root password

root password

[Ankit Jain]

hi

i have forgotten my root pasword. i had installed
redhat linux 9.0 kernel version 2.4 with grub loader.
if somebody can tell me how to change the password
without logging.

thanks

ankit


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

[Wei Zhang GR]

--- Ankit Jain wrote:
i have forgotten my root pasword.
--- end of quote ---

>i have forgotten my root pasword.

Boot in single-user mode and create a new root password.


How to boot in single-user mode:
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-rescuemode-booting-single.html

RE: root password

[Rajat Jain, Noida]

 
Pass the following command line option to kernel

"linux single"

The kernel will do minimal things, and give you a bash prompt. You'll be
having root priviledges here.

Go ahead and change the password.

> -----Original Message-----
> From: linux-newbie-owner@vger.kernel.org 
> [mailto:linux-newbie-owner@vger.kernel.org] On Behalf Of Ankit Jain
> Sent: Wednesday, March 30, 2005 12:46 PM
> To: admin
> Subject: root password
> 
> hi
> 
> i have forgotten my root pasword. i had installed redhat 
> linux 9.0 kernel version 2.4 with grub loader.
> if somebody can tell me how to change the password without logging.
> 
> thanks
> 
> ankit
> 
> 
> 		
> __________________________________
> Do you Yahoo!? 
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/
> -
> To unsubscribe from this list: send the line "unsubscribe 
> linux-newbie" in the body of a message to 
> majordomo@vger.kernel.org More majordomo info at  
> http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
> 


Disclaimer: 

This message and any attachment(s) contained here are information that is
confidential,proprietary to HCL Technologies and its customers, privileged
or otherwise protected by law.The information is solely intended for the
individual or the entity it is addressed to. If you are not the intended
recipient of this message, you are not authorized to read, forward,
print,retain, copy or disseminate this message or any part of it. If you
have received this e-mail in error, please notify the sender immediately by
return e-mail and delete it from your computer.

RE: root password

[Mike Turcotte]

Boot off of a Live CD like Gentoo, mount your root partition, chroot to
it, and clear the password field in you /etc/passwd file

Michael Turcotte
Information Systems
City of North Bay
200 McIntyre St. E
PO Box 360
North Bay, Ontario
P1B 8H8
 
Mike.Turcotte@cityofnorthbay.ca
http://www.cityofnorthbay.ca 

> -----Original Message-----
> From: linux-newbie-owner@vger.kernel.org [mailto:linux-newbie-
> owner@vger.kernel.org] On Behalf Of Ankit Jain
> Sent: Wednesday, March 30, 2005 2:16 AM
> To: admin
> Subject: root password
> 
> hi
> 
> i have forgotten my root pasword. i had installed
> redhat linux 9.0 kernel version 2.4 with grub loader.
> if somebody can tell me how to change the password
> without logging.
> 
> thanks
> 
> ankit
> 
> 
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/
> -
> To unsubscribe from this list: send the line "unsubscribe
linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

[Robin Doer]

Ankit Jain schrieb:

>hi
>
>i have forgotten my root pasword. i had installed
>redhat linux 9.0 kernel version 2.4 with grub loader.
>if somebody can tell me how to change the password
>without logging.
>
>thanks
>
>ankit
>  
>
Boot Linux from a CD. Knoppix for example, Radhat installation medium or 
whatever. If you have only one big partition it's quiet easy!

Mount your local partition (e.g. mount /dev/<xxx> /mnt/wherever) and 
chroot into it (chroot /mnt/wherever). And then "passwd" to change the 
password.

Hope it help!

Robin

Re: root password

[Manish Regmi]

On Tue, 29 Mar 2005 23:16:10 -0800 (PST), Ankit Jain
<ankitjain1580@yahoo.com> wrote:
> hi
> 
> i have forgotten my root pasword. i had installed
> redhat linux 9.0 kernel version 2.4 with grub loader.
> if somebody can tell me how to change the password
> without logging.
> 
> thanks
> 
> ankit

I hope you dont want this information to break into other's system. :)

If that is your system, you might have access to it during boot process.

