I have a Debian install on which I have only one EXPLICIT (=
created) user, say Pippo, with full sudoer and "admin" rights.
I still have its password correct, but I fail to reliably
login as Pippo + correct password.

Then it is an "implicit" root user, which seems to have a
different password I forgot.

The bad thing is : in recovery mode at boot it is the only
one it asks for to do maintenance, despite Pippo having root
/ admin privileges too (it does not asks to Login, and don't
accept Pippo's PWD, it asks for ROOT PWD alone).

So, now for a Miracle I am logged in as Pippo, which has
roor rights (it is a sudoer).

Can I recover the root passeword ?
If not, can I reset from Pippo logged in ?

TNX for hints

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

On 15/09/2023 16:38, MarioCCCP wrote:
>
> I have a Debian install on which I have only one EXPLICIT (= created)
> user, say Pippo, with full sudoer and "admin" rights.
> I still have its password correct, but I fail to reliably login as Pippo
> + correct password.
>
>
> Then it is an "implicit" root user, which seems to have a different
> password I forgot.
>
> The bad thing is : in recovery mode at boot it is the only one it asks
> for to do maintenance, despite Pippo having root / admin privileges too
> (it does not asks to Login, and don't accept Pippo's PWD, it asks for
> ROOT PWD alone).
>
> So, now for a Miracle I am logged in as Pippo, which has roor rights (it
> is a sudoer).
>
> Can I recover the root passeword ?
> If not, can I reset from Pippo logged in ?
>
> TNX for hints
>
>
>

Try it! 'passwd root'

--
Chris Elvidge
England

On 15/09/2023 16:38, MarioCCCP wrote:
>
> I have a Debian install on which I have only one EXPLICIT (= created)
> user, say Pippo, with full sudoer and "admin" rights.
> I still have its password correct, but I fail to reliably login as Pippo
> + correct password.
>
>
> Then it is an "implicit" root user, which seems to have a different
> password I forgot.
>
> The bad thing is : in recovery mode at boot it is the only one it asks
> for to do maintenance, despite Pippo having root / admin privileges too
> (it does not asks to Login, and don't accept Pippo's PWD, it asks for
> ROOT PWD alone).
>
> So, now for a Miracle I am logged in as Pippo, which has roor rights (it
> is a sudoer).
>
> Can I recover the root passeword ?
> If not, can I reset from Pippo logged in ?
>
> TNX for hints
>
>
>

Or 'sudo -i' and then 'passwd'

--
Chris Elvidge
England

On 9/15/2023 11:38 AM, MarioCCCP wrote:
>
> I have a Debian install on which I have only one EXPLICIT (= created) user, say Pippo, with full sudoer and "admin" rights.
> I still have its password correct, but I fail to reliably login as Pippo + correct password.
>
>
> Then it is an "implicit" root user, which seems to have a different password I forgot.
>
> The bad thing is : in recovery mode at boot it is the only one it asks for to do maintenance, despite Pippo having root / admin privileges too (it does not asks to Login, and don't accept Pippo's PWD, it asks for ROOT PWD alone).
>
> So, now for a Miracle I am logged in as Pippo, which has roor rights (it is a sudoer).
>
> Can I recover the root passeword ?
> If not, can I reset from Pippo logged in ?
>
> TNX for hints
>

During the installation process, you may have seen a page like this.

[Picture]

https://i.postimg.cc/P5mmLKj4/debian-proof-root-lives-there.gif

In it, you are defining a root account.

This means, we expect to see entries in

/etc/passwd
/etc/shadow

The string in /etc/shadow, might be taken into Kali if
you wanted to "crack" the password.

This article, does not do justice to the topic. This might
have been what I was testing on my Kali. I'm hopeless with this stuff...

https://en.wikipedia.org/wiki/John_the_Ripper

I could never get the video card acceleration working,
so the brute forcing was "as slow as molasses".

The strings in /etc/shadow, if two accounts use the same password,
the strings in there will be different. The whole idea of storing
them like that, is so there is "little to go on" when seeking to crack them.

A command such as "passwd root" is only going to work
if the root account exists. And we can see in the /etc/passwd
file, that my installation does have a root account.

