CentOS Single-user mode: Change root password and grub encryption

Source: Internet
Author: User
Tags md5 encryption network function

CentOS Single User mode: Modify root password and GRUB encryption Centoslinux Network application configuration Management application Server

When the Linux system is in a normal state, the server host (or reboot) will be able to boot the Linux system to multi-user mode automatically by the system bootloader program and provide normal network service. If system administrators need to perform system maintenance or system startup exceptions, they need to go into single-user mode or Repair mode to manage the system. One of the prerequisites for using single-user mode is that your system boot (GRUB) will work properly, or you will need to use Repair mode for system maintenance. Special Note: Enter single user mode, no network service is turned on, remote connection is not supported

The different operating levels (run level) in a Linux system represent the different operating states of the system, such as running Level 3 when the Linux server is running normally, multi-user mode capable of providing network services, and running level 1 allowing only administrators to operate through a single console of the server host, i.e. " Single-user mode.

Take CentOS for example:

Enter single-user mode

The prerequisite for entering single-user mode is that the system boot works correctly. In the following example, GRUB is used to illustrate the entry method. In the GRUB boot menu, there are "a", "E" and "C" three operating buttons, which can be accessed in single-user mode using these three keys.

Method 1 Use the "a" Operation button to enter single-user mode------recommended: simple Operation

This is the quickest way to enter single-user mode. In the GRUB boot menu, use the "a" button to edit the kernel parameter, enter single at the end of the line, to tell the Linux kernel that the subsequent boot process needs to enter the one-user mode, enter.

Method 2, use "E" Operation button to enter the single user mode

In the GRUB boot menu, use the "E" action button to enter the CentOS boot menu to the interface , moving the cursor to the "kernel" configuration item line.

Position the cursor to the Kernel menu item

Press the "E" key to edit the "kernel" menu item and enter single at the end of the line to tell the Linux kernel that subsequent boot processes need to be entered in one-user mode.

Change Kernel/vmlinuz-2.6.18-53.el5 ro root=/dev/volgroup00/logvolroot to Kernel/vmlinuz-2.6.18-53.el5 ro root=/dev/ Volgroup00/logvolroot Single

After changing, press ENTER to return to the CentOS boot menu item interface.

Finally, press "B" key to start the single user mode using the changed CentOS boot menu item.

Method 3, use "C" Operation button to enter the single user mode

This is the most troublesome way to enter single-user mode, which is typically not used in single-user mode, which is designed to familiarize yourself with the GRUB command-line interface operations. Use the "C" action key in the Grub boot menu to enter the GRUB command line interface. Use root under GRUB, kernel (enter single at the end of the line), INITRD command to specify the startup parameters, and finally use the boot command to boot to the one-user mode.

Entering single-user mode from the GRUB command line interface


After entering single-user mode

When the system enters the single user mode, does not need to enter the user name and the password, after the system boot completes will obtain the administrator root directly, the console prompt is "#",

Console interface in single-user mode

It is critical to have a message in the startup message above:
remounting root filesystem in Read-write Mode:[ok]

Indicates that the root file system in single-user mode is in a readable writable state at this time. Only the root file system is read-write and system administrators can maintain the system. If the system configuration and script file errors, single user mode root file system into the "Read-only file system" read-only state, at this time, you can use the following command to re-mount the root file system read and write:

sh-3.1 # mount-o remount rw-t ext3/

When the Linux system enters single-user mode, since any network service and network configuration (network interface is not valid) has been stopped, no one else (over the network) will interfere with the system's operational status, and administrators can safely perform system-level maintenance operations on the Linux system. In single-user mode, Linux system is a full-featured operating system in addition to the network function. The following maintenance and management tasks can be performed in single-user mode:

    • Reset Super User Password
    • Maintain system partitioning, LVM and file systems, etc.
    • Backup and recovery of the system

A typical application of single-user mode is the "password setting" of the root user. For some temporarily used or experimental Linux systems (such as student labs), users will often be replaced, and the root user's password may be lost, you can enter the single-user mode to change the root user's password.

sh-3.1 # passwdchanging password for user root. New Unix Password:retype new UNIX Password:passwd:all authentication tokens updated successfully.

When the system enters single-user mode, executing the passwd command at the "#" prompt can update the root user's password, and when the system restarts, it can log on to the system as root with the updated password.

------------------------------------------GRUB Encryption

If you prohibit access to a single user, you first need to configure the password for grub, just modify/boot/grub/grub.conf or/etc/grub.conf (/etc/grub.conf is/boot/grub/ GRUB.CONF), for example: vi/boot/grub/grub.conf into profile editing.

Here we introduce a method to add a password to grub, which prevents others from entering the system in single-user mode. There are 2 ways of:

1. Clear text mode

Under Splashimage This parameter, add the following line: password= password. After saving and restarting the computer, when you log on to the Grub menu page, you will not be able to use the e command to edit the start tag, you must first use the P command , After entering the correct password, you will be able to edit the boot tag. However, it is not safe to set the plaintext password. If someone else gets the plaintext password, you can modify the Grub boot tag to change the root password.

2, MD5 encryption method

Enter the Grub-md5-crypt carriage return in the terminal, then the system will ask to enter the same password two times, then the system will output the MD5 code. All you need to do is to copy the generated MD5 ciphertext, and add the following line under the Splashimage parameter:

Password--MD5 $1$ako18/$7eaafqptx.7y2udzyl5cp0//centos MD5


After saving and restarting the computer, when you log in to the Grub menu page again, you will not be able to directly use the e command to edit the start tag, you must first use the P command, enter the correct password before you can edit the boot tag.

CentOS Single-user mode: Change root password and grub encryption

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.