Difficulties with password reset

English Install/Boot/Login
1

I deleted the encrypted password for the user “root” in the file “/etc/shadow” of my updated openSUSE 12.1 system (from within a Knoppix session). I could successfully login as “root” to the rescue mode of a Linux version “3.4.3-30” without a password. The command “passwd” let me enter a new one. But it did not finish input processing immediately. (I was surprised that the blinking cursor did not appear again on the command line after over ten minutes.)

I would appreciate your advices to resolve such a hiccup.

2

I am not quite sure what you are doing. Did you boot into your own system, or did you boot into a CDS or DVD rescue system?

In the last case you try to set (not reset) the password in the shadow file of that CD/DVD ystem, which will of course take a long time as you can not write there.

Can you explain what you are doing exactly?

3

I used a Knoppix session (Live DVD) to mount a file system from my own openSUSE installation on a hard disk so that I could delete the password for the user “root” in the corresponding configuration file. I started the rescue mode of a Linux version “3.4.3-30” without a password then from this disk. (I did not try to reset a password for a Knoppix user.)
The command “passwd” prompted me to enter a new one. The first input succeded immediately. But I did not see that this program exited after I had acknowledged my choice with the second text input (password repetition).

4

Thia is still very vague. You seem to think that we can fill in all the impresise things here. But even if our fantasy would fill in those, our fantasy could be wrong. And you (should know what you did/do, saw/see, etc. So please ell us!

“to mount a file system from my own openSUSE installation on a hard disk” Which file system? One does not mount on a hard disk, one mounts on a mountpoint.

"so that I could delete the password for the user “root” in the corresponding configuration file. Which configuration file? What exect did youi change there? And why? To what does it corresponds?

"I started the rescue mode of a Linux version “3.4.3-30"” Again, as "Linux version “3.4.3-30” is a kernel version, this does not explain very much. Where did you boot from? From the same Knoppix where you deleted the password? And when not, why do you not use that Knoppix version to repair what you broke?

In short, as far as I understand you, you talk about three systems:

  1. an openSUSE 12.1 (on the disk of your hardware I assume);
  2. a Knoppix live CD (on a CD of course);
  3. an unnamed Linux version “3.4.3-30” (residing on what?)

Can you please make this picture more clear to us?

Also, don’t you have a backup of the broken 12.1 system of any kind from where you can restore the broken configuration file (whichever that is)?

5 
root@Knoppix: vgchange -a y && mkdir /mnt/R && mount /dev/doda/root /mnt/R && vi /mnt/R/etc/shadow

… Where did you boot from? …

  1. Knoppix DVD
  2. openSUSE installation on local hard disk with Linux “kernel-desktop 3.4.3-30.1” (vendor: obs://build.opensuse.org/openSUSE:Tumbleweed) from a corresponding GRUB menu entry with the addition of the parameter “single”.

Can you please make this picture more clear to us?

The chosen password does not really matter here. I wonder why the program “passwd” (package “pwdutils 3.2.17-6.1.2”) does not exit cleanly after the second text input on my system.

6

Well, at last information is comimg forward.

So you use LVM on the opennSUSE system. Something you did not bother to tell us earlier :frowning:

With the cryptic expression "Linux version “3.4.3-30"” you seem to mean simply your openSUSE system, but in single uer mode. Is that correct?

And it now shows that you use Tumbleweed, where we have a special part of the forum for.

When you are in single user mode in your openSUSE Tumbleweed, is your LVM running? In other words is the correct /etc/shadow available?

And what does the root entry in /etc/shadow show? An empty password field? And does this stay like that after you tried (and failed) the passwd command? And how did you in the end stop that hanging passwd command? With Ctrl_C?

It is not the chosen password that matters here, but all the other actions you do.

I better not ask you why you edited the /etc/shadow of your system via that Knoppix CD. I guess you rather will not tell that.
And on my suggestion that you should restore the /etc/passwd from your backup, you gave no reaction. Thus I guess you do not have a backup.

7

Yes. - It is the local installation for which I try out the “rescue mode”.

When you are in single user mode in your openSUSE Tumbleweed, is your LVM running?

Yes. - All my LVM partitions are working fine so far.

In other words is the correct /etc/shadow available?

Yes.

elfring@Sonne:~> ll /etc/shadow
-rw-r----- 1 root shadow 981 31. Jul 11:53 /etc/shadow

An empty password field?

Yes. - After my edit in the Knoppix session of the text between the colons in the “root” line.

And does this stay like that after you tried (and failed) the passwd command?

No. - A new string will be stored at this place.

And how did you in the end stop that hanging passwd command?

I stop it with the shortcut “Ctrl+Alt+Del” (restart of my computer). It seems that shortcuts like “Ctrl+C” and “Ctrl+D” do not have any effect in this situation.

I better not ask you why you edited the /etc/shadow of your system via that Knoppix CD. I guess you rather will not tell that.