Here, you can see me trying to effect change.

bullwinkle@GREPVILLE:~$ passwd root
passwd: You may not view or modify password information for root. <=== not as an ordinary user

bullwinkle@GREPVILLE:~$ su root
Password:
root@GREPVILLE:/home/bullwinkle# passwd root <=== easy to change passwd, when you are root!
New password:
Retype new password:
passwd: password updated successfully
root@GREPVILLE:/home/bullwinkle#

Paul

On 15/09/2023 20.46, Paul wrote:

> bullwinkle@GREPVILLE:~$ su root
> Password:

As the OP don't have the root password, this will not work, instead he
would need to run

sudo -i

> root@GREPVILLE:/home/bullwinkle# passwd root <=== easy to change passwd, when you are root!
> New password:
> Retype new password:
> passwd: password updated successfully
> root@GREPVILLE:/home/bullwinkle#

or he could just do:
sudo passwd root

--
//Aho

On 9/15/2023 6:57 PM, J.O. Aho wrote:
> On 15/09/2023 20.46, Paul wrote:
>
>> bullwinkle@GREPVILLE:~$ su root
>> Password:
>
> As the OP don't have the root password, this will not work, instead he would need to run
>
> sudo -i
>
>> root@GREPVILLE:/home/bullwinkle# passwd root       <=== easy to change passwd, when you are root!
>> New password:
>> Retype new password:
>> passwd: password updated successfully
>> root@GREPVILLE:/home/bullwinkle#
>
> or he could just do:
> sudo passwd root
>

sudo is not enabled on Debian by default.

If a user does not notice this, there will be
significant problems later. Installing sudo would
have been easy -- back when the root account
details were known.

I notice the screenshot of the Debian installer,
even has a *screenshot* button in the interface,
so you can take a picture of your root password selection
while doing the OS install. I never noticed that before.
I presume the screenshot image collected, is stored somewhere useful.

Paul

On 15/09/23 19:11, Chris Elvidge wrote:
> On 15/09/2023 16:38, MarioCCCP wrote:
>>
>> I have a Debian install on which I have only one EXPLICIT
>> (= created) user, say Pippo, with full sudoer and "admin"
>> rights.
>> I still have its password correct, but I fail to reliably
>> login as Pippo + correct password.
>>
>>
>> Then it is an "implicit" root user, which seems to have a
>> different password I forgot.
>>
>> The bad thing is : in recovery mode at boot it is the only
>> one it asks for to do maintenance, despite Pippo having
>> root / admin privileges too (it does not asks to Login,
>> and don't accept Pippo's PWD, it asks for ROOT PWD alone).
>>
>> So, now for a Miracle I am logged in as Pippo, which has
>> roor rights (it is a sudoer).
>>
>> Can I recover the root passeword ?
>> If not, can I reset from Pippo logged in ?
>>
>> TNX for hints
>>
>>
>>
>
> Or 'sudo -i' and then 'passwd'
>

In the former post you suggested this cmd. Try it! 'passwd root'
Silly me for not having studied it before trying ... I
imagined it would SHOW the current password, not to try to
change it. :\
So the solution is to reset it, but before trying I have to
clarify some things VERY CONFUSED TO ME.

Particularly : the difference of the root keyword AS A ROLE
vs AS A DEFAULT USERNAME (with the implicit root ROLE).

As I said in the intro.
I do have a known account (pippo) with also ROOT ROLE, and
that pwd works

Then It seems to exist a root account (root username) with
root role, which was not explicitely created. (but when
logged in sees a different home folder (different from
home/pippo ... so it seems to be a real username)

during boot problems, it is this latter password that is
being asked.

So my question is : how to reset SPECIFICALLY this root
(username AND role) password ?
If I am logged in as Pippo via SUDO -i, have I excaled the
"role", enabling root privileges, but always being Pippo, or
have I really logged in as root (username and role) ?

tnx for every clafification.