1) On the Grub menu prompt, select the entry you are booting and type 'e'.
2) Add the letter '1' or 's' to the kernel parameter. (In entry with
kernel ......, type 'e').
3) Type enter and press 'b'.
4) Linux boots and leaves you to the shell. type 'passwd'.
5) Enter the new password and enjoy.

regards
manish

Re: root password

[terry white]

... ciao:

> i have forgotten my root pasword

   well boys and girls , whenever i see something like that, my immediate
solution is suggesting a "NEW" install.  servers two purposes
immediately.

   first , it tends to make 'remembering' the "ROOT" password easier.

   finally , it more or less assures it not a 'social engineering'
tactic.

   this pretty much a 'knee-jerk' reaction to such requests from 'email
only' domains ...


-- 
... i'm a man, but i can change,
    if i have to , i guess ...

Re: root password

[Jim C. Brown]

On Wed, Mar 30, 2005 at 04:57:32PM -0800, terry white wrote:
>    finally , it more or less assures it not a 'social engineering'
> tactic.
> 
>    this pretty much a 'knee-jerk' reaction to such requests from 'email
> only' domains ...
> 

Good advice, but for this example I don't think it is very applicable. A
determined cracker could simply use google to find that information, there is
no need to go to a mailing list to get this information. I take that back ... a
not-so-determined cracker would probably use google as well.

It is probably better to assume that the person asking really doesn't know
enough and needs help, as opposed to questioning said person's motives.

On the other hand your first reason (helps them to remember their root passwords
if they have to reinstall each time) is a very good one. ;)

-- 
Infinite complexity begets infinite beauty.
Infinite precision begets infinite perfection.

Re: root password

[Glynn Clements]

Ankit Jain wrote:

> i have forgotten my root pasword. i had installed
> redhat linux 9.0 kernel version 2.4 with grub loader.
> if somebody can tell me how to change the password
> without logging.

Add "init=/bin/sh" to the kernel's command line at boot time. Then it
will boot directly into a root shell.

However, if you've configured the boot loader to prohibit passing
arguments to the kernel (or if you've configured it to require a
password and have forgotten that as well), you'll need to boot from a
CD.

-- 
Glynn Clements <glynn@gclements.plus.com>

Re: root password

[Ankit Jain]

Thanks a lot for help.

i started the question not to hack any system but i
was curious to know that in linux its easy to change
the root passwd

in this case the authenticity is a problem. still it
can be changed by a boot CD even i think so u have
apasswd for boot loader. so in this case what should
be done? and also is there any other flaws which are
openly known i am not intrested to destruct any system
but want to know which is already known to ppl that if
root passwd can be changed any other way also?

thanks to all for helping me out

regards,

ankit
--- Ray Olszewski <ray@comarre.com> wrote:
> At 10:55 AM 4/1/2005 -0600, Eric Bambach wrote:
> >On Wednesday 30 March 2005 08:36 am, Ray Olszewski
> wrote:
> > > Any other suggestion of how to become root
> without knowing the root
> > > password is a technique for breaking into
> systems, and I (and I hope
> > > everyone else) will not give advice on that
> publicly, in this forum or
> > > anywhere else.
> >
> >I respectfully disagree. How will sysadmins ever
> know how to secure their
> >systems unless they know HOW break-ins occur.
> Certainly most hacking doesnt
> >come from boot CDs but having a more informed
> sysadmin is infinitely better
> >than one that only discovers how to make their
> system more secure *AFTER*
> >being broken into.
> >
> >What you are saying is that security through
> obscurity is good and there have
> >been countless rebuttals on just how horrible
> security though obscurity is in
> >99% of the situations. The only reason for S.T.O.
> is a company that found an
> >exploit and is giving lead-time to the vendor to
> patch their vulnerable
> >software.
> 
> I wasn't quite saying that, and I apologize if my
> abbreviated presentation 
> led you down that path. My reluctance was specific
> to this context, in 
> which someone was asking not how to secure a system,
> but how to become root 
> without knowing the root password. That it was his
> own system he wanted to 
> break into certainly is relevant, but, on a public
> list, it is not the only 
> consideration.
> 
> I do believe that sysadmins need to know how to
> secure thair systems. There 
> are plenty of sites on the Internet, and books and
> articles in print, that 
> offer this sort of help. And one can learn how to
> secure systems without 
> receiving detailed tutorials in how to exploit
> common holes (buffer 
> overflows, overprivileged daemons, weak passwords,
> and so on).
> 
> But I also believe that giving step-by-step
> instructions for how to break 
> into systems, on a list intended for beginners, is
> not the best way to make 
> this information public. That sort of help is a bit
> more than fighting 
> "security through obscurity" by identifying
> vulnerabilities, in my opinion 
> ... it amounts to tutoring crackers, something I
> personally do not care to 
> do. Particularly in the context of the actual
> question, which involved a 
> system that the poster (presumably) had physical
> access to, so could retake 
> control of with a rescue disk.
> 
> If you (and Tobias, and anyone else) feel
> differently, then you should act 
> on your beliefs and provide this sort of information
> on request, I suppose. 
> So I do apologize for the suggestion that my
> personal view here should 
> restrict what you and others do. Please feel free to
> provide any 
> information of this sort that you have, and be sure
> I will not criticize 
> you for doing so.
> 
> 
> -
> To unsubscribe from this list: send the line
> "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at 
> http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at
> http://www.linux-learn.org/faqs
> 


