Clonezilla is a free imaging tool. That already rocks in itself. However, Clonezilla is based on a mini linux kernel (Debian based) which features shell access among many other things.
(Clonezilla official site)
Plus, as an imaging tool, a variety of raid card drivers and hard drive drivers are included. What this means: Clonezilla is an AWESOME recovery tool as well.
Here we do a simple task with Clonezilla: reset root password on a linux system!
Clonezilla is awesome. I have used it for many a sysadmin-y recovery task and hope that this is the first of at least a few tutorials on using Clonezilla for awesomeness.
Full comments/commentary/screenshots below!
Video Demo: Enjoy!
Screenshots and Commentary!
- Enter Shell for Clonezilla
- Choose Option (2) to “Enter command line prompt”
- Run fdisk -l to see all disks. In my case, then fdisk -l | grep “/dev/sd”. I can see three “Linux” formatted partitions on /dev/sda which is likely my OS disk. Then three other disks which are “Linux LVM” format, likely data filesystems that are LVM format
- fdisk -l /dev/sda lets you see that this is likely the OS disk (notice the swap partition).
- mount /dev/sda2 /mnt. /dev/sda2 are/dev/sda3 are candidates for being the partition I am looking for, with /dev/sda2 being the likely correct filesystem. So here we mount it to /mnt.
- cd /mnt, ls shows us this is the OS disk. From here we can see the existence of the OS /etc/passwd (currently /mnt/etc/passwd) and /etc/shadow (currently /mnt/etc/shadow) files as well.
- more /mnt/etc/shadow. Taking a peek
Here’s the plan:
We are currently booted up into a Clonezilla kernel, with its own /etc/passwd and /etc/shadow files. Remember the OS we are trying to reset the root password for is in /mnt/etc/passwd and /mnt/etc/shadow.
We are going to change the password for a Clonezilla user to a password we know. The encrypted form of that password will show up in Clonezilla’s /etc/shadow file. We will copy that encrypted password to our OS /etc/shadow (currently /mnt/etc/shadow) and copy that to root’s entry.
And that’s that!
- cp -p /mnt/etc/shadow /mnt/etc/shadow.YYYYMMDD. IMPORTANT: CREATE A BACKUP! And make sure to create it in /mnt (the actual OS disk) and not in the Clonezilla mini kernel.
- cd /etc, more passwd. Now we are going to look at the Clonezilla passwd file and NOT the OS passwd file. Reason being we are going to change the password on a Clonezilla user. I am checking the passwd files for a list of users. The user “user” is a good candidate to use.
- grep user /etc/shadow, passwd user, grep user /etc/shadow. Here we change the password for the Clonezilla kernel “user”. We are checking the /etc/shadow file to make sure the password changed.
- grep user /etc/shadow >> /mnt/etc/shadow will copy the Clonezilla user “user” entry to our OS shadow file. IMPORTANT: Remember to use TWO “>>” and not ONE “>” so you append, not overwrite. (But in case you do overwrite, that’s why we made the backup copy)
- vi /mnt/etc/shadow. Here you will see at the bottom the entry for “user”.
- Move the “user” entry next to the “root” entry. More for organizational sake and less confusion for the next person who looks in this file.
- Rename “root” to “root1″, Rename “user” to “root”. This way we keep a backup of the previous “root” password (just in case we need it!) and have labeled it as the password for a non-existent user “root1″. Then by renaming “user” to “root” we now know the “root” password for the OS.
- After saving file, cd /, umount /mnt, exit, exit. We are done, basically exiting out now.
- Enter_shell, (1) Reboot. Clonezilla makes you jump a few more hoops. After you exit the shell, it takes you back to the first “Start Clonezilla” screen. From here go back to the shell then choose the reboot option
SUCCESS! DONE! Have fun, play around, good luck!