[security] lost root password.

[rosskevin]

So I've done the unthinkable . Actually, my (production) gentoo box has been up so long and setup properly so I log in with my username, that I've just plain forgotten the root password.

Is it true that if I have physical access, that I can reset the password? Could someone point me to a doc or outline the procedure?

Thanks
_________________
I'm just a java guy...

[compu-tom]

boot from a rescue system, mount the hd, then edit /mnt/gentoo/etc/shadow and delete the password hash between the colons.

Then, reboot and login with the empty password. Assign a new password.

That's it

[darktux]

If you get physical access to the box, then boot with Gentoo's LiveCD, mount the partitions, do the chroot thing, and then do passwd and set a new password.

There ya go
_________________
Lego my ego, and I'll lego your knowledge

www.tuxslare.org - My reborn website

[neilhwatson]

If you boot to single user mode you become root without needing the password. Then use passwd to reset.
_________________
The true guru is a teacher.
Neil Watson

[dermot]

And remember: sudo is your friend.
_________________
Dermot

I bought some rock star ashes from the back of Rolling Stone
I don't think he would've minded - he couldn't sell his soul

[Vancouverite]

Here is the procedure to reset roots password.

1) Append: init=/bin/bash to your kernel options by editing your bootloader entry and boot it. This will give you a root shell.
2) Remount / read/write with: mount -o remount,rw /
3) Set roots password with: passwd
_________________
Screenshot

[puggy]

Fuck me. I think i'll be installing a grub password to stop that being able to happen.

Puggy
_________________
Where there's open source , there's a way.

[bsolar]

[compu-tom]

Don't forget to assign a BIOS password and to disable CD or Floppy booting (remove them entirely). BTW: The safest way is put the computer away, out of reach for anybody

[bsolar]

[metacove]

If it's 2.4.19 and below and you have a shell account you can use a ptrace exploit

[puggy]

Would encrypting the file system slow things down a lot due to encryption/de-cryption having to occur all the time?

Puggy
_________________
Where there's open source , there's a way.

[Vancouverite]

[puggy]

hmm. I seems the only way to be secure is put you computer in a big steel box to which only you have the key.

Cheers on the crypto thing. Ever since reading the cryptonomicon I've wanted to encrypt something for a reason.

Puggy
_________________
Where there's open source , there's a way.

[easykill]

[Orange]

[Jeld]

Being in the computer security business for a while, I can only say this. Rule #1 Client-side security doesn't work.

In this case, it means that if a person with malicious intent gets phisical access to the computer there is nothing you can do to stop him/her from accessing your data. The only thing you can do is make them sweat a lot while doing it.

To this there is a side note. You can make system secure emnough to be not worth breaking. For example, if you encrypt your file system using strong crypto, make a 4096 bit key to unlock it, store it on a keychain USB device and carry it with you at all times, a person who got access to your system will still be able to get to your data, but if the data consists of your collection of mp3s then the effort required to get to it will be much more then the data is worth, since it will involve either using supercomputers and teams of cryptographers or taking the USB device from your dead body

On the other side ( of the side note ) the more security measures you take to protect a system the more difficult your system becomes for regular use. One of the effects of tightening the computer security is that at some point of tightening it the security starts to actually weaken because of the human factor. For example, for security purposes, one can install kerberos, disable permanent passwords and issue a one-time password every time one logs in to the system, since password changes every login, the password security becomes very high until somebody starts writing his one time passwords on sticky notes since he/she cannot memorize a new password every day.

So, the moral of this narrative is, whatever you do you lose
_________________
package JAPH;sub x{$/='$';@1=map{$_=ord;$_--;chr}
split//,<DATA>;@2=map{$_=ord;$_++;chr}split//
,<DATA>;$_=sub{$.++%2?shift@2:shift@1};bless$_;}
1;$x=JAPH->x;for(1..25){print&$x,;}__DATA__
Kt!ouf!fmIdf"$ts@ngqOq`jq

[rosskevin]

[karl420]

You could su in ssh before?

[Deathwing00]

I have a more hacker idea (also totally inefficient!!!). Use john (johntheripper)... nice to go back to those nice times.

[rosskevin]

yes, I could su from ssh before.
_________________
I'm just a java guy...

[karl420]

LOL, yeah jacktheripper and a big-a*s wordfile that took you 48 hours over a 14.4 modem to download!

Ah, the good old days.
Karl

[karl420]

Whoa, no kidding, you are from Franklin! WOW!

I live in Nashville, but I work in Franklin at Franklin Dishworks and Computer, as a computer technician, and sysadmin of a few unix boxen. If you ever want to come down and check the place out, give me an email! karl@stonedpenguin.com

Karl