crouton changes default chronos sudo password

The first thing that last command should have done is ask you to create a root password. Did it not?

I think I have some other factors at play.

I just did another hard reset and attempted to set the root password on Chrome OS prior to doing any crouton and I get:

chronos@localhost / $ sudo su
localhost dev # passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: Authentication token lock busy
passwd: password unchanged

Let me do a bit more experimentation and get back to you.

Use chromeos-setdevpasswd to set the Chrome OS password manually.

@dnschneid this is an unknown command on both crosh shell and the bash prompt i get from running 'shell'

Sorry, you need to prefix it with sudo

@dnschneid it's a catch 22 because i need the sudo password to reset the sudo password

Coming back to this many months later, I've verified the above steps still ruin the ChromeOS sudo password in the case where sudo chromeos-setdevpasswd had not yet been run to create a non-null sudo password.

edit: To be more clear, one does not run into problems if one sets the system sudo password ahead of time.

I just powerwashed anyway, couldnt figure it out.

Max Pleaner
maxpleaner.com

linkedin.com/in/maxpleaner
github.com/maxpleaner

On Sun, Nov 9, 2014 at 3:09 PM, sr-ix [email protected] wrote:

Coming back to this many months later, I've verified the above steps still
ruin the ChromeOS sudo password in the case where sudo
chromeos-setdevpasswd had not yet been run to create a non-null sudo
password.

—
Reply to this email directly or view it on GitHub
https://github.com/dnschneid/crouton/issues/825#issuecomment-62324586.

I'm not sure if that's the issue here, but there was an bug in Chromium OS < 6277 (i.e. it affects current stable (R38) but not beta/dev (R39/40)), where setting an empty/1 char password in chromeos-setdevpasswd would lock you out of your Chromebook.

See https://code.google.com/p/chromium/issues/detail?id=275774 .

Also, I've set the non-empty root password through crouton many times, without problem.

I haven't been able to break it lately. Please re-open if you can still reproduce the issue.

During my update to the following build on my Toshiba Chromebook 2, the root password I set up has been changed or there is some kind of other problem. I'd rather not powerwash and start over...

Version 40.0.2214.115 (64-bit)
Platform 6457.107.0 (Official Build) stable-channel swanky
Firmware Google_Swanky.5216.238.5

Since I was apparently going to have to powerwash and start over, I decided to go nuts and swap over to the beta channel. It must have "knocked something loose", because sudo accepts my root password again.

Version 41.0.2272.74 beta (64-bit)
Platform 6680.52.0 (Official Build) beta-channel swanky
Firmware Google_Swanky.5216.238.5

P.S. Its not a "user typed in password wrong" problem. I don't use the machine for anything serious, so my root password is weak/easy-to-type.

the sudo password prompt is the user password, by default, the first user UID 1000 is added to sudo group, so if you have access to the default first user you can always sudo su and change or set the root chroot password. This is ubuntu or crouton specific, other distros usually do _NOT_ add users to the sudo group by default.

@tedm - They're talking about a password on the chronos side using chromeos-setdevpasswd.

@DennisLfromGA Thanks, but still, even though Chrome OS uses it's own /etc/shadow format from linux (no hash, just a * which normally means locked), I've always been able to sudo su from chronos to set the chronos user root password, but last time was probably before the OP issues presented here.

I can confirm that in my VM it was reset to my user password. I.e., login as chronos, but use your regular user password. It's no longer the default "facepunch".

I had this problem, though it was user error. The keyboard layout was not as expected so the symbols in my password were on different keys. Worth considering.

It could be that enabling "Debugging Features" broke it. At boot during the Power Wash process, it asks if Debugging Features should be enabled. If you say "yes", it then asks for a "root password". Despite the terminology, it does not seem to be the password of the user root: the su command does not accept it.

See: https://www.reddit.com/r/chromeos/comments/3ettys/being_denied_sudo_and_su_permissions/?ref=share&ref_source=link

My Chromebook is:
Version 49.0.2623.59 beta
Platform 7834.42.0 (Official Build) beta-channel daisy
Firmware Google_Snow.2695.117.0

EDIT: I confirmed by doing two PowerWashes in a row, once with enabling debugging features, and once without. Enabling debugging features does "break" the root password.

I had exactly this problem @prehensilecode. Had to powerwash it as I had 'debugging features' enabled. After a powerwash and making sure I don't enable this, I can get into sudo perfectly without any password. Months of on and off misery solved.

