Booting Into Single User Mode with GRUB

[Doug Sutherland]

It used to be the case that if you booted single user mode
you would get a console prompt without having to login
and you could just type passwd to change the password.
However, I just tried, and on my system it does ask for
a login even in single user mode.

If single user mode is asking for a login, then you may
have to boot with a bootable CDROM, mount the root
partition in read-write mode

mount -o remount,rw /dev/hda1

Then edit /etc/shadow to remove the password for root user.
That is, everything past the first : until before the second :
You may need to force the save in the editor, for example in
vi save with :wq! or :x!

As an aside to this, since it's still easy to change passwords
and such, to do the inverse and increase security, here is
an example using lilo instead of grub:

Password protect the BIOS, this way BIOS boot configuration
cannot be changed without entering BIOS password first.

In BIOS settings, change the boot preferences to ONLY boot
from the hard drive with the root partition, disable all other
choices.

In the lilo configuration, set the timeout to zero, use the
keyword restricted, and use the password option in lilo.

Change permissions on /etc/lilo.conf so that only root can
view and modify. Use chattr +i /etc/lilo.conf for some extra
protection. Run lilo to update.

Now the system will not load anything without the BIOS
password, and will boot immediately into the root partition
on hard drive. It will not allow entering boot parameters,
so no access to single user mode. It will not boot from any
removable media like CDROM or floppy.

But don't forget the BIOS password!

  -- Doug