How To Reset the Root Password in Linux
I administer a LOT of Linux systems. Most of those systems information are in a file I keep that tells me what their passwords are. I normally either do not forget a root password or do not lose the paperwork for a Linux system. But I have been in situations where a new client had no idea what their Linux root password was. In those instances I had to change the root password. Problem is, if you don't know the root password, how are you going to change it? You need to know a method of password recovery for the Linux operating system.
There is a way to do this. It will work with most systems that use a root password. Of course if we're talking about a lost boot password, you're out of luck...this won't help you recover that. What this method does is reboot your machine into what is called "single user mode". Single user mode is also referred to as maintenance mode and is runlevel 1.
Reboot the Machine
The first thing you need to do is reboot the machine in question. The next step will vary, depending upon your distribution. What you need to do is to get to the screen that allows you to select which kernel to boot. Some systems (such as Fedora 10) require you to hit the escape key before the kernel boots. Some systems require a Ctrl-x key combination. Some systems require you to hit the "e" key. With Fedora 10 the sequence is this: After your bios posts you will hit the escape key to open up the Grub boot menu. In that menu select the kernel you are going to boot and hit the "a" key (for "append"). What you will see is the kernel boot command for your machine. What you need to do is append single to the end of that command (make sure there is a space before single) and hit the enter key.
Your machine will now start the single user boot process. You will see some processes list as "fail". Do not worry about this. Eventually you will find yourself at a root prompt. At this point all you need to do is enter the command passwd and then type the new password for the root user when prompted.
Once you have entered the new root password reboot the machine by issuing the reboot command. When the machine reboots you will have recovered the root password. Congratulations!Advertisement
What is the IP address of the machine with your master password file? :)
Seriously, though, in what format do you save that password file? Is a password-protected .ods document considered enough?
Dotan: fortunately this file is actually a hard copy, in a notebook, in my office. ;-) so you’d have to have access to my office and then know where the piece of paper is. ;-)
Dotan: in all seriousness…if i had to store a file like that on a PC most likely i would use gpg to encrypt the file with a key not shared out to anyone.
I’ve missed Final Thoughts :D
I tried this on a SUSE Linux Enterprise 9 Server. Upon bootup to Single-User mode (Run Level 3), the system prompted me for the root password. After so many failed attempts it changes the runlevel to reboot (Run Level 6).
Different results but the info will probably come in handy on Fedora or another system someday so it is useful info anyway, thanks!
I’m surprised that this actually works on some distributions. I know that on Ubuntu, and I think Debian, too, the root password is required just before entering the root shell in single-user mode.
I tested on Kubuntu Intrepid Ibex, and it works here! That is far too easy, for me it’s a real security issue. I always thought one would have to boot a Knoppix CD and update the /etc/passwd file manually to change the root password….
If you are worried about security with access to your machine, enable drive encryption or folder encryption. This will prevent access to your data even if the password is reset.
@computer_freak_8: really, I didn’t need the old password here on kubuntu!
note: it does only work, if you didn’t specify a root password before (the normal case on ubuntu). Else it asks for the root-password when entering singe-user mode.
On (k)ubuntu systems, I would recommend to set a very secure root-password instead of leaving it blank, or to completely disable (lock) the root account by typing:
sudo passwd -l root
But like I already said, with a Knoppix CD, you can change the root-password of every linux. If the BIOS is password-protected, unplug the PC and remove the battery on the motherboard ;)
A-ha! That makes sense, then, since I always specify a root password once I setup a system.
If there’s no password, there’s nothing to enter!
Thanks for the information; it is good to know.
So, this resets the root password, but keeps all other data unchanged?
Wow, seems like a major security flaw to me and I thought Linux was secure. But I suppose it is the difference between preventing people doing something stupid to their system with root access, and preventing people accessing your sensitive data and messing up your box with root access.
I am guessing there is no way to access this login via SSH or remotely, so you atleast need access to the machine?
thank you so much.
i have a same problem.
i resolved with your help.