Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Resetting a Password Using chroot

DZone's Guide to

Resetting a Password Using chroot

Do you do a lot of work in a Linux-based environment? Read on to see how one dev team reset their password using the chroot Linux command.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

chroot has quite a unique history. The chroot system call was the first major step towards process-level virtualization, i.e. providing an isolated environment for a process (though only at the file system level). Virtualization is an enabler for cloud computing. You can read more about chroot here. Let's look at a real-life real scenario where chroot helped my team.

Problem

During my first post-graduate development job, my team faced a situation where we had to reset a password for a system as the old password was not known. This system was being used for virtualization-related research. This system was installed for a particular virtualization patched kernel and many other utilities and their configs were set up. To recreate the same environment would have taken many days.

Attempts

The first thing we tried was single user mode. We came to realize that it was also protected by a password.

Next, we asked ourselves if we should copy everything using the OS that was currently installed on the system. With this approach, we would have had to backup of all the data. Later, we could have recreated the same environment. But the problems with this approach are that it is time-consuming and it's easy to miss a step.

Just a few days before we came across this problem, I had solved a problem usingchroot in which I was able to run an Ubuntu-12 application in Ubuntu-14. In Linux, the passwd command updates the hash value inside /etc/passwd. The idea was to update the /etc/passwd file using the current OS. The catch here is making sure that passwd updated our system's file instead of the OS.

The steps we followed are listed below:

  1. Bootup your machine using your OS.

  2. Mount the volume of the installed OS.

    1. Let's assume that we have mounted it to @location /mnt/OS

  3. Perform chroot after binding a set of directories:

    • sudo mount --bind /dev /mnt/OS/dev 

    • sudo mount --bind /dev/pts /mnt/OS/dev/pts 

    • sudo mount --bind /proc /mnt/OS/proc 

    • sudo mount --bind /sys /mnt/OS/sys 

    • sudo chroot /mnt/OS 

  4. Run the passwd command and set a new password.

  5. Perform the operations enumerated in Step 3, but in reverse order:

    • sudo umount /mnt/OS/sys 

    • sudo umount /mnt/OS/proc 

    • sudo umount /mnt/OS/dev/pts 

    • sudo umount /mnt/OS/dev 

  6. Reboot the system and try the updated password.

Other Use Cases for chroot 

  • Using applications that are compatible with either an OS version that is older or newer than your current OS.

    • For example, running Eclipse installed for Ubuntu-12 inside Ubuntu-14 without installing any new packages.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
chroot ,linux ,unix ,security ,password security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}