Root Passwords
I just learned how to change a root password on linux without knowing the original, and it was very easy. So I'm wondering now, what is the point in having a root password? If it's this easy to change then all it is a waste of my time to have to enter it when I need to make changes. I'm not particularly knowledgable with linux though, so maybe I'm missing something?
sacman wrote: which linux ? And how did you do it ? and what are the permissions of your account It works on most versions of linux. I was using fedora. It has nothing to do with account permissions, you dont even have to log in.
When you boot up the computer, when it gets to the screen where it's loading linux, press escape and it will take you to the boot options. Then navigate to the kernals line and edit it. You add the word 'single' to the end and hit enter. This will boot the computer in single user mode. Once it finishes booting, it will give you a prompt and you can just enter the 'passwd' command and it will ask you for a new root password. Then you can just enter 'exit' and login normally.
stdio wrote: Im wondering how this is any different then running a windows recovery cd, or switching the jumper on the motherboard to clear a bios password. Guess what? computers CAN in fact be exploited. Though passwords do keep idiots out of your machine (both locally and remotely). The difference is that the bios password doesnt protect sensative information. And that at least requires the computer to be opened (which would be difficult in my case since I'm using a laptop).
@deafcode - core 7
DeafCode wrote: cool im using 7 as well and i don't see where to do this exploit. i loaded the OS menu and got to the edit part but where do i add single? is at at the
kernel /vmlinuz-2.6.21-1.3194.fc7……. Yeah, you select that line with the arrow keys and press 'e' to edit. Then you just add 'single' to the end of what's already there and hit enter and just wait for the prompt (it'll be a command line thing, not a GUI).
ynori7 wrote: The difference is that the bios password doesnt protect sensative information. And that at least requires the computer to be opened (which would be difficult in my case since I'm using a laptop).
I would tend to differ, seeing is how this password requires you to enter it before it will even attempt to load the kernel, it is indirectly protecting the data on your computer.
Im referring to the password at boot up, not one that you only enter if you want to modify the bios btw.
Physical Security is one thing. In a security sense, the root password helps from remote attacks. If you get infected by linux malware or a drive-by browser attack, it can only run as your current user permission level, which shouldn't have permission to modify anything important. Also, if an attacker gained access to your system, they'd have to acquire root somehow in order to mess with much of anything.
It's also there as a warning. "Hey, if you modify the contents of this file, there's a chance you could fuck something up."
Fedora Cores contain 7 run levels. Here they are.
0 Halt - A system that has no daemons active in memory and is ready to be powered off.
1 Single User Mode - a system that has only enough daemons to allow one user to log in and perform system maintenance tasks. A user is automatically logged in to the system as the root user when entering Single User Mode.
2 Multiuser Mode - A system that has most daemons started and allows multiple users the ability to log in and use the system services.
3 Extended Multiuser Mode - A system that has the same abilities as Multiuser Mode, yet with all extra networking services started.
4 Not User - Normally not used, but can be customized to suit your needs.
-
Graphical Mode - A system that has the same abilities as Extended Multiuser Mode, yet with a graphical login program called GNOME Display Manager (gdm) started on tty78 that allows for graphical logins.
6 Reboot - A special runlevel used to reboot the system