VMware Communities > VMTN > General > Security & vShield Zones > Discussions
Up to Discussions in Security & vShield Zones

This Question is Answered

14 Replies Last post: Jul 6, 2009 6:41 AM by pearlyshells
Reply

Change Root Password

Jun 25, 2009 6:44 AM

Click to view pearlyshells's profile Expert pearlyshells 556 posts since
Mar 3, 2006
We have a policy that requires us to change the Root Password on all our ESX hosts every 90 days. This is a new policy. I have done this once so far and afterward had rebooted the host for the password to take effect. Was wondering if a reboot is really necessary or can I use a restart of service mgmt-vmware?
Reply Re: Change Root Password Jun 25, 2009 7:03 AM
Click to view lreesey's profile Enthusiast lreesey 30 posts since
Apr 7, 2006

Hope this helps...

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1004659&sliceId=1&docTypeID=DT_KB_1_1&dialogID=25277932&stateId=1%200%2027338525

-larryr


Reply Re: Change Root Password Jun 25, 2009 7:16 AM
in response to: lreesey
Click to view pearlyshells's profile Expert pearlyshells 556 posts since
Mar 3, 2006

The main article is a checklist to walk me thru changing the password. I was really interested in seeing if it was really necessary to "reboot" the host. The supplemental link sorta indicates I will have to reboot. Darn. That means I'll have to migrate all the VMs first. Kind of a bother.

Thanks

Reply Re: Change Root Password Jun 25, 2009 7:19 AM
in response to: pearlyshells
Click to view lreesey's profile Enthusiast lreesey 30 posts since
Apr 7, 2006

There is no reboot required to change the root password. If you need to reset it because you don't know it then that would require a reboot.
Reply Re: Change Root Password Jun 25, 2009 7:22 AM
in response to: lreesey
Click to view pearlyshells's profile Expert pearlyshells 556 posts since
Mar 3, 2006
interesting. I used the VIC to access User & Groups and change the root acct password there. However, the password did not take until I rebooted the host. Is there something different about using the VIC to do this?
Reply Re: Change Root Password Jun 25, 2009 7:42 AM
in response to: pearlyshells
Click to view harryc's profile Enthusiast harryc 81 posts since
Aug 24, 2007

Login to your machine, become root (% su - ), and use the command "passwd root".

The change is immediate and permanent.

you can see the (encrypted) root passwd by grepping it ouot of the /etc/shadow file

login as: harryc
harryc@vmhost07's password:
Last login: Wed Jun 24 08:03:07 2009 from 10.2.17.60
-bash-2.05b$ su -
Password:
root@vmhost07 root# grep root /etc/shadow
root:$1$qQ3g5z4G$yyGlMd6a0mX0KmBXoea2/1:13944:0:-1:7:::
root@vmhost07 root#passwd root
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
root@vmhost07 root# grep root /etc/shadow
root:$1$7vOnLgXG$IBTSsEgaXLQ0EkuodLM27.:14420:0::7:::
root@vmhost07 root#

An interesting note - I changed the root password to the same root password, note how it is encrypted differently.

Reply Re: Change Root Password Jun 25, 2009 8:06 AM
in response to: harryc
Click to view athlon_crazy's profile Expert athlon_crazy 510 posts since
Oct 28, 2007

when you already $su -

no need to $passwd root

enough do # passwd
Changing password for user root.
New UNIX password:

vcbMC-1.0.6 Beta
vcbMC-1.0.7 Lite
http://www.no-x.org

Reply Re: Change Root Password Jun 27, 2009 7:29 AM
in response to: athlon_crazy
Click to view Texiwill's profile Guru Texiwill 10,056 posts since
Jan 13, 2004 Moderator
Hello,

Moved to Security forum.

No a REBOOT is NOT necessary to change the root password as credentials are NOT cached.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast
Reply Re: Change Root Password Jun 27, 2009 1:29 PM
in response to: Texiwill
Click to view pearlyshells's profile Expert pearlyshells 556 posts since
Mar 3, 2006
thanks very much
Reply Re: Change Root Password Jun 30, 2009 8:02 AM
in response to: pearlyshells
Click to view VMSpotlight's profile Enthusiast VMSpotlight 22 posts since
Apr 20, 2009

There are a few white papers / articles that might come in handy covering this:

How to Reset the Root Password in VMware ESX 4 - http://xtravirt.com/xd10017

How to Reset your VMware ESX Server root password - http://www.petri.co.il/vmware-esx-server-root-password-reset-recovery-lost.htm

How to change the root password for 3.0.1 - http://communities.vmware.com/thread/72453

______________________________________________________________________________________________________________________
Community Rep on behalf of PHD Virtual Technologies Inc

esXpress radically alters the notion of how to protect data in virtual infrastructures in one simple way: we use the virtual infrastructure to back itself up!

______________________________________________________________________________________________________________________

Reply Re: Change Root Password Jul 6, 2009 5:34 AM
in response to: VMSpotlight
Click to view pearlyshells's profile Expert pearlyshells 556 posts since
Mar 3, 2006

I'm a bit confused. I see the responses indicating Reset and some for Change of the root password and that for Resetting I will will need to reboot but to Change, I will not need to reboot.

I know the old password and need to change it. So, does that mean I DO NOT need to reboot the host?

Reply Re: Change Root Password Jul 6, 2009 5:39 AM
in response to: pearlyshells
Click to view lreesey's profile Enthusiast lreesey 30 posts since
Apr 7, 2006

No reboot is required to change the root password but you need to do this from the console not the GUI. A reboot will be required if you need to reset (forgot old password) and also needs to be done via the console.

-larryr

Reply Re: Change Root Password Jul 6, 2009 5:46 AM
in response to: lreesey
Click to view pearlyshells's profile Expert pearlyshells 556 posts since
Mar 3, 2006
thanks for clearing that up for me. You mention that I have to make the change from console. I see that I can change the root password from the VIC. Why is it that I have to make the change via the console and not the GUI? Just curious
Reply Re: Change Root Password Jul 6, 2009 5:58 AM
in response to: pearlyshells
Click to view Texiwill's profile Guru Texiwill 10,056 posts since
Jan 13, 2004 Moderator
Hello,

You can change it from either location. Most people however opt to change the root password only from the console.

'Reset' is really a bad term, if you lost the root password and have no means of getting in as root (such as sudo) then you would need to 'recover' or 'recreate' the root password using Rescue Media or booting into single user mode. Note however that for best security you lock out the ability to just boot into single user mode or even make changes to your kernel boot lines within grub without the proper password. Grub has its own password, but single user mode uses 'root's' password. So Rescue may be your only option in this case.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast
Reply Re: Change Root Password Jul 6, 2009 6:41 AM
in response to: Texiwill
Click to view pearlyshells's profile Expert pearlyshells 556 posts since
Mar 3, 2006
appreciate the good words. thanks very much
Actions
Up to Discussions in Security & vShield Zones