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

On 16/09/23 00:57, J.O. Aho wrote:
> On 15/09/2023 20.46, Paul wrote:
>
>> bullwinkle@GREPVILLE:~$ su root
>> Password:
>
> As the OP don't have the root password, this will not work,
> instead he would need to run
>
> sudo -i
exactly !!! I manage to excalate privilege by means of Pippo
being in sudoer and having ROOT "ROLE", but I fail to
perform "SU" and to be logged in as the "original" root user.
So I replicate the question also posed to Chris Elvidge :
logged in as Pippo and having excalate role (impersonating
root) with SUDO -i, can I reset the "TRUE" root password ? I
mean, not Pippo's root one, but default username=root's
password ?
I am prudent risking to make some unrecoverable mess in a
system that has just incurred into graphical problems during
boot (I manage to login only with the former kernel in
recovery mode).
I have completed a distro upgrade from bullseye to bookworm
recently, and sth must have gone bad :\

>
>> root@GREPVILLE:/home/bullwinkle# passwd root       <===
>> easy to change passwd, when you are root!
>> New password:
>> Retype new password:
>> passwd: password updated successfully
>> root@GREPVILLE:/home/bullwinkle#
>
> or he could just do:
> sudo passwd root
>
--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

On 16/09/23 03:25, Paul wrote:
> On 9/15/2023 6:57 PM, J.O. Aho wrote:
>> On 15/09/2023 20.46, Paul wrote:
>>
>>> bullwinkle@GREPVILLE:~$ su root
>>> Password:
>>
>> As the OP don't have the root password, this will not work, instead he would need to run
>>
>> sudo -i
>>
>>> root@GREPVILLE:/home/bullwinkle# passwd root       <=== easy to change passwd, when you are root!
>>> New password:
>>> Retype new password:
>>> passwd: password updated successfully
>>> root@GREPVILLE:/home/bullwinkle#
>>
>> or he could just do:
>> sudo passwd root
>>
>
> sudo is not enabled on Debian by default.
lukily my only user Pippo is a sudoer and is added to any
group. In practice should be able to edit everything in the
system.
My doubt is : I don't need to alter ITS root password, but
the original root password of the default user.
>
> If a user does not notice this, there will be
> significant problems later. Installing sudo would
> have been easy -- back when the root account
> details were known.
>
> I notice the screenshot of the Debian installer,
> even has a *screenshot* button in the interface,
> so you can take a picture of your root password selection
> while doing the OS install. I never noticed that before.
> I presume the screenshot image collected, is stored somewhere useful.
>
> Paul
--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

Am 15.09.2023 um 17:38:36 Uhr schrieb MarioCCCP:

> Then it is an "implicit" root user, which seems to have a
> different password I forgot.

Boot a linux live system (e.g. Debian).
Mount your root file system to /mnt.

Then "chroot /mnt" as root in the live system.
Then "passwd root" and set a new password.

On 16/09/2023 03.25, Paul wrote:
> On 9/15/2023 6:57 PM, J.O. Aho wrote:
>> On 15/09/2023 20.46, Paul wrote:
>>
>>> bullwinkle@GREPVILLE:~$ su root
>>> Password:
>>
>> As the OP don't have the root password, this will not work, instead he would need to run
>>
>> sudo -i
>>
>>> root@GREPVILLE:/home/bullwinkle# passwd root       <=== easy to change passwd, when you are root!
>>> New password:
>>> Retype new password:
>>> passwd: password updated successfully
>>> root@GREPVILLE:/home/bullwinkle#
>>
>> or he could just do:
>> sudo passwd root
>>
>
> sudo is not enabled on Debian by default.

That don't matter as Mario had already installed sudo and given his user
the right to assume root.

He wrote in the original post: "I have only one EXPLICIT (= created)
user, say Pippo, with full sudoer and "admin" rights."

--
//Aho

On 16/09/2023 10.13, MarioCCCP wrote:
> On 16/09/23 00:57, J.O. Aho wrote:
>> On 15/09/2023 20.46, Paul wrote:
>>
>>> bullwinkle@GREPVILLE:~$ su root
>>> Password:
>>
>> As the OP don't have the root password, this will not work, instead he
>> would need to run
>>
>> sudo -i
>
> exactly !!! I manage to excalate privilege by means of Pippo being in
> sudoer and having ROOT "ROLE", but I fail to perform "SU" and to be
> logged in as the "original" root user.

"sudo -i" will give you the same as "su -", you will be root.

> So I replicate the question also posed to Chris Elvidge : logged in as
> Pippo and having excalate role (impersonating root) with SUDO -i, can I
> reset the "TRUE" root password ? I mean, not Pippo's root one, but
> default username=root's password ?

