On 07/03/13 08:49, Sergio Ballestrero wrote:
> 
> On 7 Mar 2013, at 05:12, g wrote:
> 
>> greetings.
>>
>> system is an install of sl6.3 i386 from a livedvd.
>>
>> during attempt to create another 'livedvd 2 usb', i have run into an
>> interesting problem after getting knocked out of grub booting.
>>
>> long story to short, booted 6.3 livecd installation.
>>
>>   mount /dev/sdb2 -t ext4 /media/livedvd
>>   cd /media/livedvd/etc
>>
>> removed passwords from '/etc/shadow',
>>
>>   cd /boot/grub
>>
>> modified '/boot/grub/grub.conf' to include 'livedvd' @ hd1,1.
>>
>> ran;
>>
>>   grub-install /dev/sda
>>
>> then rebooted system.
>>
>> now, i can boot into livedvd installation, but i can not restore
>> passwords.
>>
>> attempts where made from level 5, down to level 1. all failed with
>> error message;
>>
>>  passwd: Authentication token manipulation error.
>>
>> so how do i go about setting passwords back?
> 
> try to replace it (use chroot and passwd) instead of just removing it.
> 
> also, you may not need the live CD, just boot with init=/bin/bash and
> then mount -oremount,rw / 
> So much for security if you haven't set a grub password ;-)

Grub passwords won't safeguard you against LiveCD's and chroot though
... But encrypting the filesystem which contains /etc will help you out
there.

On the other hand, if this is a server installation this usually isn't a
problem.  Servers are usually installed in a server room with
(hopefully) limited access.  On workstations and (in particular)
laptops, encrypted root filesystem is the best solution.


--
kind regards,

David Sommerseth