How do I revert after "sudo passwd" in Dom0

It’s not urgent, because the Amazon S3 backup I need to give me confidence to try anything won’t be complete until I get up at 9 am tomorrow GMT.

However, I would then like to revert my Qubes 4.2.3 (R4.2) system, root access to its previous default configuration, I.e. that before I entered…

sudo passwd

…and in response to its “Changing password for user root / New password:” typed what I intended as my new user password twice :face_with_hand_over_mouth:

I am asking because my old backup media (Internal hard drive and USB stick), became impossible to write to at the same time.

Even if this is a coincidence, I would like to revert back to what I understand is the recommended system state.

1 Like

I have just discovered that Linux (or at least Fedora-37) has five :astonished: possible states of the root password. My question therefore resolves into which is the Qubes default of …

State passwd -l root Password Exists Login Behavior
Passwordless Root No No No direct root login
Root Account Locked Yes Yes/No No direct root login
Root Enabled with Password No Yes Login as root allowed
Root with Keys Only Yes No Key-based root login only
Root Completely Disabled Yes No Root login fully blocked

I clearly messed with things way above my Linux knowledge, so any advice (e.g. Don’ts) before I start experimenting tomorrow would be appreciated.

1 Like

I think Qubes is either the first or the second of those 5, but I think it probably doesn’t matter too much.

You should still have passwordless ‘sudo’, because the sudo command takes care of it.

I don’t know if ‘su -’ normally works without password input, but if you need a root shell then you can simply type ‘sudo su -’

As for getting back to no password, a quick look at ‘man passwd’ suggests that ‘sudo passwd -d’ could be the command to run, although I would test it first in a disposable.

2 Likes

Thanks phceac, for suggesting I try it in a disposable. I keep forgetting how easy and quick it is to generate these with Qubes, (and then just kill them if anything goes wrong) :smiley:.

I have also realized that I have a second, (unmodified) Qubes system which I can “interrogate” to see exactly what the default password settings are. I can then (safely) experiment with a disposable until the same “interrogation” gives the same results. Repeat for Dom0 and that should give me confidence that at least the root password is back to what it was.

I will come back here and report what I find.

3 Likes

I do not pretend to understand everything these do, and can take no responsibility for anybody that tries them, but I seem to have successfully reverted back after inadvertently setting a root password.

To revert back, I entered …

sudo passwd -l root
sudo usermod -p '!' root

The results from the system now returned to default are …

sudo passwd -S root
root LK 2025-01-18 0 99999 7 -1 (Password locked)

sudo grep ^root: /etc/shadow
root:!:20106:0:99999:7:::

Which only differs in the dates from the results I got from an unchanged Qubes installation.
So that problem is solved and without locking myself out.
Now to have a go at my hard disk and backup problems :smiley:

2 Likes