There is just one root password, pippo's password is it's own (same
password in /etc/shadows is used, no matter if it's to login to the
pippo account or if the pippo users uses sudo).

using "sudo passwd root", then you will be sure that it's the root
password you want to change, sudo will see to that it's executed with
the root uid.

> I am prudent risking to make some unrecoverable mess in a system that
> has just incurred into graphical problems during boot (I manage to login
> only with the former kernel in recovery mode).
> I have completed a distro upgrade from bullseye to bookworm recently,
> and sth must have gone bad :\

If you are using non ASCII characters in your password, then it can be
as simple as your old password was written with ISO-charset and now the
system is using UTF-charset, which makes that ð != ð
To be sure a password always works no matter charset, then use only
those listed in ASCII table (not extended), if you want more secure
password, then use special characters provided by UTF-8.

--
//Aho

On 16/09/23 10:17, Marco Moock wrote:
> Am 15.09.2023 um 17:38:36 Uhr schrieb MarioCCCP:
>
>> Then it is an "implicit" root user, which seems to have a
>> different password I forgot.
>
> Boot a linux live system (e.g. Debian).
> Mount your root file system to /mnt.
>
> Then "chroot /mnt" as root in the live system.
> Then "passwd root" and set a new password.
>

is it compulsori to use a live ?
I have another MX 21 (wildflower) on the same machine,
booting well, and I edited fstab to mount automatically the
Debian partition.
Also, MX has a "gui" CHROOT tool.
Is there any risk to modify debian using that ? I ask
because the main goal I keep two system on a machine, is
exactly the possibility to make some reciprocal mainteinance ...

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

On 16/09/2023 09:13, MarioCCCP wrote:
> On 16/09/23 00:57, J.O. Aho wrote:
>> On 15/09/2023 20.46, Paul wrote:
>>
>>> bullwinkle@GREPVILLE:~$ su root
>>> Password:
>>
>> As the OP don't have the root password, this will not work, instead he
>> would need to run
>>
>> sudo -i
>
> exactly !!! I manage to excalate privilege by means of Pippo being in
> sudoer and having ROOT "ROLE", but I fail to perform "SU" and to be
> logged in as the "original" root user.
>
> So I replicate the question also posed to Chris Elvidge : logged in as
> Pippo and having excalate role (impersonating root) with SUDO -i, can I
> reset the "TRUE" root password ? I mean, not Pippo's root one, but
> default username=root's password ?

'sudo -i' will make you root
'passwd' will then allow you to change root's password
'exit' will then take you back to pippo

> I am prudent risking to make some unrecoverable mess in a system that
> has just incurred into graphical problems during boot (I manage to login
> only with the former kernel in recovery mode).
> I have completed a distro upgrade from bullseye to bookworm recently,
> and sth must have gone bad :\
>
>
>>
>>> root@GREPVILLE:/home/bullwinkle# passwd root <=== easy to
>>> change passwd, when you are root!
>>> New password:
>>> Retype new password:
>>> passwd: password updated successfully
>>> root@GREPVILLE:/home/bullwinkle#
>>
>> or he could just do:
>> sudo passwd root
>>
>

--
Chris Elvidge, England
I WILL NOT BURY THE NEW KID

Groovy hepcat Chris Elvidge was jivin' in alt.os.linux on Sat, 16 Sep
2023 03:08 am. It's a cool scene! Dig it.

> On 15/09/2023 16:38, MarioCCCP wrote:
>>
>> So, now for a Miracle I am logged in as Pippo, which has roor rights
>> (it is a sudoer).
>>
>> Can I recover the root passeword ?
>> If not, can I reset from Pippo logged in ?
>
> Try it! 'passwd root'

Or, better still, 'sudo passwd root'.

--

----- Dig the NEW and IMPROVED news sig!! -----

-------------- Shaggy was here! ---------------
Ain't I'm a dawg!!

