On Fri, Nov 25, 2005 at 01:33:34PM +0200, Maxim Vexler wrote: > On 11/25/05, Robert Brockway <[EMAIL PROTECTED]> wrote: > > Anyone wanting to lock the root account (not a good idea IMHO) should have > > a root enabled session (sudo, su or whatever) put to the side and not > > touched during the procedure. This session would be used only to reverse > > the procedure if it was found that establishing superuser privs was no > > longer possible in new sessions. > > In the worst case, couldn't someone just boot from a livecd, run > [passwd root], then [cat /etc/shadow | grep root] on the livecd and > finally simply copying that entry into the locked out system shadow > file ?
That's doing it the hard way. Just pass "init=/bin/sh rw" to the kernel with your bootloader, and do: # passwd root # mount -o ro,remount / && reboot If your bootloader has a password and you've lost that, you can use a boot disk, but you still shouldn't muck around with the passwd & shadow files directly, probably ever. Just mount the root filesystem and chroot /mnt passwd (or visudo) as root. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]