifications to the GRUB. This can be done by protecting the GRUB by using a password.

  • Open the shell prompt and login as the root
  • Use the 'grub-md5-crypt' command to get the MD5 hash of your GRUB password
  • Open '/boot/grub/grub.conf' and add 'password -md5 ' below the timeout field
  • Save and exit

From next time, if you want to edit the GRUB, you will have to press 'p' followed by the GRUB password. The downside of this is that there is an extra password for you to remember. Well, accessibility has always been a trade-off in security.

Note - Changing passwords of a system without proper permissions is unethical and illegal, which may lead to legal complications. So always follow a proper authorization channel before changing the passwords.

5 comments:

Anonymous said...

Nice one!!!

raghuveer said...

U shd have posted this long b4:x :@ nw no use 4 me hope ill use it in future !!!!

Unknown said...

most likely, you have also heard about the recover pdf files damaged

navya said...

I have read your blog its very attractive and impressive. I like it your blog.

.Net Training in Chennai | .Net Online Training | Dot Net Training in Chennai

Dot Net Online Training | LINQ Online Training

navya said...

I have read your blog its very attractive and impressive. I like it your blog.

.Net Training in Chennai | .Net Online Training | Dot Net Training in Chennai

Dot Net Online Training | LINQ Online Training