1

I lost the root password for a guest system.

I mounted the guest system and changed it to single user mode. Then I used virsh console to access the guest system, which was now in single user mode, and used a command echo "root":"123456" | chpasswd to reset the password.

However, after the guest system rebooted, I couldn't access it. The new password was incorrect (Login incorrect). However, if I mount the guest system again in host, and call chroot, I verified that the new password was working by switching to a regular account, and switching back to root and entered the new password.

Both the server version and guest version of OS are the latest centos version.

msanford
  • 1,427
  • 15
  • 27
Purres
  • 239
  • 1
  • 4
  • 18
  • What do the logs in the guest tell you? – Michael Hampton Jun 07 '13 at 01:59
  • Jun 6 17:15:37 guest34 kernel: type=1400 audit(1370564137.621:16): avc: denied { read } for pid=1057 comm="login" name="passwd" dev=vda1 ino=18194 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file – Purres Jun 07 '13 at 02:21

1 Answers1

0

You've posted an SELinux denial, wherein login is being denied access to read /etc/passwd. From looking at the log entry I can see that it has an invalid security context (it should be passwd_file_t, not file_t; did you manually edit this file?).

I recommend you fix the security context on /etc/passwd (and the rest of the system just to be safe).

To fix invalid security contexts, chroot back into the filesystem and then run:

restorecon -r -v /

If this fails (e.g. because SELinux is not running in your chroot) then

touch /.autorelabel

and reboot the VM, to have it relabeled at the next reboot.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • Thanks, it's fixed after running 'restorecon -r -v /' in single user mode. Here's the restoring log: restorecon reset /etc/shadow context system_u:object_r:file_t:s0->system_u:object_r:shadow_t:s0 restorecon reset /etc/passwd context system_u:object_r:file_t:s0->system_u:object_r:etc_t:s0 – Purres Jun 07 '13 at 02:45
  • Close enough. Remember to mark the question as solved by clicking the outline of the check mark next to the answer that resolved the problem for you. – Michael Hampton Jun 07 '13 at 02:49
  • The next question is why would linux read /etc/passwd file when I try login? – Purres Jun 07 '13 at 02:50
  • Because it has all the information about your user account, like your uid and gid and home directory. – Michael Hampton Jun 07 '13 at 02:50