Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码
<p>在上一篇随笔里面详细讲解了linux系统的启动过程、,我们知道linux系统的启动级别一共有6种级别,通过 /etc/inittab 这个文件我们就能看到:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_239655">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
<div class="line number21 index20 alt2">
21</div>
<div class="line number22 index21 alt1">
22</div>
<div class="line number23 index22 alt2">
23</div>
<div class="line number24 index23 alt1">
24</div>
<div class="line number25 index24 alt2">
25</div>
<div class="line number26 index25 alt1">
26</div>
<div class="line number27 index26 alt2">
27</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># cat /etc/inittab</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash comments"># inittab is only used by upstart for the default runlevel.</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash comments">#</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash comments"># adding other configuration here will have no effect on your system.</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash comments">#</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash comments"># system initialization is started by /etc/init/rcs.conf</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash comments">#</code>
</div>
<div class="line number8 index7 alt1">
<code class="bash comments"># individual runlevels are started by /etc/init/rc.conf</code>
</div>
<div class="line number9 index8 alt2">
<code class="bash comments">#</code>
</div>
<div class="line number10 index9 alt1">
<code class="bash comments"># ctrl-alt-delete is handled by /etc/init/control-alt-delete.conf</code>
</div>
<div class="line number11 index10 alt2">
<code class="bash comments">#</code>
</div>
<div class="line number12 index11 alt1">
<code class="bash comments"># terminal gettys are handled by /etc/init/tty.conf and /etc/init/serial.conf,</code>
</div>
<div class="line number13 index12 alt2">
<code class="bash comments"># with configuration in /etc/sysconfig/init.</code>
</div>
<div class="line number14 index13 alt1">
<code class="bash comments">#</code>
</div>
<div class="line number15 index14 alt2">
<code class="bash comments"># for information on how to write upstart event handlers, or how</code>
</div>
<div class="line number16 index15 alt1">
<code class="bash comments"># upstart works, see init(5), init(8), and initctl(8).</code>
</div>
<div class="line number17 index16 alt2">
<code class="bash comments">#</code>
</div>
<div class="line number18 index17 alt1">
<code class="bash comments"># default runlevel. the runlevels used are:</code>
</div>
<div class="line number19 index18 alt2">
<code class="bash comments"># 0 - halt (do not set initdefault to this)</code>
</div>
<div class="line number20 index19 alt1">
<code class="bash comments"># 1 - single user mode</code>
</div>
<div class="line number21 index20 alt2">
<code class="bash comments"># 2 - multiuser, without nfs (the same as 3, if you do not have networking)</code>
</div>
<div class="line number22 index21 alt1">
<code class="bash comments"># 3 - full multiuser mode</code>
</div>
<div class="line number23 index22 alt2">
<code class="bash comments"># 4 - unused</code>
</div>
<div class="line number24 index23 alt1">
<code class="bash comments"># 5 - x11</code>
</div>
<div class="line number25 index24 alt2">
<code class="bash comments"># 6 - reboot (do not set initdefault to this)</code>
</div>
<div class="line number26 index25 alt1">
<code class="bash comments"># </code>
</div>
<div class="line number27 index26 alt2">
<code class="bash functions">id</code><code class="bash plain">:5:initdefault:</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
这里我们看到系统的默认启动级别是5,也就是有图形界面的那个。</p>
<p>
但是在现实生活中可能会出现这种问题,我们可能忘记了一台主机的root密码,但是我们又需要通过root用户登录该系统去处理一些事情,这个时候我们怎么办呢?我们看到在linux的启动级别中有一个单用户模式启动,也就是启动级别1,当我们如果忘记了root用户的秘密,但是又需要修改root密码的时候,这个时候我们就要通过在启动的时候给系统的内核传递一个参数 1 或者 single 来告诉内核,我需要以单用户模式登陆操作系统,这个时候我们就能能够通过passwd 命令来重设root用户的密码。具体操作是怎样的呢?咱们有图有有真像!!</p>
<p>
首先我们重启我们的系统(我这里是centos),然后在界面启动时让它停留一下,随便按一下键盘上的一个键,此时就会进入到操作系统配置引导界面<img style="max-width:100%!important;height:auto!important;"title="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" alt="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" src="https://zhuji.jb51.net/uploads/img/202305/7f58819e56ca0d6f492c77099a0d1744.jpg"></p>
<p>