On 15/09/23 17:38, MarioCCCP wrote:
>
> I have a Debian install on which I have only one EXPLICIT (=
> created) user, say Pippo, with full sudoer and "admin" rights.
> I still have its password correct, but I fail to reliably
> login as Pippo + correct password.
>
>
> Then it is an "implicit" root user, which seems to have a
> different password I forgot.
>
> The bad thing is : in recovery mode at boot it is the only
> one it asks for to do maintenance, despite Pippo having root
> / admin privileges too (it does not asks to Login, and don't
> accept Pippo's PWD, it asks for ROOT PWD alone).
>
> So, now for a Miracle I am logged in as Pippo, which has
> roor rights (it is a sudoer).
>
> Can I recover the root passeword ?
> If not, can I reset from Pippo logged in ?
>
> TNX for hints
>
>
>

update : I evidently failed to diagnose the problem. There
must be sth very wrong somewhere.

I managed to login loading the former kernel in recovery
mode. This procedure does not always work, as I have to skip
the "GIVE ROOT PASSWORD" request at least some times with
pwds not being accepted and then follow the alternative "OR
PRESS CTRL+D TO CONTINUE" (which sometimes works, if not I
reboot the harsh way).
Anyway, I logged in.
Then, at Pippo sudo -i, I reset the root password as many
suggested. And it worked once logged in, in fact it allowed
to also excalate doing SU (not sudo), which formerly was not
allowed.

On reboot, though, the newest kernel fails to load, it get
stuck and unresponsive to any keyboard event
(CTRL+ALT+F1...F3, ALTGR+SYSRQ then RSEISUB, CTRL+ALT+BCKSP,
CTRL+ALT+CANC) : no response.
If i try to load the former kernel, and again it asks for
some not precised maintenance, IT STILL REFUSES TO ACCEPT
THE FRESLY RESET PWD. Since the reset pwd is equal to
Pippo's SUDO one, there seem no viable pwd able to enter in
maintenance mode ...
I dunno what the system has. I tried some random things as
update-grub, update-initramfs -u, chkboot. But nothing changes.

Maybe the password not recognized is the tip of an iceberg ...

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

On 9/16/2023 1:06 PM, MarioCCCP wrote:
> On 15/09/23 17:38, MarioCCCP wrote:
>>
>> I have a Debian install on which I have only one EXPLICIT (= created) user, say Pippo, with full sudoer and "admin" rights.
>> I still have its password correct, but I fail to reliably login as Pippo + correct password.
>>
>>
>> Then it is an "implicit" root user, which seems to have a different password I forgot.
>>
>> The bad thing is : in recovery mode at boot it is the only one it asks for to do maintenance, despite Pippo having root / admin privileges too (it does not asks to Login, and don't accept Pippo's PWD, it asks for ROOT PWD alone).
>>
>> So, now for a Miracle I am logged in as Pippo, which has roor rights (it is a sudoer).
>>
>> Can I recover the root passeword ?
>> If not, can I reset from Pippo logged in ?
>>
>> TNX for hints
>>
>>
>>
>
> update : I evidently failed to diagnose the problem. There must be sth very wrong somewhere.
>
> I managed to login loading the former kernel in recovery mode. This procedure does not always work, as I have to skip the "GIVE ROOT PASSWORD" request at least some times with pwds not being accepted and then follow the alternative "OR PRESS CTRL+D TO CONTINUE" (which sometimes works, if not I reboot the harsh way).
> Anyway, I logged in.
> Then, at Pippo sudo -i, I reset the root password as many suggested. And it worked once logged in, in fact it allowed to also excalate doing SU (not sudo), which formerly was not allowed.
>
> On reboot, though, the newest kernel fails to load, it get stuck and unresponsive to any keyboard event
> (CTRL+ALT+F1...F3, ALTGR+SYSRQ then RSEISUB, CTRL+ALT+BCKSP, CTRL+ALT+CANC) : no response.
> If i try to load the former kernel, and again it asks for some not precised maintenance, IT STILL REFUSES TO ACCEPT THE FRESLY RESET PWD. Since the reset pwd is equal to Pippo's SUDO one, there seem no viable pwd able to enter in maintenance mode ...
> I dunno what the system has. I tried some random things as update-grub, update-initramfs -u, chkboot. But nothing changes.
>
> Maybe the password not recognized is the tip of an iceberg ...

The password is stored in /etc/passwd and /etc/shadow.

If the slash file system is not mounted at that point
in time, perhaps the stored value of the password is
not accessible.

Using your fallback (working) setup, perhaps you
could paste some of the

inxi -F

output for the audience.