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Personals - Better first dates. More second dates. 
http://personals.yahoo.com

Re: root password

[Jim C. Brown]

On Sat, Apr 02, 2005 at 08:39:40PM -0800, Ankit Jain wrote:
> in this case the authenticity is a problem. still it
> can be changed by a boot CD even i think so u have
> apasswd for boot loader. so in this case what should
> be done?

Password on the bootloader will only stop those who are trying to get into
single user mode. In most cases, a boot CD will be loaded before the hard disk
is checked for a bootloader, and in that case the password protection would
be effectively bypassed.

If your bios supports it, you can turn on a CMOS password ... this is asked
the moment you turn your computer on from a cold boot, and must be entered
correctly before the bios will load any boot media (such as CDs, hard disks,
floppy disks, etc). However it is fairly easy to read the CMOS password on a
running system, and it can be erased by resetting the CMOS chip's battery.
So a determined person (such as a computer thief) will be able to bypass all 3
password protections.

There is the additional factor of password protecting your file systems (by
means of encryption) but this is not a trival undertaking (there is no single
'what command do i type' to do this, and unless this is a fresh install or you
have fresh backups there is the possibility of losing all your data in the
conversion if something goes wrong). And it only protects your data from being
read, a thief could still bypass CMOS password and load up bootCD to erase
everything on your disk.

> and also is there any other flaws which are
> openly known i am not intrested to destruct any system
> but want to know which is already known to ppl that if
> root passwd can be changed any other way also?
> 
> thanks to all for helping me out

I would recommend looking at linuxsecurity.com or the security advisorys on
linux.com