还记得上一篇随笔里面/boot/grub/grub.conf这个文件里的第一个 title 字段吗? 没错,每一个title都是一个操作系统的配置选项,这里我们只有一个,也就是上面图片显示的那个,如果有多个title字段,这里就会列出来供我们选择不同的操作系统。</p>
<p>
好了,通过下面的英文提示我们发现按下键盘上的 e 键就可以进入到编辑界面<img style="max-width:100%!important;height:auto!important;"title="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" alt="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" src="https://zhuji.jb51.net/uploads/img/202305/6618b4220c3c4c07b64ac71f8c013caf.jpg"><br>
看到这个界面是不是很熟悉呢?没错,这三个选项就是我们 /boot/grub/grub.conf 文件里的配置信息,我们通过查看这个文件的内容来看一下:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_835861">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># cat /boot/grub/grub.conf</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash comments"># grub.conf generated by anaconda</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash comments">#</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash comments"># note that you do not have to rerun grub after making changes to this file</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash comments"># notice: you do not have a /boot partition. this means that</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash comments"># all kernel and initrd paths are relative to /, eg.</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash comments"># root (hd0,1)</code>
</div>
<div class="line number8 index7 alt1">
<code class="bash comments"># kernel /boot/vmlinuz-version ro root=/dev/sda2</code>
</div>
<div class="line number9 index8 alt2">
<code class="bash comments"># initrd /boot/initrd-version.img</code>
</div>
<div class="line number10 index9 alt1">
<code class="bash comments">#boot=/dev/sda</code>
</div>
<div class="line number11 index10 alt2">
<code class="bash plain">default=0</code>
</div>
<div class="line number12 index11 alt1">
<code class="bash plain">timeout=5</code>
</div>
<div class="line number13 index12 alt2">
<code class="bash plain">splashimage=(hd0,1)</code><code class="bash plain">/boot/grub/splash</code><code class="bash plain">.xpm.gz</code>
</div>
<div class="line number14 index13 alt1">
<code class="bash plain">hiddenmenu</code>
</div>
<div class="line number15 index14 alt2">
<code class="bash plain">title centos (2.6.32-358.el6.x86_64)</code>
</div>
<div class="line number16 index15 alt1">
<code class="bash spaces"> </code><code class="bash plain">root (hd0,1)</code>
</div>
<div class="line number17 index16 alt2">
<code class="bash spaces"> </code><code class="bash plain">kernel </code><code class="bash plain">/boot/vmlinuz-2</code><code class="bash plain">.6.32-358.el6.x86_64 ro root=uuid=6e24ec7a-2d19-466e-bacc-92750b1f4bef rd_no_luks rd_no_lvm lang=en_us.utf-8 rd_no_md sysfont=latarcyrheb-sun16 crashkernel=auto keyboardtype=pc keytable=us rd_no_dm rhgb quiet</code>
</div>
<div class="line number18 index17 alt1">
<code class="bash spaces"> </code><code class="bash plain">initrd </code><code class="bash plain">/boot/initramfs-2</code><code class="bash plain">.6.32-358.el6.x86_64.img</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
这时我们需要将光标移动到第二个选项,也就是linux内核那里,同样按下键盘上的 e 键进入到编辑界面,此时我们在后面追加参数 1 或者参数 single就可以告诉linux系统的内核,我需要以单用户的模式登陆该系统。<img style="max-width:100%!important;height:auto!important;"title="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" alt="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" src="https://zhuji.jb51.net/uploads/img/202305/7547ba1593849b16a48c108f4f1722d0.jpg"><br>
然后我们回车,进入到上层的界面,此时按下键盘上的 b 键就是启动操作系统,此时我们的linux操作系统就是以单用户的模式登陆了。我们发现系统非常快速的就进入到了命令行模式下的界面,因为单用户模式是不会启动任何服务的,同时也不需要输入root密码,就能直接进入到root用户下,此时我们就可以通过passwd 命令来重置我们的root用户的密码<img style="max-width:100%!important;height:auto!important;"title="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" alt="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" src="https://zhuji.jb51.net/uploads/img/202305/523f489e2311abfdb98b87e8d9f9f56f.jpg"><br>
然后我们通过exit命令就可以退出单用户模式,此时操作系统内核就会根据我们之前看到的 /etc/inittab 配置文件中设置的默认启动级别来启动。</p>
<p>
这样我们就可以通过在进入grub引导时在内核参数里面追加参数 1 或者 single 来进入单用户模式来修改我们的root用户密码。</p>
<p>
但是,请注意,因为上面的操作只需要通过单用户模式就可以修改我们的root用户密码,所以说一旦别人有机会接触到我们的服务器主机,那么root用户的密码就很容易被别人修改了,这样当然是非常的不安全的,所以我们还是需要通过grub加密来对开启一层密码防护。</p>
<p>
通过在 /boot/grub/grub.conf 启动配置中加入以下类似的代码来对grub进行加密:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_669265">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">password --md5 $1$6h92b1$pzopv63ktmk4uehzqtaz</code><code class="bash plain">//</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
