VMware

This Question is Answered

14 Replies Last post: Jul 6, 2009 6:41 AM by pearlyshells  

Change Root Password posted: Jun 25, 2009 6:44 AM

Click to view pearlyshells's profile Expert
pearlyshells
562 posts since
Mar 3, 2006
We have a policy that requires us to change the Root Password on all our ESX hosts every 90 days. This is a new policy. I have done this once so far and afterward had rebooted the host for the password to take effect. Was wondering if a reboot is really necessary or can I use a restart of service mgmt-vmware?

Re: Change Root Password

2. Jun 25, 2009 7:16 AM in response to: lreesey
Click to view pearlyshells's profile Expert
pearlyshells
562 posts since
Mar 3, 2006

The main article is a checklist to walk me thru changing the password. I was really interested in seeing if it was really necessary to "reboot" the host. The supplemental link sorta indicates I will have to reboot. Darn. That means I'll have to migrate all the VMs first. Kind of a bother.

Thanks

Re: Change Root Password

3. Jun 25, 2009 7:19 AM in response to: pearlyshells
Click to view lreesey's profile Enthusiast
lreesey
30 posts since
Apr 7, 2006

There is no reboot required to change the root password. If you need to reset it because you don't know it then that would require a reboot.

Re: Change Root Password

4. Jun 25, 2009 7:22 AM in response to: lreesey
Click to view pearlyshells's profile Expert
pearlyshells
562 posts since
Mar 3, 2006
interesting. I used the VIC to access User & Groups and change the root acct password there. However, the password did not take until I rebooted the host. Is there something different about using the VIC to do this?

Re: Change Root Password

5. Jun 25, 2009 7:42 AM in response to: pearlyshells
Click to view harryc's profile Enthusiast
harryc
81 posts since
Aug 24, 2007

Login to your machine, become root (% su - ), and use the command "passwd root".

The change is immediate and permanent.

you can see the (encrypted) root passwd by grepping it ouot of the /etc/shadow file

login as: harryc
harryc@vmhost07's password:
Last login: Wed Jun 24 08:03:07 2009 from 10.2.17.60
-bash-2.05b$ su -
Password:
root@vmhost07 root# grep root /etc/shadow
root:$1$qQ3g5z4G$yyGlMd6a0mX0KmBXoea2/1:13944:0:-1:7:::
root@vmhost07 root#passwd root
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
root@vmhost07 root# grep root /etc/shadow
root:$1$7vOnLgXG$IBTSsEgaXLQ0EkuodLM27.:14420:0::7:::
root@vmhost07 root#

An interesting note - I changed the root password to the same root password, note how it is encrypted differently.

Re: Change Root Password

6. Jun 25, 2009 8:06 AM in response to: harryc
Click to view athlon_crazy's profile Expert
athlon_crazy
524 posts since
Oct 28, 2007

when you already $su -

no need to $passwd root

enough do # passwd
Changing password for user root.
New UNIX password:

vcbMC-1.0.6 Beta
vcbMC-1.0.7 Lite
http://www.no-x.org

Re: Change Root Password

7. Jun 27, 2009 7:29 AM in response to: athlon_crazy
Click to view Texiwill's profile Guru
Texiwill
10,236 posts since
Jan 13, 2004
Hello,

Moved to Security forum.

No a REBOOT is NOT necessary to change the root password as credentials are NOT cached.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast

Re: Change Root Password

8. Jun 27, 2009 1:29 PM in response to: Texiwill
Click to view pearlyshells's profile Expert
pearlyshells
562 posts since
Mar 3, 2006
thanks very much

Re: Change Root Password

9. Jun 30, 2009 8:02 AM in response to: pearlyshells
Click to view VMSpotlight's profile Enthusiast
VMSpotlight
22 posts since
Apr 20, 2009

There are a few white papers / articles that might come in handy covering this:

How to Reset the Root Password in VMware ESX 4 - http://xtravirt.com/xd10017

How to Reset your VMware ESX Server root password - http://www.petri.co.il/vmware-esx-server-root-password-reset-recovery-lost.htm

How to change the root password for 3.0.1 - http://communities.vmware.com/thread/72453

______________________________________________________________________________________________________________________
Community Rep on behalf of PHD Virtual Technologies Inc

esXpress radically alters the notion of how to protect data in virtual infrastructures in one simple way: we use the virtual infrastructure to back itself up!

______________________________________________________________________________________________________________________

Re: Change Root Password

10. Jul 6, 2009 5:34 AM in response to: VMSpotlight
Click to view pearlyshells's profile Expert
pearlyshells
562 posts since
Mar 3, 2006

I'm a bit confused. I see the responses indicating Reset and some for Change of the root password and that for Resetting I will will need to reboot but to Change, I will not need to reboot.

I know the old password and need to change it. So, does that mean I DO NOT need to reboot the host?

Re: Change Root Password

11. Jul 6, 2009 5:39 AM in response to: pearlyshells
Click to view lreesey's profile Enthusiast
lreesey
30 posts since
Apr 7, 2006

No reboot is required to change the root password but you need to do this from the console not the GUI. A reboot will be required if you need to reset (forgot old password) and also needs to be done via the console.

-larryr

Re: Change Root Password

12. Jul 6, 2009 5:46 AM in response to: lreesey
Click to view pearlyshells's profile Expert
pearlyshells
562 posts since
Mar 3, 2006
thanks for clearing that up for me. You mention that I have to make the change from console. I see that I can change the root password from the VIC. Why is it that I have to make the change via the console and not the GUI? Just curious

Re: Change Root Password

13. Jul 6, 2009 5:58 AM in response to: pearlyshells
Click to view Texiwill's profile Guru
Texiwill
10,236 posts since
Jan 13, 2004
Hello,

You can change it from either location. Most people however opt to change the root password only from the console.

'Reset' is really a bad term, if you lost the root password and have no means of getting in as root (such as sudo) then you would need to 'recover' or 'recreate' the root password using Rescue Media or booting into single user mode. Note however that for best security you lock out the ability to just boot into single user mode or even make changes to your kernel boot lines within grub without the proper password. Grub has its own password, but single user mode uses 'root's' password. So Rescue may be your only option in this case.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast

Re: Change Root Password

14. Jul 6, 2009 6:41 AM in response to: Texiwill
Click to view pearlyshells's profile Expert
pearlyshells
562 posts since
Mar 3, 2006
appreciate the good words. thanks very much

Actions

VMware Developer

SDKs, APIs, Videos, Learn and much more in the Developer community.

Learn More

Developer Sample Code

Increase your developer productivity with VMware API sample code.

Learn More

VMworld Sessions & Labs

Online access to the latest VMworld Sessions & Labs and online services.

Learn more

Purchase PSO Credits Online

Purchase credits to redeem training and consulting services online.

Buy Now

Community Hardware Software

View reported configurations or report your own.

Learn More

VMware vSphere

Come witness the next giant leap in virtualization.

Register Today

Communities