Linux Learning CentOS (22)--Enter Single-user mode to modify the root user password _linux

In the previous essay in detail on the Linux system startup process, we know that the Linux system's starting level of a total of 6 levels, through/etc/inittab This file we can see:

 [Root@xiaoluo ~]# Cat/etc/inittab # Inittab is only used by upstart for the default run
Level.
# # Adding other CONFIGURATION here would HAVE NO EFFECT on YOUR SYSTEM. # System Initialization is started by/etc/init/rcs.conf # individual runlevels are started by/etc/init/rc.conf # # C Trl-alt-delete is handled by/etc/init/control-alt-delete.conf # Terminal Gettys are handled by/etc/init/tty.conf and/
etc/init/serial.conf, # with configuration In/etc/sysconfig/init.
# For information on "How to" write upstart event handlers, or how # Upstart works, "," "(5), init (8), and Initctl (8)." # # Default RunLevel.  The runlevels used are: # 0-halt (Don't set Initdefault to this) # 1-single user mode # 2-multiuser, without NFS (The same as 3, if you did not have networking) # 3-full multiuser # 4-unused # 5-x11 # 6-reboot Set Initdefault to this) # Id:5:initdefault: 

Here we see the default boot level for the system is 5, which is the one with the graphical interface.

But in real life this may be the problem, we may forget the root password of a host, but we need to log on to the system root user to deal with some things, this time what do we do? We see a single user mode boot in the Linux startup level, that is, startup level 1, and when we forget the root user's secret but need to modify the root password, we're going to pass a parameter of 1 or one to the system's kernel at boot time. To tell the kernel, I need to log on to the operating system in Single-user mode, so that we can reset the root user's password by passwd command. What is the specific operation? We have a picture of a true image!!

First we reboot our system (I'm CentOS here), and then let it stop at the start of the interface, click on a key on the keyboard and go to the OS Configuration boot interface.

Remember the last essay inside/boot/grub/grub.conf the first title field in this file? Yes, each title is an operating system configuration options, here we only have one, that is, the above picture shows that, if there are more than one title field, here will be listed for us to choose a different operating system.

OK, the following English prompts us to find the keyboard to press the E key to enter the editing interface
See this interface is not very familiar with it? Yes, these three options are the configuration information in our/boot/grub/grub.conf file, and we look at the contents of the file by looking at it:

 [Root@xiaoluo ~]# cat/boot/grub/grub.conf # grub.conf generated by Anaconda # # Note th At you don't have to rerun grub after making changes to this file # Notice:you does not have a/boot.
This means so # all kernel and INITRD paths are relative to/, eg. # root (hd0,1) # kernel/boot/vmlinuz-version ro root=/dev/sda2 # initrd/boot/initrd-[generic-]version.img #b OOT=/DEV/SDA default=0 timeout=5 splashimage= (hd0,1)/boot/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.32-358. el6.x86_64) root (hd0,1) kernel/boot/vmlinuz-2.6.32-358.el6.x86_64 ro root=uuid=6e24ec7a-2d19-466e-bacc-92750b1f4 BEF Rd_no_luks RD_NO_LVM Lang=en_us. UTF-8 rd_no_md sysfont=latarcyrheb-sun16 crashkernel=auto keyboardtype=pc keytable=us rd_NO_DM rhgb quiet Initrd/boot /initramfs-2.6.32-358.el6.x86_64.img 

At this point we need to move the cursor to the second option, that is, the Linux kernel, also press the keyboard of the E key to enter the editing interface, at this time we append parameter 1 or parameter single can tell the Linux system's kernel, I need to log into the system in Single-user mode.
Then we enter the upper layer of the interface, press the keyboard on the B key is to start the operating system, at this time, our Linux operating system is a single user's mode of landing. We found that the system went very quickly into the interface of the command line mode, because Single-user mode does not start any service, and does not need to enter the root password, you can go directly to the root user, at which point we can use the passwd command to reset the password of our root user
Then we can exit Single-user mode through the Exit command, at which point the operating system kernel starts with the default boot level set in the/etc/inittab configuration file we saw earlier.

This allows us to modify our root password by appending the parameter 1 or single to the kernel parameter in the GRUB boot to enter Single-user mode.

However, please note that since the above operation only needs to be done through Single-user mode to modify our root password, so that once someone has access to our server host, the root password is easily modified by others, which is certainly very unsafe, So we still need to use grub encryption to open a layer of password protection.

Encrypt grub by adding the following similar code in the/boot/grub/grub.conf boot configuration:

Password--md5 $1$6h92b1$pzopv63ktmk4uehzqtaz//

One of the strings behind that is the MD5 encryption algorithm, which we can use to grub-md5-crypt this command to generate the encrypted algorithm.

[Root@xiaoluo ~]# grub-md5-crypt 
Password: Retype Password 
: 
$1$uga2b1$driidrvtegvg95fhhx4h./

In the above password, retype password, enter the password we need to set, and then we can generate the MD5 algorithm encrypted password, we will add this encrypted password to the

/boot/grub/grub.conf This configuration file, for example:

 [root@xiaoluo ~]# vi/boot/grub/grub.conf password--md5, $1$uga2b1$driidrvtegvg95fhhx4 H./# grub.conf generated by Anaconda # # * * You don't have to rerun grub after making changes to this file # Ice:you do not have a/boot partition.
This means so # all kernel and INITRD paths are relative to/, eg. # root (hd0,1) # kernel/boot/vmlinuz-version ro root=/dev/sda2 # initrd/boot/initrd-[generic-]version.img #b OOT=/DEV/SDA default=0 timeout=5 splashimage= (hd0,1)/boot/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.32-358. el6.x86_64) root (hd0,1) kernel/boot/vmlinuz-2.6.32-358.el6.x86_64 ro root=uuid=6e24ec7a-2d19-466e-bacc-92750b1f4 BEF Rd_no_luks RD_NO_LVM Lang=en_us. UTF-8 rd_no_md sysfont=latarcyrheb-sun16 crashkernel=auto keyboardtype=pc keytable=us rd_NO_DM rhgb quiet Initrd/boot /initramfs-2.6.32-358.el6.x86_64.img 

This time we reboot the system again and try to get into grub to see
We found that the following English prompts have changed, before you can press the keyboard e to enter into grub inside, now press e key is no use, at this point prompted us to press the P key to enter the grub password in order to enter the grub inside
At this point we enter the grub password we set up before, and then the interface goes to our familiar modified grub.

So through the GRUB encryption algorithm we can go into grub encryption, so as to prevent others malicious into single-user mode, thus modifying the root password!!

Of course, if we forget the grub's secret and forget the root password, it's really not going to be able to log in to the root user ....

This essay mainly records how to modify the root user's password through Single-user mode, and set up GRUB's MD5 encryption algorithm to encrypt the entry to grub, thus restricting others from easy access to Single-user mode, and will continue to record learning Linux in the course of later learning Linux!!!!