I can provide a bit more feedback for this detail. I would like to be sure that I’m using the correct password for the management of my openSUSE system. :wink:

I have got another open issue there: The command line does not apear in a root shell after the known password was eventually accepted by the corresponding enquiry while I’m working with the desktop environment “Xfce 4.10” at the moment.

And on my suggestion that you should restore the /etc/passwd from your backup, you gave no reaction. Thus I guess you do not have a backup.

Now I reply to this concern. - A file copy is still available.

8

Thanks for the answers. But you still keep me a bit uncertain about some points.

What do you mean with “rescue mode”? I know there are some bootable CDs/DVDs where there is a rescue system offered on boot. But you are here booting your normal system. Is there realy something like “rescue” in the list of GRUB boot options? (I am not a Tmbleweed user).
As far as I understand you boot your normal system in “single user mode”. I think this because you say you added the kernel parameter single in the line on the GRUB bootscreen.

Then, when you now have something in the password field of the root entry of /etc/shadow, does that field look OK, I mean, does it have the same length as the other encrypted password there? And did you try to login as root using the new password… In other words, I want to know if the result of the hanging password command is as intended or not.

And then, when you have a backup of /etc/shadow of not so long ago, why do you not restore (from the Knoppix boot). Then you have the situation of the old password before you started to destroy your system. (the only drawback being that some users might have changed their password since the backup was made, but you can cope with that).

I hope you understand that the only thing I try is to get as much grip as possible on what you have there, to be able to let you have a usable root password again. In the end we might never know why the password command was hanging, but you do not want to walk this path of destruction and recovery ever again I guess :wink:

9

On 2012-07-31 15:46, elfring wrote:
>> I better not ask you why you edited the /etc/shadow of your system via
>> > that Knoppix CD. I guess you rather will not tell that.
> I can provide a bit more feedback for this detail. I would like to be
> sure that I’m using the correct password for the management of my
> openSUSE system. :wink:

The only valid reason to edit /etc/shadow from another rescue system is because you have
forgotten root’s password.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

10

Not in my boot menu. :wink:

I think this because you say you added the kernel parameter single in the line on the GRUB bootscreen.

Yes. - But the corresponding login enquiry mentions “rescue mode”.

Then, when you now have something in the password field of the root entry of /etc/shadow, does that field look OK, I mean, does it have the same length as the other encrypted password there?

The encrypted string results are different because I chose also different passwords during my “experiments”. It seems that there are usual variations for password hashes.

And did you try to login as root using the new password…

Yes. - That succeeded.

In other words, I want to know if the result of the hanging password command is as intended or not.

I do not really know so far. I am still unsure about the involved software components which might delay or block the expected clean program exit.

And then, when you have a backup of /etc/shadow of not so long ago, why do you not restore (from the Knoppix boot).

The restore is still an option for this configuration file. - But it will not resolve the unexpected behaviour which I observed “accidentally”.

I hope you understand that the only thing I try is to get as much grip as possible on what you have there, to be able to let you have a usable root password again.

That is fine. - I can configure such passwords. I was just surprised by a software update a while ago which also lead to obstacles for authorisation processes in root shells.

In the end we might never know why the password command was hanging, …

I am just curious about the chances to find the real error candidates.

11

There have been several misunderstandings during our discussion. The biggest now seems to be that I all the time thought that you could not login as root because of not being able to set a password. That seems not to be the case.

As it seems that you “only” have some strange things in your Tumbleweed installation, the only thing I can advise you is to start one or more new threads in the Tubmbleweed forum describing them one by one in an exact and precise manner (not forgetting such things as: I use LVM, etc.). Thus your fellow Tumbleweed users may come to your rescue.

12

Would any more system administrators and testers like to check if their password reset will completely work in single user mode as expected?

13

elfring wrote:
>
> hcvv;2477525 Wrote:
>> Thus your fellow Tumbleweed users may come to your rescue.
> Would any more system administrators and testers like to check if their
> password reset will completely work in single user mode as expected?
>
>

Here resetting works but I do it differently, simpler, no external
system needed:

  1. Boot with kernel parameter ‘init=/bin/bash’
    You’ll soon see root prompt without the need to log in.

  2. ‘passwd root’

  3. Reboot

Vahis

http://waxborg.servepics.com
openSUSE 11.4 (x86_64) 2.6.37.6-0.20-default main host
openSUSE 12.1 (x86_64) 3.4.5-33-desktop Tumbleweed in VirtualBox
openSUSE 12.1 (i586) 3.1.10-1.16-desktop in EeePC 900

14

I had to mount a file system for the directory “/usr” manually before this program could be found in my installation. Do you need to consider such a setting if you use a separate partition for it? :wink:

15

On 2012-08-02 07:46, elfring wrote:
>
> Vahis;2477655 Wrote:
>> # ‘passwd root’
> I had to mount a file system for the directory “/usr” manually before
> this program could be found in my installation. Do you need to consider
> such a setting if you use a separate partition for it? :wink:

Of course.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)