Arch linux no root password

Arch linux no root password

A subreddit for the Arch Linux user community for support and useful news. Locked in protest at the 3rd party apps situation. Please do NOT send join requests or message the mods to join, they will be ignored and archived.

For a long time Arch Linux allowed root login without password by default. I find it convenient, because you won’t be locked out before you configure it. And because there is no password, network login and things like su are not allowed, so there is no immediate risk.

That changed recently. Now root login is disabled by default . The commit message says that the change was suggested to security@archlinux.org , but does not provide reasoning behind it. I want to know why it was changed, as well as why it was allowed previously. Also, why removing root password “is not recommended”? In a lot of my Linux installations (in VM, container, external drive), passwordless root makes perfect sense and is better than having a default root password like in Arch Linux ARM.

I can see one upside in the new default: it takes care of users who configured root access via sudo and forgot to protect direct root login. However, sometimes you do need direct root login. For example, when there is a problem during boot, systemd may require real root password. So you’d think you configured everything correctly, but one day you’ll find yourself locked out.

By the way, this is inconsistent with mkinitcpio behavior: if something goes wrong before mounting root FS, you get root shell without password, and it is not even configurable, AFAIK.

Источник

Reset lost root password (Русский)

Состояние перевода: На этой странице представлен перевод статьи Reset lost root password. Дата последней синхронизации: 13 октября 2021. Вы можете помочь синхронизировать перевод, если в английской версии произошли изменения.

Читайте также:  Linux usr bin host

На этой странице вы сможете узнать, как сбросить забытый пароль суперпользователя. Существуют несколько способов, которые могут вам в этом помочь.

Важно: Недобросовестный пользователь может использовать указанные здесь методы для получения доступа к вашей системе. Неважно, насколько операционная система защищена от атак и как хороши ваши пароли: имея физический доступ к компьютеру, любой сможет это сделать, если вы, конечно, не выполните шифрование хранимых данных.

Через sudo

Если у вас есть установленный sudo и настроен доступ для группы wheel или для пользователя, чей пароль вы помните, вы можете сменить пароль root с помощью команды sudo passwd root .

Через отладочную консоль

  1. Добавьте параметр ядра systemd.debug_shell .
  2. Система загрузится как обычно, но запустит службу debug-shell.service , которая запустит командный интерпретатор ( /bin/sh ) на консоли tty9 . Нажмите Ctrl+Alt+F9 чтобы перейти в неё.
  3. Используйте команду passwd для установки нового пароля суперпользователя.
  4. После завершения остановите debug-shell.service .

Используя bash в качестве init

  1. Добавьте параметр ядра init=/bin/bash в настройках вашего загрузчика.
  2. Сейчас ваша корневая файловая система смонтирована только для чтения, поэтому перемонтируйте ее на чтение-запись командой mount -n -o remount,rw / .
  3. Используйте команду passwd для установки нового пароля суперпользователя.
  4. Перезагрузитесь с помощью команды reboot -f и не забудьте свой пароль снова!

Примечание: Некоторые клавиатуры не распознаются должным образом при загрузке bash из GRUB, и вы не сможете ничего ввести в консоли. В этом случае вам остается лишь использовать другой способ.

При помощи LiveCD

С загрузочным диском у вас есть два варианта: войти в сеанс chroot и использовать команду passwd , либо очистить запись с паролем в файле паролей напрямую. Вы можете использовать любой загрузочный диск на основе Linux, хотя для chroot необходимо, чтобы архитектура LiveCD совпадала с архитектурой установленной системы. Здесь мы приведем лишь способ сброса пароля при помощи chroot, так как ручное редактирование файла паролей представляет значительно больший риск.

chroot

  1. Загрузитесь с LiveCD и смонтируйте корневой раздел вашей основной системы.
  2. Используйте команду passwd —root ТОЧКА_МОНТИРОВАНИЯИМЯ_ПОЛЬЗОВАТЕЛЯ для установки нового пароля (старый пароль запрошен не будет).
  3. Размонтируйте корневой раздел.
  4. Перезагрузитесь и введите новый пароль.

Смотрите также

Источник

Reset lost root password

This guide will show you how to reset a forgotten root password. Several methods are listed to help you accomplish this.

Warning: An attacker could use some of the methods mentioned below to break into your system. No matter how secure the operating system is or how good passwords are, having physical access amounts to loading an alternate OS and exposing your data, unless you use data-at-rest encryption.

Using sudo

If you have installed sudo and have configured permissions for either the wheel group or a user whose password you recall, you can change the root password by running sudo passwd root .

Читайте также:  Samba server in linux mint

Using the debug shell

  1. Append systemd.debug_shell to the kernel parameters.
  2. This will do a normal boot but start debug-shell.service which runs a root shell ( /bin/sh ) on tty9 . Press Ctrl+Alt+F9 to access it.
  3. Use the passwd command to create a new password for the root user.
  4. When done, stop debug-shell.service .