Definitely a bug in rhe OS as it surely shouldn't break?!

I've just gone through what @prehensilecode described. I powerwashed an Acer Chromebook 15 (CB3-531 Baytrail), then enabled debugging features, was asked to set a root password, and I did.

Now when trying to sudo the password I set is not working, nor is a blank password, or anything else (e.g. test0000). FUBAR.

This has been a frustrating first Chrome OS experience. :(

Yeah, definitely seems like a Chrome OS bug and it only allows sudo without debugging features enabled.

Of note also, powerwashing _does not fix the broken sudo_. You have to restore from a recovery USB drive, if you created one before futzing with developer mode. (SO glad I did!)

FWIW -- I'm running into the same issue. I've tried all of the above except for powerwashing. This might be coincidence but I'm remote and my OpenVPN connection was hanging on connecting for reasons unreleated. I stopped it's attempt at connecting to OpenVPN then tried to enter chroot and I'm no longer getting the failed authentication message. It is hanging on entering the chroot however.

OK everyone - it's taken me a mere couple of days (of virtually continuous attempts), but might've cracked it. Once you've Enable(d) Debugging Features, log in as root using VT2 (CTRL+ALT+F2} and _not_ via the crosh=>shell=>chronos method. If you did set a password when enabling debugging features right after a Powerwash or as you switched to Developer Mode, it should work; if you didn't, then use the default (test0000).

Works on a battered, two-year-old, 32-bit ARM (Samsung*) Chromebook

• my other Chromebook is a Toshiba 2 (!!)

@lan-gate you are my hero; I powerwashed my system 5 times thinking I must've been doing something wrong when I was setting the password

i solved this by going to the virtual console (ctrl+alt+f2) and logging in there, THEN doing sudo chromeos-setdevpasswd in the virtual console. just set it to what i had initially. after that the normal shell didnt even prompt me.

@Ian-gate would the username for The Enabled Debugging Features Reset be Chronos

@Qetar you'll want to log on as root, not _chronos_

@lan-gate So after you log in on VT2 are you able to install a linux distro? Because I tried running sudo sh ~/Downloads/crouton -t touch,unity,xiwi after I had logged in, and it said "sh: Can't open /root/Downloads/crouton". Am I not doing the right thing? Sorry, very new to this.

@lan-gate Nevermind, I just set the password for chronos or something and used that in the alt-ctrl-t thing and it worked. I'm now downloading Unity. Thanks for your help!

This seems to work for me. Thank you all for the helpful comments and suggestions!

@ThomasBurgess2000,

Log into your profile first so that ~chronos/Downloads is defined, then goto VT2 and install your crouton chroot using the 'sudo sh ~/Downloads/crouton ...' method.

-DennisL

I have tried all of these, but they don't seem to work for me. Any suggestions?

This happened to me because I enabled the debugging features when I put my chromebook into dev mode.

To fix this is simple, hit CTRL + ALT + [ -> ] (forward key found on two keys to the right of the ESC key).
For login type 'root' and for login password type in the password you used when you enabled debugging features.
Once logged in as root, type 'chromeos-setdevpasswd' and enter and confirm a new password as instructed.
Then hit CTRL + ALT + [ <- ] (back key found one key to the right of the ESC key).
Open up your chrome app and CTRL + ALT + T to open up a new terminal tab.
Type 'shell' and 'sudo su' and enter the new password you just created.

Thank you for this, but I do not remember my password I set for debugging
features. Am I just being dumb at this? I am only 13 but I would like to
know how to get into root. And another thing, am I in root if the tab says
'root@localhost:/'? Thank you once again.

On Sun, Feb 19, 2017 at 7:52 PM, ducasse003 notifications@github.com
wrote:

This happened to me because I enabled the debugging features when I put my
chromebook into dev mode.

To fix this is simple, hit CTRL + ALT + [ -> ] (forward key found on two
keys to the right of the ESC key).
For login type 'root' and for login password type in the password you used
when you enabled debugging features.
Once logged in as root, type 'chromeos-setdevpasswd' and enter and confirm
a new password as instructed.
Then hit CTRL + ALT + [ <- ] (back key found one key to the right of the
ESC key).
Open up your chrome app and CTRL + ALT + T to open up a new terminal tab.
Type 'shell' and 'sudo su' and enter the new password you just created.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/dnschneid/crouton/issues/825#issuecomment-280964330,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AXigknmoDhC5Y8euSK36TWYHKOvONlv5ks5reOPlgaJpZM4B76_-
.

