Setting a default root password
Under certain circumstances it might be convenient to set a default root password. For example when deploying Gentoo cross-platform trying to chroot in the common way may return an exec format error. If the respective entry in the Knowledge Base does not apply chances are that using a QEMU user chroot instead of the standard procedure is indicated. In that case circumventing the necessity of chrooting may spare a lot of efforts. Setting a default root password is integral to that circumvention.
Don't do this lightheartedly as it always carries a certain security risk should one forget to change the root password as soon as indicated adequate. At least consider using a QEMU user chroot.
To set a default root password the file TARGET/etc/shadow needs to be manipulated.
Hash the password
Since passwords may not be stored in plaintext use openssl to convert the password:
user $
openssl passwd -6
Password: Verifying - Password: $6$I9Q9AyTL$Z76H7wD8mT9JAyrp/vaYyFwyA5wRVN0tze8pvM.MqScC7BBm2PU7pLL0h5nSxueqUpYAlZTox4Ag2Dp5vchjJ0
In this example the string corresponds to the password "gentoo".
The
-6
option produces a SHA512 password hash which is only available with >=dev-libs/openssl-1.1.1. Older versions can only produce an insecure MD5 password hash with the -1
option.Option 1: Edit shadow by hand
TARGET needs to be replaced by the mountpoint of the target root filesystem.
The resulting string needs to be placed in TARGET/etc/shadow. In that file replace the line beginning with root:
with the line shown below, substituting SHADOW_COMMAND_OUTPUT with the string obtained before.
root:SHADOW_COMMAND_OUTPUT:14698:0:::::
In case of the example above it would look like that:
root:$6$I9Q9AyTL$Z76H7wD8mT9JAyrp/vaYyFwyA5wRVN0tze8pvM.MqScC7BBm2PU7pLL0h5nSxueqUpYAlZTox4Ag2Dp5vchjJ0:14698:0:::::
Option 2: Use sed to manipulate shadow
The resulting string needs to be placed in TARGET/etc/shadow. First escape Basic Regular Expressions in the string provided by the openssl command above, that is precede each of the characters $.*[\^/&
by \
.
In the following command substitute MODIFIED_SHADOW_COMMAND_OUTPUT with that modified string.
TARGET needs to be replaced by the mountpoint of the target root filesystem.
root #
sed -i 's/root\:\*/root\:MODIFIED_SHADOW_COMMAND_OUTPUT/' TARGET/etc/shadow
In case of the example above this would look like that:
root #
sed -i 's/root\:\*/root\:\$6\$I9Q9AyTL\$Z76H7wD8mT9JAyrp\/vaYyFwyA5wRVN0tze8pvM\.MqScC7BBm2PU7pLL0h5nSxueqUpYAlZTox4Ag2Dp5vchjJ0/' TARGET/etc/shadow