Change root password on Debian / LMDE

It is known that GNU / Linux It is famous for the level of security it can have, but I always say that security does not depend on the system you use, but on the one that configures it.

El Tips that we will see next is for me, one of the biggest security violations in GNU / Linux, that although it can get us out of one problem, it can get us into another. All thanks to the help of GRUB, which we can edit and wreak havoc. But hey, we'll see later how to protect it.

What we have to do to recover the password from Root is to restart the PC and when it is in the Grub, we get on it Kernel that we are going to use and press the «keye«. Me Grub It says something more or less like this:

menuentry 'LinuxMint GNU/Linux, with Linux 3.0.0-1-486' --class linuxmint --class gnu-linux --class gnu --class os {
insmod gzio
insmod part_msdos
insmod ext2
set root='(/dev/sda,msdos1)'
search --no-floppy --fs-uuid --set=root 13b7959d-3c04-45c0-82c5-86bbfff77b65
echo    'Loading Linux 3.0.0-1-486 ...'
linux    /boot/vmlinuz-3.0.0-1-486 root=UUID=13b7959d-3c04-45c0-82c5-86bbfff77b65 ro  quiet
echo    'Loading initial ramdisk ...'
initrd    /boot/initrd.img-3.0.0-1-486

And the line that interests us is the one highlighted in bold. We go to the end of that line and put:

init=/bin/sh

At this point we boot by pressing the keys «Ctrl + X» (The keys may change depending on the version of the Grub). When it finishes loading, we write:

# mount -o remount rw /

And subsequently:

# passwd root

We change the password, we reboot and that's it. Security violation assured. So I better get down to write how to protect the Grub. 😀


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

13 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Courage said

    It is not for putting cane but with these things we scare people who want to try Linux, although not all distros load the Grub at the beginning, neither Ubuntu nor Fedora did it to me

    1.    elav <° Linux said

      It is not to scare anyone, on the contrary, it is to say the bad things that we can find, so that we are not caught off guard. You know how it can be done the password change and how do i know can protect the Grub.

      1.    Eduar2 said

        You can put a password to grub and the grub startup options: D, I don't have it because, very occasionally my sister asks me to lend her the pc, or to borrow it, she knows my password, for arch and windows 7 without pass, and well needless to say more than you have published something you know, now who is going to come, enter my room and change my passwd only my mother and my sisters enter my room, my mother does not use the pc, my sisters They have their own, only when their PCs are screwed do they come into my room to use mine and leave notes for me to repair theirs, ah my girlfriend doesn't exactly go in to use the PC and she only knows Windows. what a security hole, another thing would be a laptop.

  2.   Javier Morales said

    Hello people, my name is Javier and I wanted to do the following query, but the best thing is to start at the beginning. I have mintUpdate disabled in the startup options, and the first thing I do when starting is go to system> administration> update manager , which asks me for my root password. In this way to restart or shutdown it asks me for the password again. So far so good, the problem comes when instead of entering it, for example to restart, I cancel the operation, at which point which the system asks me again to login to enter my account, well, if instead of doing so I go to the bottom right of the screen and click on the start / shutdown icon, I find that I can do it by skipping the root password. Can anyone tell me how to avoid it? I use LMDE with gnome. Thanks.

  3.   Javier Morales said

    Is there someone?

  4.   Tony said

    Hello everyone. I've done everything, everything and I still can't change the password. It gives me a message: Authentication information cannot be reovered password unchanged. I don't know what else to do aaaaayuuuddeeeennmeee please !!

  5.   orlando said

    Hello everyone! I'm starting to use linux, I'm with wheezy, and I wanted to see if you could help me with a problem that I have, at the office I have a friend who is more boss using linux, and I don't know what he did to my machine that he can program so that my pc turns off when he wants, and send me pop up messages 🙁 if you give me a little hand with this, I would appreciate it.

    1.    elav said

      The safest thing is that he created a user on your computer, or he simply programmed a script and executed it with cron. I invite you to stop by the forum to offer you more help.

    2.    Kennedy said

      run as superuser
      aptitude purge ssh

      that will uninstall remote access

      1.    orlando said

        thank you very much 😀

  6.   Ivan blue said

    I get / bin / sh: passwd not found

  7.   Luis said

    Very good indication has been the first one that helps me. however I still have problems. I am using linux mint. I managed to change the UNIX password, but it still won't let me log in. At the beginning it asks me for my password, I use the new one that I enter and it still won't let me in.
    What I can do?
    Thank you.

  8.   Ricardo said

    Hi, I know this is old but I'm desperate. I tried the mentioned steps but after pressing ctrl X it gives me the following error / bin / dash: can't access tty: no job control turned off »