[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Emergency mode when root account locked

On 12/12/20 3:35 PM, Marco Möller wrote:
On 12.12.20 15:18, Alex Mestiashvili wrote:
Not sure is that was already answered, since I lost track of the thread.
But resetting the root password is just matter of booting with root partition it rw mode and init=/bin/bash isn't?

It is not even required to mount your disk from other hardware. Simply boot to the grub menu and set this boot parameter:
init=/sbin/sulogin --force

As long as someone has physical access to the Debian carrying disk, you can always break into the system! In this case for restoring your access options, but of course in other cases this could also be used for evil things. In order to prevent the evil access option you need to activated disk encryption. To my knowledge this cannot be bypassed as easily as simply gaining root access on an unencrypted system. But of course, if you now forget your decryption passphrase, then your system is gone for ever, also no more accessible by mounting the disk in another system. If you now would have a problem with the root password or sudo setup, you would for sure still need the disk decryption passphrase, and only afterwards could help yourself with the mentioned boot parameter.
Best wishes, Marco.

Hi thanks for the hint, never considered "/sbin/sulogin --force" so far, good to know. I normally also set grub password, so one can't edit that easily grub entries. And use full disk encryption for laptops.


Reply to: