reset password: bug in the manual?
Hello there!
back from holidays, I tried to log in myt Bazzite box... and forgot my user password.
Dig a bit in Bazzite's doc and found the proc: boot in bash, passwd... business a ususal.
But it did not work!
- I tried a first time, then reboot. Still can not connect.
- Reboot, double check the doc, retry to reset, and check
/etc/shadow before and after passwd command to check if password is really updated.
- Ok, the hash is different, so password must be updated.
- As an experimented guy, i take a photo of the hash... just in case... you know, it smell smoke at the moment π
- Reboot & login: password still wrong
- Yes, smoke.
- Reboot to /init/bash : The password is NOT the one i thought (As I said I took a picture previously).
- Conclusion: I'm missing something or something is missing somewhere. The password is NOT updated with the official procedure.
My thoughts : FS is read only and /etc/ files cannot be updated in init /bin/bash. A command or config is missing to be able to reset my password.
Any clue or advise for me dear community?
Thanks & have a nice day βοΈποΈ21 Replies
I used the password reset guide, it works. Use a simple password with only US English letters and/or numbers, there may be a keyboard layout issue.
Did you follow all the instructions in the guide, including the selinux bits?
Yes @mrvictorywin (Ping on reply) , very basic password.
And, not a KB layout issue (I test to enter my password on command before using
passwd line to check if 'a' is real a and not 'q' :p, nothing on this side)
Yes @Zed , I strictely observe all steps. Enough time to memorized it π
Worth checking π
Sure!
What is weird si the
/etc/shadownot same between two reboot?That's why I was asking about selinux: if you don't do selinux steps, what will happen is your password in /etc/shadow will be updated, but selinux contexts will not be applied: so your password was changed, but the system doesn't have the policy to allow access to the file.
hmmm
But the file is changed on the 'init=/bin/bash' session
I if reboot, this change is over...
Oh, so: initial session: password hash is the original -> bin/bash session: hash gets updated -> reboot: hash is back to original?
Yes
I'd be curious what the output of ls -Z /etc/shadow is (before & after the passwd step)
True, i will give output
But not in front of my computer right now π
Hi there!
Hi @Zed !
Little update on my issue!
Here is the check requested:
But I was wrong on one point: the password is kept between reboot!
This screenshot has been take just after reboot from previous password modification :
You can see that string for user greg is exactly same before and after reboot
So /etc/shadow is updated I think
But SDDM or TTY does not care...
I'm sure it's not a keyboard issue (I used basic letters and try in clear on bash and sddm to be sure)
So
I dig on fedora universalblue side
And I found this https://docs.fedoraproject.org/en-US/quick-docs/reset-root-password/
Fedora Docs
How to Reset the root Password
A root password may be set up while installing Fedora Linux, although it is now suggested to leave the root account locked and use sudo. This article describes how toβ¦
Worth to try and... IT WORKED !!
My password change have been take in account after this step!
I've made a PR to update the doc
Thanks for your help!
Glad you got it working -- I might suggest a change to that PR, however, this:
Tells me that you almost certainly at some point tried to change the passwd in the rescue env without the selinux steps (only really takes once: perhaps you tried a different method initially?)
The docs should work: the PR adds a step that should only be needed if things went wrong. It's probably good to include as info, as it's a really easy mistake to make, but shouldn't normally be needed, I'm pretty positive.
This could be the culprit, I did use the password reset guide and had no problems
It's super easy to screw up, because simply trying to use a different guide that doesn't take it into account screws up the ability for the bazzite guide to work. So some sort of check of the env probably saves some sanity (saw this same thing happen on the Fedora discord 2 days ago, so I imagine it's not uncommon).
Hello there!
You're absolutely right @Zed !
The very first time, I've made things on my own: init=/bin/bash, passwd, reboot... As I did thousand times before on various GNU/Linux box.
Then it did not work, so I RTFM and noticed the selinux steps. Ok, piece of cake, let's do it.
Then it did not work again.
And now I understand this is because of my underskill around SELinux, not because of the doc! I should read one doc or two about SELinux !
Thx again men!!
Yes @mrvictorywin (Ping on reply) , a guy on github suggest to modify my PR with a
restorecon /etc/shadow instead for the noob like me!