If you do not remember the password you set for debugging then I recommend
you do a powerwash, it will reset your system and allow you to enter a new
debugging password.

On Mon, Feb 20, 2017 at 7:20 AM, TheColoradian notifications@github.com
wrote:

Thank you for this, but I do not remember my password I set for debugging
features. Am I just being dumb at this? I am only 13 but I would like to
know how to get into root. And another thing, am I in root if the tab says
'root@localhost:/'? Thank you once again.

On Sun, Feb 19, 2017 at 7:52 PM, ducasse003 notifications@github.com
wrote:

This happened to me because I enabled the debugging features when I put
my
chromebook into dev mode.

To fix this is simple, hit CTRL + ALT + [ -> ] (forward key found on two
keys to the right of the ESC key).
For login type 'root' and for login password type in the password you
used
when you enabled debugging features.
Once logged in as root, type 'chromeos-setdevpasswd' and enter and
confirm
a new password as instructed.
Then hit CTRL + ALT + [ <- ] (back key found one key to the right of the
ESC key).
Open up your chrome app and CTRL + ALT + T to open up a new terminal tab.
Type 'shell' and 'sudo su' and enter the new password you just created.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://github.com/dnschneid/crouton/issues/825#issuecomment-280964330
,
or mute the thread
AXigknmoDhC5Y8euSK36TWYHKOvONlv5ks5reOPlgaJpZM4B76_->
.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/dnschneid/crouton/issues/825#issuecomment-281106019,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AYsImHZ1qqn6jD9u58z9Sbtx4YURIKZQks5rea9IgaJpZM4B76_-
.

If you do not remember the password you set for debugging then I recommend
you do a powerwash, it will reset your system and allow you to enter a new
debugging password.

Very true but I learned the hard way that choosing the Debugging features at the initial setup screen has it's pitfalls. I prefer to just run: sudo chromeos-setdevpasswd afterwards.

Hope this helps,
-DennisL

Thank you, it helped.

On Mon, Feb 20, 2017 at 7:14 PM, DennisL notifications@github.com wrote:

If you do not remember the password you set for debugging then I recommend
you do a powerwash, it will reset your system and allow you to enter a new
debugging password.

Very true but I learned the hard way that choosing the Debugging features
at the initial setup screen has it's pitfalls. I prefer to just run: sudo
chromeos-setdevpasswd afterwards.

Hope this helps,
-DennisL

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/dnschneid/crouton/issues/825#issuecomment-281210755,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AXigkmEYbZmwl6d6HsnKxPIngw_gwlG8ks5reixkgaJpZM4B76_-
.

This happened to me because I enabled the debugging features when I put my chromebook into dev mode.
To fix this is simple, hit CTRL + ALT + [ -> ] (forward key found on two keys to the right of the ESC key).
For login type 'root' and for login password type in the password you used when you enabled debugging features.
Once logged in as root, type 'chromeos-setdevpasswd' and enter and confirm a new password as instructed.
Then hit CTRL + ALT + [ <- ] (back key found one key to the right of the ESC key).
Open up your chrome app and CTRL + ALT + T to open up a new terminal tab.
Type 'shell' and 'sudo su' and enter the new password you just created.

@ducasse003

My god, you're a godsend. Thank you! I thought I was going crazy and probably set up the wrong password somehow when I enabled the debugging feature.

Any reason as why you need to do this to be able to call sudo in crosh?

I'm glad I was able to help.

It seems some people are able to access sudo in crosh while a few of us are not. I don't know exactly why this happens. In my case, my Chromebook was having some unrelated issues since the initial power up, for example, the Google sign-in screen kept looping the first time I attempted to sign in to the chromebook. I don't really know but it just seems to me like I didn't exactly receive a brand new unit.

I'm glad I was able to help.

It seems some people are able to access sudo in crosh while a few of us are not. I don't know exactly why this happens. In my case, my Chromebook was having some unrelated issues since the initial power up, for example, the Google sign-in screen kept looping the first time I attempted to sign in to the chromebook. I don't really know but it just seems to me like I didn't exactly receive a brand new unit.

Well, my Chromebook is a secondhand unit, although the previous owner seems to have already powerwashed it. I also didn't run into any weird issues while turning on the developer mode/enabling the debugging feature in the subsequent reboot.

