http://prefetch.net/blog/index.php/2005/10/22/recovering-root-passwords-with-fedora-core/ Blog O' Matty Tue, 07 Feb 2012 02:31:44 +0000 hourly 1 http://prefetch.net/blog/index.php/2005/10/22/recovering-root-passwords-with-fedora-core/comment-page-1/#comment-28 Rob Thu, 27 Oct 2005 02:08:18 +0000 http://daemons.net/~matty/blog/?p=229#comment-28 This only works if you skimped on security and the root password is not required to enter single-user mode. Of course, you can always boot a repair disk, mount the root filesystem and edit the password out of /mnt/etc/passwdfor root. This is why, on a production system where you can't guarantee, 100%, physical security of your servers, you should have (a) A firmware password to prevent changing hardware parameters (b) Disable booting from devices other than the fixed disk, in firmware (c) Root password required to acess the shell in single-user-mode. (d) Bootstrap loader prtection to prevent changing boot parameters from the command line. etc. This only works if you skimped on security and the root password is not required to enter single-user mode. Of course, you can always boot a repair disk, mount the root filesystem and edit the password out of /mnt/etc/passwdfor root. This is why, on a production system where you can’t guarantee, 100%, physical security of your servers, you should have
(a) A firmware password to prevent changing hardware parameters
(b) Disable booting from devices other than the fixed disk, in firmware
(c) Root password required to acess the shell in single-user-mode.
(d) Bootstrap loader prtection to prevent changing boot parameters from the command line.
etc.

]]>