Paul

On 16/09/23 20:24, Paul wrote:
> On 9/16/2023 1:06 PM, MarioCCCP wrote:
>> On 15/09/23 17:38, MarioCCCP wrote:
>>>
>>> I have a Debian install on which I have only one EXPLICIT (= created) user, say Pippo, with full sudoer and "admin" rights.
>>> I still have its password correct, but I fail to reliably login as Pippo + correct password.
>>>
>>>
>>> Then it is an "implicit" root user, which seems to have a different password I forgot.
>>>
>>> The bad thing is : in recovery mode at boot it is the only one it asks for to do maintenance, despite Pippo having root / admin privileges too (it does not asks to Login, and don't accept Pippo's PWD, it asks for ROOT PWD alone).
>>>
>>> So, now for a Miracle I am logged in as Pippo, which has roor rights (it is a sudoer).
>>>
>>> Can I recover the root passeword ?
>>> If not, can I reset from Pippo logged in ?
>>>
>>> TNX for hints
>>>
>>>
>>>
>>
>> update : I evidently failed to diagnose the problem. There must be sth very wrong somewhere.
>>
>> I managed to login loading the former kernel in recovery mode. This procedure does not always work, as I have to skip the "GIVE ROOT PASSWORD" request at least some times with pwds not being accepted and then follow the alternative "OR PRESS CTRL+D TO CONTINUE" (which sometimes works, if not I reboot the harsh way).
>> Anyway, I logged in.
>> Then, at Pippo sudo -i, I reset the root password as many suggested. And it worked once logged in, in fact it allowed to also excalate doing SU (not sudo), which formerly was not allowed.
>>
>> On reboot, though, the newest kernel fails to load, it get stuck and unresponsive to any keyboard event
>> (CTRL+ALT+F1...F3, ALTGR+SYSRQ then RSEISUB, CTRL+ALT+BCKSP, CTRL+ALT+CANC) : no response.
>> If i try to load the former kernel, and again it asks for some not precised maintenance, IT STILL REFUSES TO ACCEPT THE FRESLY RESET PWD. Since the reset pwd is equal to Pippo's SUDO one, there seem no viable pwd able to enter in maintenance mode ...
>> I dunno what the system has. I tried some random things as update-grub, update-initramfs -u, chkboot. But nothing changes.
>>
>> Maybe the password not recognized is the tip of an iceberg ...
>
> The password is stored in /etc/passwd and /etc/shadow.
>
> If the slash file system is not mounted at that point
> in time, perhaps the stored value of the password is
> not accessible.

strange enough it asks for a password then, if it wouldn't
be able to check it no matter what ...

>
> Using your fallback (working) setup, perhaps you
> could paste some of the
>
> inxi -F

I'll try !
tnx

>
> output for the audience.
>
> Paul
>
>

--
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP

On 16/09/2023 10.39, MarioCCCP wrote:
> On 16/09/23 10:17, Marco Moock wrote:
>> Am 15.09.2023 um 17:38:36 Uhr schrieb MarioCCCP:
>>
>>> Then it is an "implicit" root user, which seems to have a
>>> different password I forgot.
>>
>> Boot a linux live system (e.g. Debian).
>> Mount your root file system to /mnt.
>>
>> Then "chroot /mnt" as root in the live system.
>> Then "passwd root" and set a new password.
>>
>
> is it compulsori to use a live ?

No, but I wouldn't go this path, use the sudo option.

--
//Aho

Am 16.09.2023 um 10:39:16 Uhr schrieb MarioCCCP:

> is it compulsori to use a live ?
> I have another MX 21 (wildflower) on the same machine,
> booting well, and I edited fstab to mount automatically the
> Debian partition.
> Also, MX has a "gui" CHROOT tool.
> Is there any risk to modify debian using that ? I ask
> because the main goal I keep two system on a machine, is
> exactly the possibility to make some reciprocal mainteinance ...

Should work fine.