I know this isn't exactly the right place to complain about it (crouton's repo), but someone needs to pin your answer somewhere. It's kinda dumb having to powerwash multiple times just to fix this issue - which is, imo, can be summed up as "the root password you set when you enable debugging features after turning on the developer mode doesn't get copied properly into chronos."

There's also some other issues Im having with this specific chromebook: for a day or two it would just randomly shut off as I was using it, then theres the issue where at times it will not allow me to open links in a new tab, or it will freeze if too many tabs are open and I have to shut it off. This chromebook being a brand new unit which I personally bought, brought home, and broke the factory seal. Im not trying to complain I'm just mentioning it because these are all issues I've had with this specific chromebook since I've bought it a couple of days ago which could be related. The touch pad is also not as smooth and accurate as I remember them being which is a real disappointment.

Back to the topic specific topic though, I'm having a further issue.. After setting the 'chromeos-setdevpasswd' in chronos, when I open a new crosh and type 'shell' if I then type 'su' it will prompt me for a password but no matter what password I enter it gives me a wrong password message.

It appears that there are several users all with different passwords rather than a simple password not getting copied over to chronos.

Just wanted to add that if I use "sudo su [command]" it will actually recognize the password. I always thought sudo and su had the same password? Is this normal?

Very last thing I wanted to add is that if I CTL + ALT + [-->] and I log into the user "root", I can use the command "su" several times and then to log off I have to use the command "exit" once for each time I used "su". As if there are an infinite amount of "su" users.

Just wanted to add that if I use "sudo su [command]" it will actually recognize the password. I always thought sudo and su had the same password? Is this normal?

This might explain why.

Very last thing I wanted to add is that if I CTL + ALT + [-->] and I log into the user "root", I can use the command "su" several times and then to log off I have to use the command "exit" once for each time I used "su". As if there are an infinite amount of "su" users.

I don't know about this one. From your description though, it sounds like each time you invoke su, it creates a new process and put you in that process. In effect, you kind of manually recursing with su.

Shouldn't it just give you a list of parameters that you could specify? Based on what it does, calling it with no other arguments wouldn't do anything - at least you need to specify which user that you want to modify (so something like su <username> at minimum). What was the full command that you type in? The sudo su one?

Just a few tidbits about setting the chronos password using chromeos-setdevpasswd -

The script uses openssl to encrypt the password and stores it in the file:
/mnt/stateful_partition/etc/devmode.passwd

Sometimes I like to use a password and sometimes I don't. When I don't I just rename /mnt/stateful_partition/etc/devmode.passwd to /mnt/stateful_partition/etc/devmode.passwd.bak

Then I'm no longer prompted for a password, this comes in handy when I want to toggle it on/off to test or encrypt crouton chroots.

I don't know if anyone else has a need or wants to do this but I thought I'd mention it just in case.

@DennisLfromGA

That's pretty ingenious.

I do have one question though: Wouldn't chronos complain that it couldn't locate the devmode.passwd file then? I'd assume that even if the password is not set, there ought to be some default value stored in that file. And in the case that the system couldn't find it, it should create a new default devmode.passwd and tell the user to try a default root password instead (saying something along the line of "well, that old devmode.passwd was corrupted because I can't find it. For now just give me the default password and I'll let you change it afterward.").

@Duplicated,

Nope, it doesn't complain if it's not there.
I imagine it would complain if it's corrupt though so be careful when playing with it.

I actually have three different devmode.passwd files, one is for user 'chronos' only, one for 'root' only and a third for both 'chronos' & 'root' users.

Here's an example of the one with both:

root:$1$t7TLyoEw$XY7FXXXXXXXXJcbQcsv6..
chronos:$1$TgTER4wG$zXXXXXXXXwVvM6Lhwux8z.

This way I can choose which user requires a password to get a shell session.

Hope this helps,
-DennisL

@DennisLfromGA

If it doesn't complain that it's not there, then I guess it'd just say that devmode.passwd is invalid if it's corrupted or doesn't match any user.

The combined one is pretty interesting too lol. So if that combined devmode.passwd file is the only one available, would it present you a list of users to choose from before you type in your password? Or do you just need to type a matching password for either account, and whichever hash matches will tell the system to trust that you're that user?

@Duplicated,

The file is only created if you run chromeos-setdevpasswd, a lot of people don't.

If it doesn't complain that it's not there, then I guess it'd just say that devmode.passwd is invalid if it's corrupted or doesn't match any user.

