Description

Boot up Linux virtual machine (if already running, reboot it).

We will see the Virtual machine BIOS screen for a few seconds.

Then the GRUB2 boot loader will begin running and show a message: “Press any key . . .”

Interrupt the boot process by pressing a key when you see this message. It might take several attempts to get your timing right. You should now see the GRUB boot loader screen. Follow the process below to instruct GRUB to boot in single user mode.

1. The GRUB2 boot loader shows the kernels that are available to boot.

• We can install as many as we like by later editing the /etc/grub2.cfg file.

• Highlight the desired kernel then press the ‘E’ key to edit the boot commands.

2. The screen will change to one with several lines. Move the cursor with the arrow keys to the line that starts “linux....”. We want to pass a new option to the kernel, to tell it to boot with just a simple Unix shell.

3. On this line, look for where it says “ro” as a word by itself. We need to: Delete the word “ro” In its place, instead type: rw init=/sysroot/bin/sh

4. When We are sure we have typed it correctly, press Ctrl-X to boot the machine with your new boot parameters.

The machine will now boot and provide you with a root (single-user) shell without asking for a password.

Changing “ro” (read-only) into “rw” (read-write) means that we will be able to edit files if we need to as the filesystem will be mounted in a writable mode.

Note that the actual files of the machine are found inside the /sysroot folder when you are in single-user mode.

Single-user mode is mainly used for system maintenance:

• be sure that no-one else is using the system, and that

• a minimum number of processes are running.

Also note that this didn’t require you to enter any passwords, so it is also the way to do password recovery on a Linux system using GRUB2. The downside is that if an attacker has physical access to your machine, they can do this too. It is possible to secure the GRUB2 bootloader so we cannot do what we have just done without entering a password. There is also a ‘rescue mode’ that still gives you a single-user environment, but does require the root password.

Exit single-user mode

From single-user mode, we want to now exit and go back to graphical mode. The simplest way is to use the “reboot” command.

There are different modes the system can boot in:

1. Single-user mode is one.

2. Multi-user mode without graphics.

3. Graphical mode.

Previously these were called “runlevels”. In the latest releases they are called “targets”.

Use the command systemctl get-default to check the current default mode.

It should show “graphical.target”, indicating that the default boot mode of the system is graphical mode. We can change it with “systemctl set-default”

The main targets are:

• emergency.target – used for emergency system recovery (a bit like single user shell)

• rescue.target – rescue mode – also for system recovery – requires root password

• multi-user.target – multi-user mode with no graphical login

• graphical.target – full graphical mode

Emergency.target and rescue.target.

emergency.target – used for emergency system recovery (a bit like single user shell)

# systemctl emergency.target

We can make it active (“start”) or inactive (“stop”). We can make it start at boot (“enable”) or not start at boot (“disable”).

Try:

systemctl start <servicename>

systemctl stop <servicename>

systemctl enable <servicename>

systemctl disable <servicename>