其中后面那一串是md5加密算法,这个我们可以通过 grub-md5-crypt 这个命令来生成加密后的算法</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_935959">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># grub-md5-crypt </code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">password: </code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain">retype password: </code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain">$1$uga2b1$driidrvtegvg95fhhx4h./</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain"></code><code class="bash comments">#</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
在上面的password、retype password那里输入我们需要设置的密码,然后就能生成md5算法加密后的密码,我们将这个加密后的密码添加到</p>
<p>
/boot/grub/grub.conf 这个配置文件里即可,例如:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_915117">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># vi /boot/grub/grub.conf </code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">password --md5 $1$uga2b1$driidrvtegvg95fhhx4h./</code>
</div>
<div class="line number3 index2 alt2">
</div>
<div class="line number4 index3 alt1">
<code class="bash comments"># grub.conf generated by anaconda</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash comments">#</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash comments"># note that you do not have to rerun grub after making changes to this file</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash comments"># notice: you do not have a /boot partition. this means that</code>
</div>
<div class="line number8 index7 alt1">
<code class="bash comments"># all kernel and initrd paths are relative to /, eg.</code>
</div>
<div class="line number9 index8 alt2">
<code class="bash comments"># root (hd0,1)</code>
</div>
<div class="line number10 index9 alt1">
<code class="bash comments"># kernel /boot/vmlinuz-version ro root=/dev/sda2</code>
</div>
<div class="line number11 index10 alt2">
<code class="bash comments"># initrd /boot/initrd-version.img</code>
</div>
<div class="line number12 index11 alt1">
<code class="bash comments">#boot=/dev/sda</code>
</div>
<div class="line number13 index12 alt2">
<code class="bash plain">default=0</code>
</div>
<div class="line number14 index13 alt1">
<code class="bash plain">timeout=5</code>
</div>
<div class="line number15 index14 alt2">
<code class="bash plain">splashimage=(hd0,1)</code><code class="bash plain">/boot/grub/splash</code><code class="bash plain">.xpm.gz</code>
</div>
<div class="line number16 index15 alt1">
<code class="bash plain">hiddenmenu</code>
</div>
<div class="line number17 index16 alt2">
<code class="bash plain">title centos (2.6.32-358.el6.x86_64)</code>
</div>
<div class="line number18 index17 alt1">
<code class="bash spaces"> </code><code class="bash plain">root (hd0,1)</code>
</div>
<div class="line number19 index18 alt2">
<code class="bash spaces"> </code><code class="bash plain">kernel </code><code class="bash plain">/boot/vmlinuz-2</code><code class="bash plain">.6.32-358.el6.x86_64 ro root=uuid=6e24ec7a-2d19-466e-bacc-92750b1f4bef rd_no_luks rd_no_lvm lang=en_us.utf-8 rd_no_md sysfont=latarcyrheb-sun16 crashkernel=auto keyboardtype=pc keytable=us rd_no_dm rhgb quiet</code>
</div>
<div class="line number20 index19 alt1">
<code class="bash spaces"> </code><code class="bash plain">initrd </code><code class="bash plain">/boot/initramfs-2</code><code class="bash plain">.6.32-358.el6.x86_64.img</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
这个时候我们再次重启一下系统,试着进入到grub里面来看看<img style="max-width:100%!important;height:auto!important;"title="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" alt="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" src="https://zhuji.jb51.net/uploads/img/202305/1c15c2e39aba7f46774aeb374ae12d7c.jpg"><br>
我们发现下面的英文提示已经变了,之前可以按键盘上的 e 键进入到grub里面,现在按 e 键已经没用了,此时提示我们按 p 键来输入grub的密码才能进入到grub里面<img style="max-width:100%!important;height:auto!important;"title="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" alt="Linux学习之CentOS(二十二)--进入单用户模式下修改Root用户的密码" src="https://zhuji.jb51.net/uploads/img/202305/7644ce1074ff4ab9095ffddcbc366163.jpg"><br>
此时我们输入之前设置的grub密码即可,然后界面就会进入到我们熟悉的修改grub那里了。</p>
<p>
所以说通过grub的加密算法我们可以对进入grub进行加密,这样就能防止别人恶意进入单用户模式,从而修改root密码了!!</p>
<p>
当然,如果我们连这个grub的秘密都忘记的话,并且又忘记了root密码,那就真的不能登陆到root用户了。。。。</p>
<p>
本篇随笔主要记录了如何通过单用户模式来修改root用户的密码,并通过设置grub的md5加密算法来对进入grub进行加密,从而限制别人轻易进入单用户模式,在以后的学习linux过程中,将继续记录学习linux的心得!!!!</p>
頁:
[1]