A way to mess up recovery mode logins! Comments please?

Phillip Susi psusi at cfl.rr.com
Mon Jan 16 16:57:02 UTC 2006


neil woolford wrote:
> First of all, follow the instructions on the RootSudo wiki page to
> temporarily set a root password, then follow the instructions to disable
> that password.
> 

You really shouldn't do that.  It is best to leave the system the way it 
comes: with no root password.  Use sudo if you need root permissions.

> so;
> 
> sudo passwd root
> 
> then;
> 
> sudo passwd -l root
> 
> Now try rebooting into recovery mode.  You will be asked for a root
> password, but even if you give it, you won't be able to log in as it has
> been disabled and the root account is now locked.  (Time to break out
> the Damn Small Linux disc when it happened to me!)
> 
> Why does this happen?
> 

Because you locked the root account silly, so you can't login as root ( 
which is what recovery mode is all about ).

By the way, you could have fixed this without a boot disk by having grub 
add "init=/bin/bash" to the kernel command line, which will bypass any 
kind of login.

> As far as I know, it is for the following reason:  the recovery mode
> boot has been patched in Ubuntu to allow passwordless login as root,
> provided that the root password in /etc/shadow is set to the special
> (default) value of the * character alone.  However, setting a password
> places an encrypted value in this field, and locking it merely prepends
> a ! character to this value, (allowing the password to be reactivated by
> removing the !, without knowledge of the original password).
> 

Nothing special has been patched in ubuntu.  By default there is no root 
password, so when you boot into rescue mode, you don't have to enter one 
to login as root.  If you lock the root account, then you can't login as 
root, it's that simple.

It appears that the wiki has misled you.  I will have to fix that.

> The immediate workaround is to manually edit the /etc/shadow file to
> restore the root password field to the * character alone.
> 
> Unless others can see a reason not to do so, I intend to add this
> information to the wiki.  I'm also considering a bug report as it
> *might* be worth amending the patch to the recovery mode boot, to allow
> the same behaviour for a locked root password as currently exists for a
> null one.
> 
> Comments please...
> 
> Neil
> 





More information about the ubuntu-users mailing list