CentOS (22nd)-change Root User Password in single user mode CentOS (211-linux system startup details

In the previous article, I explained in detail the Linux system startup process (CentOS (21), a detailed explanation of Linux system startup). We know that there are 6 levels of Linux system startup levels, you can see the following in the/etc/inittab file:

[root@xiaoluo ~]# cat /etc/inittab# inittab is only used by upstart for the default runlevel.## ADDING OTHER CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.## System initialization is started by /etc/init/rcS.conf## Individual runlevels are started by /etc/init/rc.conf## Ctrl-Alt-Delete is handled by /etc/init/control-alt-delete.conf## Terminal gettys are handled by /etc/init/tty.conf and /etc/init/serial.conf,# with configuration in /etc/sysconfig/init.## For information on how to write upstart event handlers, or how# upstart works, see init(5), init(8), and initctl(8).## Default runlevel. The runlevels used are:#   0 - halt (Do NOT set initdefault to this)#   1 - Single user mode#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)#   3 - Full multiuser mode#   4 - unused#   5 - X11#   6 - reboot (Do NOT set initdefault to this)# id:5:initdefault:

Here we can see that the default startup level of the system is 5, that is, the one with a graphical interface.

However, this problem may occur in real life. We may have forgotten the root password of a host, but we need to log on to the system as a root user to handle some issues, what should we do at this time? We can see that there is a single-User Startup Mode in the Linux Startup level, that is, the startup Level 1. If we forget the root user's secret but need to change the root password, at this time, we will pass a parameter 1 or single to the system kernel at startup to tell the kernel that I need to log on to the operating system in single-user mode, in this case, we can use the passwd command to reset the password of the root user. What is the specific operation? We have a picture !!

First, restart our system (Here We Are CentOS), and then let it stop when the interface is started, just click a key on the keyboard, the Operating System Configuration Guide page is displayed.

 

Remember the previous article/Boot/grub. confIs the first title field in this file? Yes, every title is an operating system configuration option. Here we only have one, that is, the one shown in the image above. If there are multiple title fields, here, we will list different operating systems for us to choose.

Okay. The following English prompt showsEEnter the editing page.

 

Are you familiar with this interface? That's right. The three options are ours./Boot/grub. confThe configuration information in the file. Let's look at the content of this file:

[root@xiaoluo ~]# cat /boot/grub/grub.conf# grub.conf generated by anaconda## Note that you do not have to rerun grub after making changes to this file# NOTICE:  You do not have a /boot partition.  This means that#          all kernel and initrd paths are relative to /, eg.#          root (hd0,1)#          kernel /boot/vmlinuz-version ro root=/dev/sda2#          initrd /boot/initrd-[generic-]version.img#boot=/dev/sdadefault=0timeout=5splashimage=(hd0,1)/boot/grub/splash.xpm.gzhiddenmenutitle CentOS (2.6.32-358.el6.x86_64)        root (hd0,1)        kernel /boot/vmlinuz-2.6.32-358.el6.x86_64 ro root=UUID=6e24ec7a-2d19-466e-bacc-92750b1f4bef rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet        initrd /boot/initramfs-2.6.32-358.el6.x86_64.img

In this case, we need to move the cursor to the second option, that is, the Linux kernel, and pressEEnter the editing page. At this time, we can append parameter 1 or single to tell the Linux kernel. I need to log on to the system in single-user mode.

Then press enter to go to the upper-layer interface. PressBThe key is to start the operating system. At this time, our Linux operating system is logged on in single-user mode. We found that the system quickly entered the interface in command line mode, because the single user mode does not start any service, and does not need to enter the root password, you can directly access the root user, and then reset the password of our root user through the passwd command.

 

Then we can exit the single-user mode through the exit command. At this time, the operating system kernel will start based on the default startup level set in the/etc/inittab configuration file we have seen earlier.

In this way, you can modify the root user password by appending parameter 1 or single in the Kernel Parameter during GRUB boot.

However, please note that the above operation only requires a single user mode to modify our root user password, so once someone else has the opportunity to access our server host, the password of the root user is easily changed by others. This is of course very insecure, so we still need to enable a password protection through GRUB encryption.

Add the following code to the/boot/grub. conf STARTUP configuration to encrypt grub:

password --md5 $1$6H92B1$PzoPV63kTMk4uEhZQTAZ//

The next string is the MD5 encryption algorithm.Grub-md5-cryptThis command is used to generate an encrypted algorithm.

[root@xiaoluo ~]# grub-md5-crypt Password: Retype password: $1$UGA2B1$DriIdrVTEgVg95fHHX4H./[root@xiaoluo ~]# 

In the above Password and Retype password, enter the Password we need to set, and then generate the MD5 algorithm-encrypted password. We will add the encrypted Password

/Boot/grub. conf:

[root@xiaoluo ~]# vi /boot/grub/grub.conf password --md5 $1$UGA2B1$DriIdrVTEgVg95fHHX4H./# grub.conf generated by anaconda## Note that you do not have to rerun grub after making changes to this file# NOTICE:  You do not have a /boot partition.  This means that#          all kernel and initrd paths are relative to /, eg.#          root (hd0,1)#          kernel /boot/vmlinuz-version ro root=/dev/sda2#          initrd /boot/initrd-[generic-]version.img#boot=/dev/sdadefault=0timeout=5splashimage=(hd0,1)/boot/grub/splash.xpm.gzhiddenmenutitle CentOS (2.6.32-358.el6.x86_64)        root (hd0,1)        kernel /boot/vmlinuz-2.6.32-358.el6.x86_64 ro root=UUID=6e24ec7a-2d19-466e-bacc-92750b1f4bef rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet        initrd /boot/initramfs-2.6.32-358.el6.x86_64.img

At this time, we will restart the system again and try to go to GRUB to see it,

0

We found that the following English prompt has changed. You can pressEKey to go to GRUB, and now pressEThe key is no longer used. Now we are prompted to pressPKey to enter the GRUB Password.

 

In this case, enter the previously set GRUB Password, and then the interface will go to the familiar GRUB modification page.

So we can use the GRUB encryption algorithm to encrypt the access to GRUB, so as to prevent others from maliciously entering the single-user mode and thus change the root password !!

Of course, if we forget the GRUB secret and forget the root password, we can't log on to the root user ....

 

This article mainly records how to modify the password of the root user in single-user mode, and encrypt the access to grub by setting the MD5 encryption algorithm of grub, this restricts the easy access of others to the single-user mode. In the future study of Linux, we will continue to record the experience of learning Linux !!!!

You can clickBottom right cornerTo evaluate the content of the article.Follow buttonTo follow the latest developments in my blog. If the article content is helpful to you, do not forget to clickRecommendation buttonIf you have any questions about the content of the article, you can contact me by comment or by email: 501395377@qq.com/lzp501395377@gmail.com