I don't have the courage to find out what it'd do with a corrupt file, I don't want to powerwash.

So if that combined devmode.passwd file is the only one available, would it present you a list of users to choose from before you type in your password?

No, but you can login as either 'chronos' or 'root' and be prompted for a (different) password.

Or do you just need to type a matching password for either account, and whichever hash matches will tell the system to trust that you're that user?

When logging in as 'chronos' you enter the password you set for 'chronos' and vice versa.

Hope this helps,
-DennisL

Enter Developer mode with pressing ctrl + alt+ refresh key
after that login with user root and pass which you choose on debugging mode
then give command sudo chromeos-setdevpasswd and type what you like
Done!

Thanks to ducasse003 for this simple fix:

To fix this is simple, hit CTRL + ALT + [ -> ] (forward key found on two keys to the right of the ESC key). For login type 'root' and for login password type in the password you used when you enabled debugging features. Once logged in as root, type 'chromeos-setdevpasswd' and enter and confirm a new password as instructed.

Why my password (set when I switched to dev mode and enabled debugging features) works in VT2 but not in CROSH shell makes no sense to be but the fix worked!

@ducasse003 says:

... I learned the hard way that choosing the Debugging features at the initial setup screen has it's pitfalls. I prefer to just run: sudo chromeos-setdevpasswd afterwards.

Now that I've enabled debugging features and run the chromeos-setdevpassword fix, does this mean I can expect more problems? Should I disable dev mode then re-enable without debugging features before I start setting up all my chroots?

Edit: This is on my awesome, new Samsung Chromebook Pro.

@SongSing this worked, thank yoooooooou <3

Another way to do the same thing without having to go into the alternate terminal (where copy and paste doesn't work) is to just run ssh root@localhost use the root password you set and then run chromeos-setdevpasswd to set the sudo password.

Well we can't do that because we don't have the root password, that's the
issue man....

On Tue., 22 Aug. 2017, 5:11 am dragon788 notifications@github.com wrote:

Another way to do the same thing without having to go into the alternate
terminal (where copy and paste doesn't work) is to just run ssh
root@localhost use the root password you set and then run
chromeos-setdevpasswd to set the sudo password.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/dnschneid/crouton/issues/825#issuecomment-323854148,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACsMbhbuIwa5EVPvuGBprpKh1iVVINo2ks5safJ0gaJpZM4B76_-
.

>

^~^ Cyan/Jos Spencer

@Cyan101 my alternate method is probably most useful for those who enable debugging because either the Ctrl+Alt+F2 > method or the Secure Shell (ssh) method if you turn on debugging require you know the root password to set the dev (sudo) password, but the ssh method doesn't require losing the ability to copy and paste if you have a long password or want to do more within the terminal.

Very late reply but for future reference, all comments above are false. As soon as you enable debugging features, there is ZERO ways to use the terminal as the root or superuser

Simply do not enable debugging features when setting up Developer Mode if you wish to perform root or su commands.

@GodlyChimaera,

Very late reply but for future reference, all comments above are false. As soon as you enable debugging features, there is ZERO ways to use the terminal as the root or superuser

Not in my experience or others that have commented above. You need to login as root with the default password or one you gave it first and foremost then it does work.

EDIT:
However, there's really no need to enable Debugging Features on the initial sign-in screen since you can enable one or all of them from the command line, see -

chronos@localhost ~ $ ls -l /usr/libexec/debugd/helpers/dev_features*
-rwxr-xr-x. 1 root root 11K Jun 21 04:06 /usr/libexec/debugd/helpers/dev_features_chrome_remote_debugging
-rwxr-xr-x. 1 root root 39K Jun 21 04:06 /usr/libexec/debugd/helpers/dev_features_password
-rwxr-xr-x. 1 root root 31K Jun 21 04:06 /usr/libexec/debugd/helpers/dev_features_rootfs_verification
-rwxr-xr-x. 1 root root 31K Jun 21 04:06 /usr/libexec/debugd/helpers/dev_features_ssh
-rwxr-xr-x. 1 root root 51K Jun 21 04:06 /usr/libexec/debugd/helpers/dev_features_usb_boot

You can also set a chronos password to password shell access by running:

• sudo chromeos-setdevpasswd

Hope this helps,
-DennisLfromGA

this happened to me, default password does not work, im gonna powerwash my device simply because i dont know what else to do