Just an additional hint for the security. Each access to the console is a security risk. Not only the boot from CD. You can e.g. boot with the option "init=/bin/bash" if it's not restricted. => logged in with a root shell => remount / "read write" => ( do not forget to "sync" manually after changes to recover a password.) ... I would prefer to have a one time used password placed in a signed envelope. If it's broken after an emergency action you have to choose a new password. But you have to find a secure place for this envelope also... Best regards, Christian Mike Tierney wrote:
I'm in a similar situation of having to leave root passwords in "a secure place" incase I am not around. :(
Though in the fsck case there is an alternative I have just thought of, but the solution may be WORSE than the problem! If you want people to be able to do a fsck in an emergency, then you could always leave a "Rescue CD" with your boss... Then if anyone needs to actually do a fsck on a crashed server they can use the rescue disk to boot up and fsck the filesystem in question, and then reboot the server.
The drawback to this is that you have to leave the server bootable from CD :(, which is in itself a security hole. On a positive note though, people don't just have the root password "on tap" and are hopefully less inclined to obtain the rescue disk and boot up as root "just for the hell of it".
It's always good to have rescue disks handy anyway, just incase the root/boot file system gets corrupted/damaged. Like I experienced last week during a routine outage...