I might just be missing this part of the documentation, but I’d like to use a shell as the root user in the Librem 5 QEMU image using the most recent version uploaded (build 4204) and can’t figure out how to become root. I’ve searched the documentation and the forum and can’t seem to find it anywhere, and “123456” doesn’t work. What’s the password?
If it works like desktop PureOS (and I would be surprised if it didn’t), root account has no default password, but you can do in a terminal
sudo su
passwd
to set root password, which requires only the knowledge of current user password.
I tried that, here’s the output:
purism@pureos:~$ sudo su
[sudo] password for purism:
Your account has expired; please contac
t your system administrator
su: Authentication failure
purism@pureos:~$
You may need to activate or tune root account first, e.g. by verifying its settings in /etc/passwd and /etc/shadow; as I haven’t tried this QEMU image yet, I can’t tell you more at the moment.
That said, I’m not sure why you want to activate root account, when you can already use sudo.
No need for su, if you have sudo access you can change the root password:
sudo -i
passwd
I was able to change the root password following those directions, but I still get an authentication failure when I try to use su afterward.
The strange thing is the terminal border turns red like when you go into a root shell via sudo -i, but then quickly changes back to black as the “Authentication failure” message appears in the terminal.
I also tried modifying /etc/passwd and /etc/shadow via guestfish, but setting it to use the purism user’s password (if I understand correctly just copying and pasting the hash from the second field of “purism” to “root” should do this) and setting it to have an empty password both still give the authentication failure message. Both times the terminal border turned red briefly before the message appeared.
I checked /etc/shadow again and the password hash has changed, so the change from sudo -i and passwd went through, but I’m still prevented from using su.
Also, it might be relevant to note that the root account was initially disabled (password field of !* in /etc/shadow).
I don’t think account expiry information is automatically updated with the password, chage -l root (as root) might clear something up.
See also Unable to sudo now
If your distro does not normally have a root password (i.e. password access to root is prevented) then I recommend leaving it exactly like that.
Expiry is different. See the penultimate post in the above linked topic for a command to manage the other password parameters (but leave the password itself as it is i.e. now you should change it back to ‘disabled’).
Thanks, I was able to reenable the root account via sudo chage root and changing the account expiration date from 1970-01-02 to -1.
In general, I understand that there is not really a need to access a shell as root outside of sudo, but since this is a VM I’m not worried about enabling the root account.
One of the great things about Linux is that it gives the user freedom to do anything with the system, even if it’s stupid, e.g. rm's --no-preserve-root option.
2 Likes