Change the ROOT password and grub encryption in CentOS single-user mode

Source: Internet
Author: User

Change the ROOT password and grub encryption in CentOS single-user mode

When the Linux system is in normal state, after the server host is started (or restarted), the system pilot program can automatically boot the Linux system to multi-user mode and provide normal network services. If the system administrator needs to perform system maintenance or a startup exception occurs, the system needs to be managed in single-user or repair mode. One premise of using the single-user mode is that your system Boot Tool (grub) works normally. Otherwise, you must use the repair mode for system maintenance. Note: In single-user mode, network service is not enabled and remote connection is not supported.

In a Linux system, different Run levels indicate different running states of the system. For example, if a Linux server is running normally at the Run Level 3, it is a multi-user mode that can provide network services; the running level 1 only allows administrators to operate on the server host through a single console, that is, "single user mode ".

Take centos as an example:

Enter Single User Mode

The premise of entering the single-user mode is that the system boot loader works properly. The following uses GRUB as an example to describe the access method. There are three operation buttons "a", "e", and "c" in the GRUB boot menu. You can use these buttons to enter the single-user mode.

Method 1 use the "a" button to enter single-user mode ------ recommended: simple operation

This is the fastest way to enter the single-user mode. In the GRUB Startup menu, use the "a" operation button to edit the kernel Parameter and enter single at the end of the line to inform the Linux kernel that the subsequent startup process needs to enter the single-user mode. Press enter ..


Method 2: Use the "e" button to enter the single-user mode

Use the "e" operation button in the GRUB Startup menu to go to The CentOS Startup menu and move the cursor to the "kernel" configuration item line ,.


Position the cursor to the kernel menu item

Press the "e" key to edit the "kernel" menu item, and enter single at the end of the line to inform the Linux kernel that the subsequent startup process needs to enter the single-user mode.

Change kernel/vmlinuz-2.6.18-53.el5 ro root =/dev/VolGroup00/LogVolRoot to kernel/vmlinuz-2.6.18-53.el5 ro root =/dev/VolGroup00/LogVolRoot single

After the change, press enter to return to the CentOS Startup menu interface ,.


Finally, press the "B" key and use the changed CentOS boot menu item to start the single-user mode.

Method 3: use the "c" button to enter the single-user mode

This is the most troublesome way to enter the single-user mode. Generally, this method is not used to enter the single-user mode. This is intended to familiarize yourself with GRUB command line interface operations. Use the "c" operation button in the GRUB Startup menu to go To the GRUB command line interface. Use the root, kernel (single input at the end of the line), and initrd commands under GRUB to specify the startup parameters, respectively, and then use the boot command to start to single-user mode ,.


Go to single-user mode from the GRUB command line interface

---------------------------------------------------------------------

After entering the single-user mode

When the system enters the single-user mode, you do not need to enter the user name and password. After the system is started, the administrator root permission is directly obtained. The console prompt is "#".


Console interface in Single User Mode

The preceding startup information is critical:
Remounting root filesystem in read-write mode:[OK]

Indicates that the root file system in single-user mode is readable and writable. Only the root file system can be read and written can the system administrator maintain the system. If the system configuration and script file are incorrect, the root file system in single-user mode enters the read-only file system read-only status, run the following command to re-mount the root file system in read/write mode:

sh-3.1 # mount -o remount rw -t ext3 /

When the Linux system enters the single-user mode, no one else (through the network) will interfere with the running status of the system because it has stopped any network service and network configuration (the network interface is invalid, administrators can safely perform system-level maintenance on the Linux system. In single-user mode, Linux is a fully functional operating system except for its network functions. In single-user mode, you can perform the following maintenance and management tasks:

  • Reset the superuser password

  • Maintain System partitions, LVM, and file systems.

  • Back up and restore the system

A typical application of single-user mode is the "password setting" of the root user ". For some Linux systems (such as student labs) that are temporarily used or used for lab purposes, users are often changed, while the root user's password may be lost, in this case, you can change the password of the root user in single-user mode.

sh-3.1 # passwd Changing password for user root. New UNIX password:Retype new UNIX password:passwd: all authentication tokens updated successfully.

After the system enters the single-user mode, run the passwd command at the "#" prompt to update the password of the root user, after the system restarts, you can use the updated password to log on to the system as the root user.

------------------------------------------ Grub Encryption

If you are not allowed to access a single user, you must first configure the password for GRUB. You only need to modify/boot/grub. conf or/etc/grub. conf (/etc/grub. conf is/boot/grub. conf), for example, vi/boot/grub. conf to edit the configuration file.

Here we will introduce a method to add a password to grub to prohibit others from entering the system in single-user mode. There are two methods:

1. plaintext

Add password = password to the next line of the splashimage parameter. After saving it, restart the computer and log on to the GRUB menu page again. You cannot directly use the e command to edit the startup tag. You must use the p command first, enter the correct password to edit the startup tag. however, the plaintext password is not safe. if you have obtained the plaintext password, you can modify the GRUB startup tag to change the root password.

2. MD5 Encryption

Enter the grub-md5-crypt in the terminal and press enter, then the system will ask to enter the same password twice, then the system will output the MD5 code. You only need to copy the generated MD5 ciphertext and add it in the next line of the splashimage parameter:

Password -- md5 $1 $ AKO18/$ 7EaafQPtx. 7y2UdZyL5cp0 // md5 of centos

Hiddenmenu

After saving it, restart the computer and log on to the GRUB menu page again. You cannot directly use the e command to edit the startup tag. You must use the p command first, enter the correct password to edit the startup tag.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.