NOTICE: I just want to make it clear that this HOWTO is for System Administrators or home users that know that one of the most important aspects of I.T. security, is to restrict physical access to any critical server. Backup your passwords, use bios and grub passwords, have security pass access to your server rooms and cameras installed. This will prevent malicious users from damaging/cracking your machines.
THIS IS NOT A GUIDE TO CRACKING LINUX SERVERS AND WILL NOT WORK IF THERE IS A GRUB OR BIOS PASSWORD.
Today I received a call from one of my clients with the age old problem of, "I haven't used this server is ages, and I've forgotten the root password". Well, all is not lost!!
Really, he should have had a grub password and a bios password, but that is for another Howto :-)
This is a simply matter to reset. Luckily my client had a bootable system and was able to log in as a normal user, which meant there were no other problems apart from the forgotten root password.
Now for the good part. All we needed to do was add a 1 or single parameter to the kernel line in /boot/grub/grub.conf:
title Suretec Systems Ltd. (2.6.3-rc2-suretec) root (hd0,0) kernel /vmlinuz-2.6.3-rc2-suretec ro root=LABEL=/ hdc=ide-scsi hdd=ide-scsi 1 or single initrd /initrd-2.6.3-rc2-suretec.img1 is for runlevel 1 and single is for single user mode, which is runlevel 1, so use either one (remember to put a space between the last parameter and the new one).
You can add this line by pressing any key on the grub boot menu to stop the boot sequence, then press 'e' for edit and then add the word/number, and then 'b' to boot the system.
It was pointed out to me by Stuart Shapiro, that you can just press 'a' to append a parameter straight onto the end of the kernel line, so instead of 'e', press 'a' and add single or 1, then 'b' to boot. Then once booted into runlevel 1, to get back to your default runlevel, 3 or 5 (non-graphical or graphical) press ctrl-D or simply type:
telinit 5(or 3 for non-graphical). Thanks again, Stuart.
You should now have a /bin/sh prompt. To confirm you are root, type id which should give uid=0(root) gid=0(root) and the rest of roots groups. Then type:
passwdand type your new password!!!
You can see how easy this is to do, so in a server environment, servers should be locked in the I.T. room, with bios/grub passwords, and the passwords should be stored in a safe, also with an offsite copy.
Well, that's it for now. For any comments or corrections, please e-mail me.