On 9/16/2023 2:44 PM, MarioCCCP wrote:
> On 16/09/23 20:24, Paul wrote:
>> On 9/16/2023 1:06 PM, MarioCCCP wrote:
>>> On 15/09/23 17:38, MarioCCCP wrote:
>>>>
>>>> I have a Debian install on which I have only one EXPLICIT (= created) user, say Pippo, with full sudoer and "admin" rights.
>>>> I still have its password correct, but I fail to reliably login as Pippo + correct password.
>>>>
>>>>
>>>> Then it is an "implicit" root user, which seems to have a different password I forgot.
>>>>
>>>> The bad thing is : in recovery mode at boot it is the only one it asks for to do maintenance, despite Pippo having root / admin privileges too (it does not asks to Login, and don't accept Pippo's PWD, it asks for ROOT PWD alone).
>>>>
>>>> So, now for a Miracle I am logged in as Pippo, which has roor rights (it is a sudoer).
>>>>
>>>> Can I recover the root passeword ?
>>>> If not, can I reset from Pippo logged in ?
>>>>
>>>> TNX for hints
>>>>
>>>>
>>>>
>>>
>>> update : I evidently failed to diagnose the problem. There must be sth very wrong somewhere.
>>>
>>> I managed to login loading the former kernel in recovery mode. This procedure does not always work, as I have to skip the "GIVE ROOT PASSWORD" request at least some times with pwds not being accepted and then follow the alternative "OR PRESS CTRL+D TO CONTINUE" (which sometimes works, if not I reboot the harsh way).
>>> Anyway, I logged in.
>>> Then, at Pippo sudo -i, I reset the root password as many suggested. And it worked once logged in, in fact it allowed to also excalate doing SU (not sudo), which formerly was not allowed.
>>>
>>> On reboot, though, the newest kernel fails to load, it get stuck and unresponsive to any keyboard event
>>> (CTRL+ALT+F1...F3, ALTGR+SYSRQ then RSEISUB, CTRL+ALT+BCKSP, CTRL+ALT+CANC) : no response.
>>> If i try to load the former kernel, and again it asks for some not precised maintenance, IT STILL REFUSES TO ACCEPT THE FRESLY RESET PWD. Since the reset pwd is equal to Pippo's SUDO one, there seem no viable pwd able to enter in maintenance mode ...
>>> I dunno what the system has. I tried some random things as update-grub, update-initramfs -u, chkboot. But nothing changes.
>>>
>>> Maybe the password not recognized is the tip of an iceberg ...
>>
>> The password is stored in /etc/passwd and /etc/shadow.
>>
>> If the slash file system is not mounted at that point
>> in time, perhaps the stored value of the password is
>> not accessible.
>
> strange enough it asks for a password then, if it wouldn't be able to check it no matter what ...
>
>>
>> Using your fallback (working) setup, perhaps you
>> could paste some of the
>>
>>     inxi -F
>
> I'll try !
> tnx
>
>>
>> output for the audience.

This is a BookWork Deb12 in a VM, fully updated to latest.

bullwinkle@CATVILLE:~$ inxi -F

System:
Host: CATVILLE Kernel: 6.1.0-12-amd64 arch: x86_64 bits: 64
Desktop: Cinnamon v: 5.6.8 Distro: Debian GNU/Linux 12 (bookworm)
Machine:
Type: Virtualbox System: innotek GmbH product: VirtualBox v: 1.2
serial: <superuser required>
Mobo: Oracle model: VirtualBox v: 1.2 serial: <superuser required>
BIOS: innotek GmbH v: VirtualBox date: 12/01/2006
CPU:
Info: quad core model: AMD Ryzen 9 5950X bits: 64 type: MCP cache: L2: 2 MiB
Speed (MHz): avg: 3400 min/max: N/A cores: 1: 3400 2: 3400 3: 3400 4: 3400
Graphics:
Device-1: VMware SVGA II Adapter driver: vmwgfx v: 2.20.0.0
Display: x11 server: X.Org v: 1.21.1.7 with: Xwayland v: 22.1.9 driver: X:
loaded: vmware unloaded: fbdev,modesetting,vesa dri: swrast gpu: vmwgfx
resolution: 1280x768~60Hz
API: OpenGL v: 4.5 Mesa 22.3.6 renderer: llvmpipe (LLVM 15.0.6 128 bits)
Audio:
Device-1: Intel 82801FB/FBM/FR/FW/FRW High Definition Audio
driver: snd_hda_intel
API: ALSA v: k6.1.0-12-amd64 status: kernel-api
Server-1: PipeWire v: 0.3.65 status: active
Network:
Device-1: Intel 82540EM Gigabit Ethernet driver: e1000
IF: enp0s3 state: up speed: 1000 Mbps duplex: full mac: 08:00:27:a1:ee:9a
Device-2: Intel 82371AB/EB/MB PIIX4 ACPI type: network bridge
driver: piix4_smbus
Drives:
Local Storage: total: 64 GiB used: 9.67 GiB (15.1%)
ID-1: /dev/sda vendor: VirtualBox model: VBOX HARDDISK size: 64 GiB
Partition:
ID-1: / size: 54.41 GiB used: 9.67 GiB (17.8%) fs: ext4 dev: /dev/sda1
Swap:
ID-1: swap-1 type: partition size: 8.41 GiB used: 0 KiB (0.0%)
dev: /dev/sda2
Sensors:
Src: lm-sensors+/sys Message: No sensor data found using /sys/class/hwmon
or lm-sensors.
Info:
Processes: 190 Uptime: 0m Memory: 3.82 GiB used: 1.22 GiB (31.8%)
Shell: Bash inxi: 3.3.26
bullwinkle@CATVILLE:~$