> 
> regards,
> 
> ankit
> --- Ray Olszewski <ray@comarre.com> wrote:
> > At 10:55 AM 4/1/2005 -0600, Eric Bambach wrote:
> > >On Wednesday 30 March 2005 08:36 am, Ray Olszewski
> > wrote:
> > > > Any other suggestion of how to become root
> > without knowing the root
> > > > password is a technique for breaking into
> > systems, and I (and I hope
> > > > everyone else) will not give advice on that
> > publicly, in this forum or
> > > > anywhere else.
> > >
> > >I respectfully disagree. How will sysadmins ever
> > know how to secure their
> > >systems unless they know HOW break-ins occur.
> > Certainly most hacking doesnt
> > >come from boot CDs but having a more informed
> > sysadmin is infinitely better
> > >than one that only discovers how to make their
> > system more secure *AFTER*
> > >being broken into.
> > >
> > >What you are saying is that security through
> > obscurity is good and there have
> > >been countless rebuttals on just how horrible
> > security though obscurity is in
> > >99% of the situations. The only reason for S.T.O.
> > is a company that found an
> > >exploit and is giving lead-time to the vendor to
> > patch their vulnerable
> > >software.
> > 
> > I wasn't quite saying that, and I apologize if my
> > abbreviated presentation 
> > led you down that path. My reluctance was specific
> > to this context, in 
> > which someone was asking not how to secure a system,
> > but how to become root 
> > without knowing the root password. That it was his
> > own system he wanted to 
> > break into certainly is relevant, but, on a public
> > list, it is not the only 
> > consideration.
> > 
> > I do believe that sysadmins need to know how to
> > secure thair systems. There 
> > are plenty of sites on the Internet, and books and
> > articles in print, that 
> > offer this sort of help. And one can learn how to
> > secure systems without 
> > receiving detailed tutorials in how to exploit
> > common holes (buffer 
> > overflows, overprivileged daemons, weak passwords,
> > and so on).
> > 
> > But I also believe that giving step-by-step
> > instructions for how to break 
> > into systems, on a list intended for beginners, is
> > not the best way to make 
> > this information public. That sort of help is a bit
> > more than fighting 
> > "security through obscurity" by identifying
> > vulnerabilities, in my opinion 
> > ... it amounts to tutoring crackers, something I
> > personally do not care to 
> > do. Particularly in the context of the actual
> > question, which involved a 
> > system that the poster (presumably) had physical
> > access to, so could retake 
> > control of with a rescue disk.
> > 
> > If you (and Tobias, and anyone else) feel
> > differently, then you should act 
> > on your beliefs and provide this sort of information
> > on request, I suppose. 
> > So I do apologize for the suggestion that my
> > personal view here should 
> > restrict what you and others do. Please feel free to
> > provide any 
> > information of this sort that you have, and be sure
> > I will not criticize 
> > you for doing so.
> > 
> > 
> > -
> > To unsubscribe from this list: send the line
> > "unsubscribe linux-newbie" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at 
> > http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at
> > http://www.linux-learn.org/faqs
> > 
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Yahoo! Personals - Better first dates. More second dates. 
> http://personals.yahoo.com
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

-- 
Infinite complexity begets infinite beauty.
Infinite precision begets infinite perfection.

Re: root password

[Grant Coady]

On Sat, 2 Apr 2005 20:39:40 -0800 (PST), Ankit Jain <ankitjain1580@yahoo.com> wrote:

>i started the question not to hack any system but i
>was curious to know that in linux its easy to change
>the root passwd

>in this case the authenticity is a problem. still it
>can be changed by a boot CD even i think so u have
>apasswd for boot loader. so in this case what should
>be done?

Startup password for machine in BIOS, disable boot from 
removable media in BIOS.  The truly paranoid may have an 
encrypted filesystem with say a smart card hold the keys.

>         and also is there any other flaws which are
>openly known i am not intrested to destruct any system
>but want to know which is already known to ppl that if
>root passwd can be changed any other way also?

Not flaws as such -- if there is physical access to 
computer it is not secure.  That's why fileservers live 
in locked machine rooms.  

You see that past a certain point, software security 
cannot help?  But they come close in large systems where 
user data is held on network server -- start the machine 
but cannot access private data until login.

Cheers,
Grant.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

[Glynn Clements]

Ankit Jain wrote:

> i started the question not to hack any system but i
> was curious to know that in linux its easy to change
> the root passwd

It's easy *if* you have physical access to the machine. But in that
situation, you could just remove the hard drive and take it home. Or
install a keystroke logger into the keyboard to capture the root
password.

If an attacker can get physical access to the system, you lose.

-- 
Glynn Clements <glynn@gclements.plus.com>

Re: root password

[Scott Taylor]

Ankit Jain said:
> Thanks a lot for help.
>
> i started the question not to hack any system but i
> was curious to know that in linux its easy to change
> the root passwd

It is only "easy" if you have access to the server.

> in this case the authenticity is a problem. still it
> can be changed by a boot CD even i think so u have
> apasswd for boot loader. so in this case what should
> be done?

Lock your server room tight?  Don't let people access to your servers?

> and also is there any other flaws which are
> openly known i am not intrested to destruct any system
> but want to know which is already known to ppl that if
> root passwd can be changed any other way also?

What makes you think this is a flaw?  I guess you could reinstall the
operating system to change your root password. LOL

--
Scott