Locked out - using various system recovery options to reset the password
There are 2 main approaches to changing a password, using
passwd or altering
/etc/shadow. A backup is created by
/etc/shadow-, so this can be copied back too. Using the
passwd command is preferable because the actions it takes might change in the future.
If you use encrypted volumes caution is required. A lost password might be recovered using cracking software like
john-the-ripper, but this works by unencrypting the password from the information in
/etc/shadow so changing these could be a big mistake.
Depending on how rescue mode and sulogin have been set up, rescue mode could give you a root shell without a password being required. 3 methods of gaining a root shell early in the boot process by editing the kernel command line. After BIOS completes a Grub menu is shown, if it isn't then it might be possible to persuade it to be visible by some means. Press the down arrow to select advanced options. Then with the usual kernel entry (usually the entry at the top) highlighted press e to edit it. Move the cursor with the arrow keys down to the line below the one starting:
Move the cursor back to the end of that line and add this:
Then following the onscreen Grub instructions press F10 to boot. Adding
dracut to boot to an initramfs root shell early in the boot sequence. There are a minimal set of facilities in / and the usual / partition on the hard drive is mounted read only in /sysroot. To reset the password and continue the boot to the usual environment:
mount -o remount,rw /sysroot /sysroot/usr/bin/passwd root Enter new password as directed by passwd dialogue cd / /sysroot/bin/sync mount -o remount,ro /sysroot /sysroot/bin/sync exec /sysroot/sbin/init 016
It's also possible to bind the VFS and
chroot to /sysroot:
mount -l findmnt mount -o remount,rw /sysroot for d in dev sys run proc; do mount --bind /$d /sysroot/$d; done chroot sysroot passwd Enter new password as directed by passwd dialogue exit for d in dev sys run proc; do umount -R /sysroot/$d; done /sysroot/bin/sync mount -o remount,ro /sysroot /sysroot/bin/sync exec /sysroot/sbin/init
Init needs to be PID1 so
exec is required as the terminal is PID1,
exec replaces the process with the new one.
cd / isn't needed if you're there already.
Or append one of these to the kernel command line to get a root shell slightly later in the boot process:
The most user friendly shell environment is
bash, with autocomplete, history, better command prompt editing and general behaviour. These give a more familiar rescue mode type environment with a root shell and everything in / as usual, although
rd.break could provide more flexibility for problematic file system arrangements.
mount -o remount,rw / passwd cd / sync mount -o remount,ro / sync exec /sbin/init
Using a Void Linux installation image as a rescue disk.
Boot to the desktop using load to RAM if possible. Open a terminal. Identify the drive partition(s) that need to be mounted:
sudo fdisk -l lsblk
In this example
/dev/sda1 contains everything except swap. The partition is formatted as ext4. It's a BIOS MBR and doesn't use LVM or RAID. Extra steps could be required for more complex setups.
Mount the partition on
/mnt and use the
passwd on the recovery disk, then shutdown after unmounting and remove the rescue disk.
sudo mount -t ext4 /dev/sda1 /mnt sudo passwd -R /mnt root sudo umount /mnt
Use the passwd on the target drive using chroot. This approach could be required if LVM is used.
Mount the partition and bind the various virtual file systems to create a fully operational environment. Leave the rescue disk environment and
chroot into the target OS. This starts a root shell using
sh. While not essential for this simple task, a more user friendly shell can be easily set up. Switch to
bash as the shell and set up the usual environment variables with
/etc/profile. Change the password, exit the
bash shell, exit the
chroot, and unmount everything.
sudo mount -t ext4 /dev/sda1 /mnt for d in dev sys run proc; do sudo mount --bind /$d /mnt/$d; done sudo chroot /mnt bash source /etc/profile passwd root exit exit sudo umount --recursive /mnt
umount can fail due to a process still using some file inside
/mnt. Closing the terminal window in the rescue image desktop and opening a new one might fix this. The
kill commands could be used too. The above sequence completed without problems. The directories which are attached using
mount --bind are from the rescue image, changes made to these inside the
chroot would persist outside.
This entry shows the root account with a locked password, there is an exclamation mark in the first field :!:
This entry shows root with an encrypted password
A user password can be utilised if one is set up to regain root access. Copy the encrypted field for the user password to the root entry after deleting ! and the user password will work for root. Deleting the ! and leaving the password field empty will render the account passwordless but this is a bad idea. If any malware is present this allows it to gain and keep full access, regardless of how fast the password is reinstated.
The passwd command creates a backup of
/etc/shadow- which can be copied back. When editing
/etc/shadow you might need to alter the file permissions to make it writable and change it back afterwards:
ls -l /etc/shadow -r-------- 1 root root 247 May 7 14:11 /etc/shadow sudo chmod u+w /etc/shadow ls -l /etc/shadow -rw------- 1 root root 247 May 7 14:11 /etc/shadow sudo chmod u-w /etc/shadow ls -l /etc/shadow -r-------- 1 root root 247 May 7 14:11 /etc/shadow
This wasn't required using:
sudo nano /etc/shadow
BIOS security password
Many BIOS's include an option to set a supervisor and user password. These can be reset via a hardware specific unmarked jumper on the motherboard or in the BIOS menu if access is still possible. If no option to remove the password is available, it might be rendered passwordless again by selecting reset, then just press enter. These can be used to selectively lock the BIOS menu and other actions like booting the computer.
In the BIOS menu you will probably find you can set a password on the hard drive. This may require a data recovery specialist to unlock it, replacing the drive might be more cost effective. Possibly this could also be reset as above if suitable information could be found.