Paul

On 2023-09-16, MarioCCCP <NoliMihiFrangereMentulam@libero.it> wrote:
> On 15/09/23 19:11, Chris Elvidge wrote:
>> On 15/09/2023 16:38, MarioCCCP wrote:
>>>
>>> I have a Debian install on which I have only one EXPLICIT
>>> (= created) user, say Pippo, with full sudoer and "admin"
>>> rights.
>>> I still have its password correct, but I fail to reliably
>>> login as Pippo + correct password.
>>>
>>>
>>> Then it is an "implicit" root user, which seems to have a
>>> different password I forgot.
>>>
>>> The bad thing is : in recovery mode at boot it is the only
>>> one it asks for to do maintenance, despite Pippo having
>>> root / admin privileges too (it does not asks to Login,
>>> and don't accept Pippo's PWD, it asks for ROOT PWD alone).
>>>
>>> So, now for a Miracle I am logged in as Pippo, which has
>>> roor rights (it is a sudoer).
>>>
>>> Can I recover the root passeword ?
>>> If not, can I reset from Pippo logged in ?
>>>
>>> TNX for hints
>>>
>>>
>>>
>>
>> Or 'sudo -i' and then 'passwd'
>>
>
> In the former post you suggested this cmd. Try it! 'passwd root'
> Silly me for not having studied it before trying ... I
> imagined it would SHOW the current password, not to try to
> change it. :\
> So the solution is to reset it, but before trying I have to
> clarify some things VERY CONFUSED TO ME.
>
> Particularly : the difference of the root keyword AS A ROLE
> vs AS A DEFAULT USERNAME (with the implicit root ROLE).
>
> As I said in the intro.
> I do have a known account (pippo) with also ROOT ROLE, and
> that pwd works

so when logged in as pippo the command "id -u" prints "0" ?
if it does not it is not a root role.

> Then It seems to exist a root account (root username) with
> root role, which was not explicitely created. (but when
> logged in sees a different home folder (different from
> home/pippo ... so it seems to be a real username)

yes root is a real username.

> during boot problems, it is this latter password that is
> being asked.
>
> So my question is : how to reset SPECIFICALLY this root
> (username AND role) password ?

either edit /etc/shadow abd remove the password hash (eg by mounting
the driver on a different comouter), or do like "sudo passwd root" as
pippo

> If I am logged in as Pippo via SUDO -i, have I excaled the
> "role", enabling root privileges, but always being Pippo, or
> have I really logged in as root (username and role) ?
>
> tnx for every clafification.

You have escaped pippo becoming root. there are some breadcumbs left
in your process environment, but for most purposes you are root.

--
Jasen.
🇺🇦 Слава Україні

On 2023-09-16, MarioCCCP <NoliMihiFrangereMentulam@libero.it> wrote:
> lukily my only user Pippo is a sudoer and is added to any
> group. In practice should be able to edit everything in the
> system.
>
> My doubt is : I don't need to alter ITS root password, but
> the original root password of the default user.
>

sudo passwd user-name-here
--
Jasen.
🇺🇦 Слава Україні