Keeping your server admin password safe
If haven't experienced the problem of a lost administration password yet, it's a good idea to apply a precautionary measure. The following will help you avoid this:
- Log in as the user account with administrative privileges.
- Use sudo su to become root.
- Use the passwd command to set a password for root. Use a difficult password, but one that you will be sure to remember. Or even better: write it down and save it in a secure place, but don't make a habit of using it. It's for emergencies only.
If you lose the password for the user account that can sudo, just login as root and grant this user a new password.
Creating a new admin account
If you're having a problem getting access to your server with administrative privileges and you didn't follow the above procedure, here's how you can gain access again. First, you will log in as root using a rescue CD, and next you will recreate a user that has administrative permissions on your server.
- Boot from a rescue CD
- such as a Knoppix Rescue CD. It doesn't really matter what you use, as long as you can boot Linux and get access to a shell prompt. Make sure to mount the /dev and /proc directories and establish a chroot environment that points to your server's root directory.
- You are now root on your server's file system. Use the passwd command to reset the password for the user root. From now on, you have re-established access to the root account.
- Reboot your server without the Knoppix CD and verify that you can log in as root, using the password that you've just set.
- Recreate an administrative user account that is not root. If for example the name of this user account is linda, use
useradd -m linda. To use sudo to execute commands as root, you must make sure that the user account is a member of the group adm. To make a user with the name linda member of the group adm, use
usermod -G adm linda.
passwd lindato give the user you've just created a password. You have now re-established a user account that can be used to perform administration tasks on your server.
Here we have gone over how to get access to your server after losing access to the admin account. To fix this problem you need physical access to your server and something that boots a Linux shell and allows you to mount your server's file systems.
ABOUT THE AUTHOR: Sander van Vugt is an author and independent technical trainer, specializing in Linux since 1994. Vugt is also a technical consultant for high-availability (HA) clustering and performance optimization, as well as an expert on SLED 10 administration.
This was first published in October 2009