Shulou(Shulou.com)05/31 Report--

This article mainly explains "how CentOS enters single-user mode to change the password of Root users". The content in the article is simple and clear, and it is easy to learn and understand. Please follow Xiaobian's train of thought to study and learn "how CentOS enters single-user mode to change the password of Root users".

We know that there are six boot levels for the linux system, which can be seen through the / etc/inittab file:

[root@xiaoluo ~] # cat / etc/inittab# inittab is only used by upstart for the default runlevel.## adding other configuration here will have no effect on your system.## system initialization is started by / etc/init/rcs.conf## individual runlevels are started by / etc/init/rc.conf## ctrl-alt-delete is handled by / etc/init/control-alt-delete.conf## terminal gettys are handled by / etc/init/tty.conf and / etc/init/serial.conf # with configuration in / etc/sysconfig/init.## for information on how to write upstart event handlers, or how# upstart works, see init (5), init (8), and initctl (8). # # default runlevel. The runlevels used are:# 0-halt (do not set initdefault to this) # 1-single user mode# 2-multiuser, without nfs (the same as 3, if you do not have networking) # 3-full multiuser mode# 4-unused# 5-x1mm 6-reboot (do not set initdefault to this) # id:5:initdefault:

Here we see that the default boot level of the system is 5, which is the one with a graphical interface.

But this problem may occur in real life, we may forget the root password of a host, but we need to log in to the system through root users to deal with something, what should we do at this time? We see that there is a single-user mode boot in the startup level of linux, that is, startup level 1. When we forget the secret of the root user, but need to change the root password, we have to tell the kernel by passing a parameter 1 or single to the system kernel at startup, that I need to log in to the operating system in single-user mode. At this point, we can reset the password of the root user through the passwd command. What is the specific operation? We have a picture and a real resemblance!

First of all, let's restart our system (here is centos), then let it stop when the interface starts, press a key on the keyboard casually, and then we will enter the operating system configuration boot interface.

Each title is an operating system configuration option, and here we have only one, which is shown in the picture above. If there are multiple title fields, it will be listed here for us to choose a different operating system.

Okay, through the following English tips, we find that by pressing the e key on the keyboard, we can enter the editing interface.

Is this interface familiar to you? Yes, these three options are the configuration information in our / boot/grub/grub.conf file. Let's take a look at the contents of this file:

[root@xiaoluo] # cat / boot/grub/grub.conf# grub.conf generated by anaconda## note that you do not have to rerun grub after making changes to this file# notice: you do not have a / boot partition. This means that# all kernel and initrd paths are relative to / Eg.# root (hd0,1) # kernel / boot/vmlinuz-version ro root=/dev/sda2# initrd / boot/initrd- [generic-] version.img#boot=/dev/sdadefault=0timeout=5splashimage= (hd0,1) / boot/grub/splash.xpm.gzhiddenmenutitle centos (2.6.32-358.el6.x86_64) root (hd0,1) kernel / boot/vmlinuz-2.6.32-358.el6.x86_64 ro root=uuid=6e24ec7a-2d19-466e-bacc-92750b1f4bef rd_no_luks rd_ No_lvm.utf-8 rd_no_md sysfont=latarcyrheb-sun16 crashkernel=auto keyboardtype=pc keytable=us rd_no_dm rhgb quiet initrd / boot/initramfs-2.6.32-358.el6.x86_64.img

At this point, we need to move the cursor to the second option, that is, the linux kernel, and also press the e key on the keyboard to enter the editing interface. At this time, we can tell the kernel of the linux system by appending parameter 1 or parameter single. I need to log in to the system in single-user mode.

Then we enter, enter the upper interface, press the b key on the keyboard to start the operating system, and our linux operating system is logged in as a single user. We find that the system enters the command-line interface very quickly, because the single-user mode does not start any services and does not need to enter the root password to directly enter the root user. At this point, we can reset our root user's password through the passwd command.

We can then exit single-user mode with the exit command, and the operating system kernel will boot according to the default boot level set in the / etc/inittab configuration file we saw earlier.

This allows us to change our root password by entering single-user mode by appending parameter 1 or single to the kernel parameters when entering the grub boot.

However, please note that because the above operation only needs to change our root user password through single-user mode, so once others have access to our server host, then root user password can be easily changed by others, of course, it is very insecure, so we still need to use grub encryption to open a layer of password protection.

Encrypt grub by adding similar code to the / boot/grub/grub.conf startup configuration:

Password-- md5 $1 $6h92b1 $pzopv63ktmk4uehzqtaz//

The latter string is the md5 encryption algorithm. We can generate the encrypted algorithm through the command grub-md5-crypt.

[root@xiaoluo ~] # grub-md5-crypt password: retype password: $1 $uga2b1 $driidrvtegvg95fhhx4h./ [root@xiaoluo ~] #

Enter the password we need to set at password and retype password above, and then generate the password encrypted by the md5 algorithm. We add the encrypted password to the

/ boot/grub/grub.conf can be found in the configuration file, for example:

[root@xiaoluo] # vi / boot/grub/grub.conf password-- md5 $1 $uga2b1 $driidrvtegvg95fhhx4h./# grub.conf generated by anaconda## note that you do not have to rerun grub after making changes to this file# notice: you do not have a / boot partition. This means that# all kernel and initrd paths are relative to / Eg.# root (hd0,1) # kernel / boot/vmlinuz-version ro root=/dev/sda2# initrd / boot/initrd- [generic-] version.img#boot=/dev/sdadefault=0timeout=5splashimage= (hd0,1) / boot/grub/splash.xpm.gzhiddenmenutitle centos (2.6.32-358.el6.x86_64) root (hd0,1) kernel / boot/vmlinuz-2.6.32-358.el6.x86_64 ro root=uuid=6e24ec7a-2d19-466e-bacc-92750b1f4bef rd_no_luks rd_ No_lvm.utf-8 rd_no_md sysfont=latarcyrheb-sun16 crashkernel=auto keyboardtype=pc keytable=us rd_no_dm rhgb quiet initrd / boot/initramfs-2.6.32-358.el6.x86_64.img

At this time, let's restart the system again and try to enter the grub to have a look.

We found that the following English prompt has changed. Previously, we could press the e key on the keyboard to enter the grub, but now it is useless to press the e key. It prompts us to press the p key to enter the password of grub in order to enter the grub.

At this point, we can enter the grub password we set before, and then the interface will go to the modified grub that we are familiar with.

So through the encryption algorithm of grub, we can encrypt the entry into grub, so that we can prevent others from entering single-user mode maliciously, thus changing the root password!

Of course, if we forget the grub secret and forget the root password, we really won't be able to log in to root users.

Thank you for your reading, the above is the content of "how CentOS enters single-user mode to change the password of Root users". After the study of this article, I believe you have a deeper understanding of how CentOS enters single-user mode to change the password of Root users, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.