Change root password
-
@rockaddicted
Fine, it's now completely clear.
Thanks! -
@unik314r you are welcome
-
Uh... so if I understood correctly:
- if you do not activate the security option, you are in 'insecure' mode
- in 'secure' mode you get a one-time random password
I see the intent, even if I'm not convinced by the approach.
Questions:- in the system.security.enabled=0 what else is auto-reset? In other words, how valid are the security tips valid for 4.0 and above written here https://github.com/recalbox/recalbox-os/wiki/Security-(EN) ?
- do you have documentation somewhere about what happens when you enable security? Namely, does it affect the Wifi password storage or the retroachievement password storage?
I volunteer to write a new document on the wiki for 4.1 if you provide the info
-
- if option not enabled =
recalboxroot
as password (regenerated at each boot, so no way to use a custom defined one). - if option enabled = system generates an random one (can't be define by user). This password will be same until you disable the option. System don't generates a new one at each reboot.
So yes you can't define it, but once activated and pass stored in your big brain, no issue. (you can find it easily in ES menu, but need a physical access on your recalbox).
About security option features, I'll have to read the source code because I didn't write this option and it is not documented.
But here are the behaviors that I remember :- disable virtualgamepads
- disable webmanager
- add a password to samba share
- generate a random root password
There is maybe other features impacted. I'll have to check if I find a moment.
- if option not enabled =
-
FYI, the ES switch to manage this option is currently broken.
So once this option enabled in ES, you'll have to edit recalbox.conf to disable it.
Will be fixed in a next upgrade. -
@rockaddicted "So once this option enabled in ES, you'll have to edit recalbox.conf to disable it."
I don't agree: I've tried many times to edit from system.security.enabled=1 to system.security.enabled=0 (manually, vi etc...) but 1 still comes back at each reboot.May be I should
- kill emulationstation
- change to 0
- shutdown -r now
Anyway, setting my own password in scripts/recalbox-config.sh here
if [ "$securityenabled" != "1" ];then
echo "MY_OWN_PASSWD"
exit 0
fidid not work either (I think it's normal: system.security.enabled is still at 1)
However, when I set my passwd with recalbox-config.sh:
# recalbox-config.sh setRootPassword MY_OWN_PASSWD--> It stores (and encodes) MY_OWN_PASSWD in /boot/recalbox-boot.conf
So now, I have:
- system.security.enabled=1 in recalbox.conf
- "recalboxroot" set in recalbox-config.sh
- "MY_OWN_PASSWD" (encoded) in /boot/recalbox-boot.conf
--> Now I can ssh with "MY_OWN_PASSWD" and I have security enabled.
-
@unik314r said in Change root password:
May be I should
- kill emulationstation
- change to 0
- shutdown -r now
Yes it worked: system.security.enabled stayed at 0 after reboot.
-
o_O ...
Kind of strange:# grep security.enabled ~/recalbox.conf
system.security.enabled=0
#
--> OK, password = what is written in recalbox-config.sh# grep recalboxroot /recalbox/scripts/recalbox-config.sh
#
--> OK, default password is not recalboxroot anymore, indeed I set my own:# grep Vi /recalbox/scripts/recalbox-config.sh
echo "Vi......."
#--> But ssh only works with recalboxroot !
(I checked rootshadowpassword = it still corresponds to my own passwd , encoded)
I double-rebooted --> passwd is still recalboxroot
Does recalbox manages passwords somewhere else? Did I miss something?
-
@unik314r My son accidently changed my root password, and or turned on secure mode on the recalbox. Now I can't use the web based manager. When I put in the IP address of the recalbox into my url, it says server unavailable. How do I get back to using the web based manager?
Thanks -
@frankie842 in ES, in security menu, you have your new root password.
Access to your recalbox with your network whare (samba). Use root/your_root_password to log you.
Then edit your recalbox.conf et disable security option.
Once done, reboot your recalbox, and the option should be sactivated.
When you are editing your recalbox.conf file, keep your ES menu closed. if don't, your modifications wont be effective. -
@rockaddicted Ok, got in through ssh. How do I edit the config file? and how do I make sure ES menu is closed? Thanks
-
On ssh you can edit with
nano /recalbox/share/system/recalbox.conf
and about es menu, don't press start to open the menu
Stay on system/main menu. -
@rockaddicted said in Change root password:
nano /recalbox/share/system/recalbox.conf
I got this error message: Error opening terminal: xterm-256color
If I try a text editor, it says I don';t have permission to edit the file. How can I edit the file to make security=0?
Thanks -
Just do as you add roms officielles bios. Use your local share. And use the ID root/root_password to log you. You will be able to Γ©ditΓ© recalbox.conf with your text editor.
-
@rockaddicted Ok that worked. Thanks a lot!
-
Would you provide brief step-by-step instructions of how to change the ALL root passwords for recalbox latest version ? From Recalbox release: 17.12.02 (4.1) onwards to latest.
I can see the option under Advanced and when security set to 'on' a password is generated on reboot. But this is only a very short password! If the number of characters could be increased I'd be happy to stick with what it generates.
I have managed to create my own root password by editing the file /recalbox/scripts/recalbox-config.sh
The password then appears in the Recalbox Graphics Mode on the Pi .But on F4 Alt + F2. Logging in is still possible with root and recalboxroot as commented on by @unik314r
(I have mounted -o remount,rw / And tried passwd with a previous version . 4.0.1 and thought the password was persistent on that occasion)
If I try to set the security back to 1 by editing the file from the pi with keyboard connected the password gets set to a random one again on reboot. My password is still in the file but not being used as far as I can tell - since F4 Alt + F2 and I need the generated one. Better than nothing - but easily crackable.
I'm using Linux and can ssh to the pi but unsure from there how I get my password working. This bit is lost in the conversation for me . @frankie842 obviously has solved the problem from your tip. But for me I need a small set of instructions to document the final process here. You do no need to document it all: I can add myself if I can follow the last step.
-
@rockaddicted I cannot follow the last steps to enforce my own root password as @frankie842 managed to do.
I've even tried changing the recalbox-config.sh file in raspbian to set password lenght '-w8' to a greater length . 12 and 15. Both were ignored and in the recalbox graphical interface it still shows its small 8 character password.