Linux system startup process and root password retrieval

System startup process

BIOS---->mbr:boot Code----> Execute bootstrapper GRUB (operating system bootstrapper)----> Load kernel----> perform init--->runlevel

In fact, when different systems start, the startup program is very similar

1. BIOS

The basic input output system, which we refer to as the fundamental inputs and outputs, is generally stored in the BIOS chip on the motherboard.

The first thing that runs when the computer starts is Bios,bios is responsible for checking the hardware and finding the bootable device

Bootable devices are defined in the BIOS settings, such as USB, CDROM, HD

Identification of the bootable device: the first 512 bytes of the second 2 bytes is not 55AA to judge

2, MBR (512 bytes)

Boot code is executed after the BIOS has found a bootable device

The boot code is the first 446 bytes of the MBR, and the function is to boot the more complex system boot program (because of the small 446 bytes, limited functionality), Linux is boot grub

(MBR of the first 446 bytes, because 446 bytes smaller, limited functionality, it just as a jump, jump to the real boot program)

(extension: If the underlying is not the BIOS but EFI, such as an apple or a high-end server, the partition format or boot format will be GPT instead of MBR)

3. GRUB

Grub is now the mainstream boot program used by Linux, which can be used to boot almost all of the operating systems now, and the WinPE disk is the grub boot.

Grub related files are saved in/boot/grub/

Grub configuration file is/boot/grub/grub.conf650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style= "Text-align:center;border:1px solid RGB (221,221,221); background-position:50% 50%; alt=" Spacer.gif "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/79/2D/wKiom1aKkS6hEGaEAAC4t-3aVr0587.png "title=" Grub config file 1.png "alt=" Wkiom1akks6hegaeaac4t-3avr0587.png "/>

4, KERNEL

The MBR's boot code is responsible for locating and loading the kernel

Linux kernel saved in/boot/vmlinuz-2.6.32-504.el6.x86_64

Kernel modules are typically loaded with package files:/boot/initramfs-2.6.32-504.el6.x86_64.img

Linux to maintain the kernel of a few commonly used drivers, functions compiled into modules, when needed to dynamically load, and these modules are packaged to save as a Initramfs file

The command DMESG or CAT/VAR/LOG/DMESG can view the output information of the kernel at the start-up time

5. INIT

Init is the first process running in a Linux system

Call /etc/rc.d/rc.sysinit is responsible for initializing the system, mounting the file system, and starting the corresponding service based on the RunLevel

Linux Run Level:

0 shutdown, 1 single-user mode, 2 multi-user mode without network, 3 multi-user mode, 4 unused, 5 X11 graphics mode, 6 restart

The default runlevel can be modified through the/etc/inittab configuration file

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/79/2C/wKioL1aKkZChg0rHAAI8H_8wf0E851.jpg "title=" Boot run level modified. jpg "alt=" wkiol1akkzchg0rhaai8h_8wf0e851.jpg "/>650) this.width=650; src="/e/u261/themes/default/ Images/spacer.gif "style=" text-align:center;border:1px solid rgb (221,221,221); background-position:50% 50%; "alt=" Spacer.gif "/>

The start-up service for each level is guaranteed to exist, ETC/RC.D/RC[0123456].D

Command RunLevel to display the current and previous RunLevel

Command init can be used to change the current RunLevel

Change Password 1, ordinary users can change the password by the root user

#passwd User Name

2. Root User Retrieve password

Single-user mode to change the root password

Pass the parameter "1" or "single" to the kernel for the system to enter one-user mode

No services are started in single-user mode

Single-user mode is logged directly to root and does not require a password

You can use passwd to change your password

Specific steps:

Press the key or the down button on start-up to let the interface stop--press the E key to enter the editing interface--Select the kernel line by pressing the E key and enter the number "1" at the end, and press B to start to enter single user boot mode-- Type the passwd command to modify the password and exit single-user mode after pressing exit and start normally

3. Grub Encryption

Grub encryption is required to prevent anyone from contacting a physical host and maliciously modifying the root password

Grub can be encrypted by adding the following parameters to the boot configuration in grub.conf

The encrypted password can be generated by grub-md5-crypt

Specific steps:

First step: Generate an encrypted password from Grub-md5-crypt

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/79/2D/wKiom1aKkkLhY8QZAAAkdN9iuM4678.png "title=" 1.png " alt= "Wkiom1akkklhy8qzaaakdn9ium4678.png"/>650) this.width=650; src=/e/u261/themes/default/images/spacer.gif "style=" text-align:center;border:1px solid rgb (221,221,221); background-position:50% 50%; "alt=" Spacer.gif "/>

Step Two: Add the encrypted password at the beginning of the/boot/grub/grub.conf configuration file

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/79/2D/wKiom1aKklng0HSwAABHzuVp65Y807.png "title=" 2.png " alt= "Wkiom1akklng0hswaabhzuvp65y807.png"/>650) this.width=650; src=/e/u261/themes/default/images/spacer.gif "style=" text-align:center;border:1px solid rgb (221,221,221); background-position:50% 50%; "alt=" Spacer.gif "/>

The third step: Init 6 Restart the system, and then enter the single-user mode by E has not entered the editing mode, only press p after entering the grub password to enter the single-user mode, thereby preventing the malicious person to modify the root password

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/79/2D/wKiom1aKkpjSm7JjAAAfOBRYP8s979.png "title=" 3.png " alt= "Wkiom1akkpjsm7jjaaafobryp8s979.png"/>650) this.width=650; src=/e/u261/themes/default/images/spacer.gif "style=" text-align:center;border:1px solid rgb (221,221,221); background-position:50% 50%; "alt=" Spacer.gif "/>

4, if accidentally forgot the Grub encryption password, then the matter is big

Workaround:

Can only find the physical host, remove the hard disk---> Find a good host to plug the hard drive---> boot to find the grub.conf file, delete the GRUB encryption password information can be.

5, to prevent the malicious demolition of hard disk data, can be in the above-mentioned encryption on the basis of the partition and directory of important files to do encryption

This article is from the "small Conch" blog, please be sure to keep this source http://xiaohailuo.blog.51cto.com/5812435/1731553

Linux system startup process and root password retrieval