Why is it possible to change the password of an admin user on linux?

security root linux password-recovery grub

Solution 1:

The passwords are meant to prevent access from outside (network, internet), and they accomplish it. However, physical access is root access.

Unless you're encrypting your entire partition, it's always possible to boot from an optical disc or a flash drive and gain access to all your files. This way, you can also modify the files that store the users' passwords.

However, you can choose to disable the recovery mode of you want to. Steps:

  1. Open /etc/default/grub in a text editor (with root privileges)

  2. Uncomment/add the line following line:

    GRUB_DISABLE_RECOVERY="true"

  3. Save the changes and run the following command:

    sudo update-grub

Solution 2:

If someone can physically touch your machine they can get in.

Easiest way, load linux on a usb drive and boot from the usb stick. Voila, you can view the native file system and make whatever changes you like.

Solution 3:

It will always be possible to change the root password. It can always happen that someone forgot it. You need physical access to the server (or console access when virtualized) to enter the GRUB recovery mode, so when you are already there you can take the whole server/desktop as well to pull out the HDD and do some forensics on it. Safety-wise it does not matter a lot.

You can always encrypt your disc if you want additional security. That will make recovery a lot harder.

Solution 4:

For grub 1 do the following:

  1. Open a command line and enter as root grub-md5-crypt

  2. You are being asked for a password and after confirming your password you will see a hashvalue which you copy to the clipboard

  3. Open your editor of choice and edit /boot/grub/menu.lst and add to the first line:

    password --md5 "Hashvalue"

  4. Safe the file. The hashvalue is the one you get from the command grub-md5-sum

For grub2 there is a tool which lets you setup this more easy http://sourceforge.net/projects/grubpass/ After installing just type:

  1. grubpass into the shell as root user. The program is pretty much self explanatory.

However the best way to protect your data from this kind of access is to use full disk encryptpion.

Related

How can I move files with xargs on Linux?
Enable 256 colors for cygwin under mintty?
How to record screencast on Linux with mouse clicks and key hits shown
How can I tell which network interface my computer is using?
How can I copy multiple files over scp in one command?
Synaptics touchpad stops working randomly
What is the largest size of a 640x480 JPEG?
Detecting when a server is running on UPS battery
bash - remove all directories (and contents) but not files in pwd
Open source CoverFlow library for iPhone [closed]
Proper/fastest way to reshape a data.table
MySQL match() against() - order by relevance and column?