Using bash as init

  1. Append the init=/bin/bash kernel parameter to your boot loader’s boot entry.
  2. Your root file system is mounted as read-only now, so remount it as read/write: mount -n -o remount,rw / .
  3. Use the passwd command to create a new password for the root user.
  4. Reboot by typing reboot -f and do not lose your password again!

Note: Some keyboards may not be loaded properly by the init system with this method and you will not be able to type anything at the bash prompt. If this is the case, you will have to use another method.

Using a LiveCD

With a LiveCD a couple methods are available: change root and use the passwd command, or erase the password field entry directly editing the password file. Any Linux capable LiveCD can be used, albeit to change root it must match your installed architecture type. Here we only describe how to reset your password with chroot, since manual editing the password file is significantly more risky.

Change root

  1. Boot the LiveCD and mount the root partition of your main system.
  2. Use the passwd —root MOUNT_POINTUSER_NAME command to set the new password (you will not be prompted for an old one).
  3. Unmount the root partition.
  4. Reboot, and enter your new password.

See also

Источник

Arch Linux

I noticed that I can log on as root via getty without any password!

The root account was secured via passwd -d

I’m safe from SSH attacks (no root login AND no blank passwords). but this seems pretty serious nonetheless.
Does anyone know the proper way to secure the root account? I want to disable the root password completely, so that the only way to log in as root would be via something setuid such as sudo.

Fedora believes in «software freedom» — that is, restricting user software choices to those deemed appropriately licensed by The Powers That Be.
Arch believes in «freedom», as well — the user has control over his or her system and can do what he wants with it.
https://fedoraproject.org/wiki/Forbidden_items | https://wiki.archlinux.org/index.php/The_Arch_Way

#2 2014-04-07 02:55:15

Re: No root password

You’ll have to use «passwd -l» to lock the account. getty allows login without a password if none is set. Or set a very long password with many special characters like

~Hy3D?kLKX:vchW[6_@DGf=pn_V$;$Tg3$TfXY##S$m5SUr$#9=.~gY8jKFZ@6)FW+y+4Z5G!cCSS?#$hk55@X^XgF8GKHMCq3L,s?#qV$(h`)TE"gPQdT

Last edited by progandy (2014-04-07 02:57:24)

#3 2014-04-07 02:59:30

Re: No root password

You’ll have to use «passwd -l» to lock the account. getty allows login without a password if none is set. Or set a very long password with many special characters like

~Hy3D?kLKX:vchW[6_@DGf=pn_V$;$Tg3$TfXY##S$m5SUr$#9=.~gY8jKFZ@6)FW+y+4Z5G!cCSS?#$hk55@X^XgF8GKHMCq3L,s?#qV$(h`)TE"gPQdT

One question: I just found the same solution on the wiki, but why does it say that Arch Linux is not fine-tuned to work with the root account locked? What problems might arise?

Читайте также:  Http сервер для linux

Источник

Arch Linux

I’ve installed arch+gnome but probably forgot to set root password and now I can only log as a regular user. Is there a way around this?

Last edited by ForeverNoob (2009-08-21 13:36:16)

#2 2009-08-21 10:08:23

Re: Empty root password [Solved]

I would just reinstall to save headaches. If it’s just a clean install it’s no biggy.

which would you choose: A god that never answers you or a society that embraces you?

#3 2009-08-21 10:11:03

Re: Empty root password [Solved]

Shouldn’t you be able to log into a terminal as root and leave the password blank as it is when you first start an installation? If so you can do a «passwd root» (i think).

Long live the Organization for the Organized.

Ich möchte die Tomatensuppe!

#4 2009-08-21 10:18:21

Re: Empty root password [Solved]

boot from a liveCD, mount the appropriate drives, chroot into it and set root passwd

#5 2009-08-21 10:21:40

Re: Empty root password [Solved]

http://wiki.archlinux.org/index.php/Password_recovery would be the appropriate wiki page to solve your issue

When everything’s coming your way, you’re in the wrong lane I say.
FAQ / Beginners Guide / The Arch Way

#6 2009-08-21 10:24:22

Re: Empty root password [Solved]

Shouldn’t you be able to log into a terminal as root and leave the password blank as it is when you first start an installation? If so you can do a «passwd root» (i think).

Tried to log into terminal as root, but it wouldn’t let me. «passwd root» says «You may not view or modify password information for root».

#7 2009-08-21 10:26:10

Re: Empty root password [Solved]

I would just reinstall to save headaches. If it’s just a clean install it’s no biggy.

Will do that if everything else fails. It’s only a clean install on a vmware machine, so nothing will be lost (except for a few hours of packages downloaded).

#8 2009-08-21 10:30:57

Re: Empty root password [Solved]

what about «sudo passwd root»?

Long live the Organization for the Organized.

Ich möchte die Tomatensuppe!

#9 2009-08-21 12:06:33

Re: Empty root password [Solved]

boot in init 1
enter
passwd
provide new root password

#10 2009-08-21 13:35:53

Re: Empty root password [Solved]

boot in init 1
enter
passwd
provide new root password

hope this will help

Great! that worked. Thanks a lot.

Источник

Оцените статью
Adblock
detector