APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed
RSS Feeds RSS Feeds











(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
->
-> Lost Linux root password recovery - multiple ways to reset or recover forgotten root password


Lost root password recovery (Linux)

How to recover a lost or forgotten Linux root password depends on how well the system was protected originally. It can be very easy - or not!




Have you ever forgotten your root password and needed to reset it? I have a very good memory. I remember most of my client's passwords (there are a few I forget regularly for no reason that I can understand, but I really do know most), I remember telephone numbers, and of course I know my own passwords. That last isn't as easy as it might sound, because I have quite a few different systems and each has its own password, but though I might use the wrong one now and then, I'll get it on the second or third try.

If you just need to CHANGE root's password, and you are already logged in as root, just type "passwd" at a shell prompt to reset it.

Well, not this time. A while back I installed Fedora on a system here, and today I wanted to look at something and .. what was the root password? Hmm, not that.. how about? .. nope, well it must be.. darn!

This is worth checking

Twice I have been at customer sites with a lost root pasword and found that root was already logged in on one of the Alt screens. It is worth checking.. check "w" too. It's a long shot, but somebody might be in a long forgotten window.

Let's try the easy way first

Before we go to far with this, some systems use "sudo" and may have configured your ordinary user account to use it with your own password. Just on that chance, try typing:

sudo su -
 

at a shell prompt. If it asks for a password, just type in your usual password. If you get a "#" prompt, you are now logged in as root and can reset or change your password however you like.

You could now even use a program like Jack the Ripper if you would rather not change the password or are curious as to what it was.

If you can't do sudo, it might be harder to recover a forgotten password..


Try single user mode

But let's try it the easy way first. The next thing to try is to boot to single user mode. This MIGHT not work for you, because your system might be configured to still ask for a root password to get to single user mode. If that's the case, we'll use another trick that replaces init with /bin/bash.

Reboot (ctrl-alt-delete or the reset button or pull the plug if that's what it takes)to get access to your boot loader - LILO or Grub.

Note: getting access to the Grub command line can be annoying. Older versions told you what to do. Grub 2 doesn't: Hold down SHIFT to display the menu during boot (formerly ESC in GRUB legacy).

If you don't see either a LILO or GRUB boot screen, try hitting CTRL-X to get one. Once you have that, if it's LILO, just type "linux single" and that should do it (assuming that "linux" is the lilo label, which it probably is). If GRUB, hit 'e", then select the "kernel" line, hit "e" again, and add " single" (or just " 1") to the end of the line. Press ENTER, and then "b" to boot. (More modern grub uses "a" to append to the boot line)

You should get a fairly normal looking boot sequence except that it terminates a little early at a bash prompt. If you get a "Give root password for system maintenance", this isn't going to work, so try the "init" version below.

If you do get the prompt, try typing "passwd" now. If that works, you are good to go. Reboot and consider setting up sudo for next time.

If not, the / filesystem may not be mounted rw (although "mount" may say it is). Do

mount -o remount,rw /
 

and try "passwd" again. If that doesn't work (it might not), just type "mount" to find out where "/" is mounted. Let's say it is on /dev/sda2. You'd then type:

mount -o remount,rw /dev/sda2
 

If you don't know what filesystems are there, 'fdisk -l' will tell you.

Note that you might have to specify a filesystem type: "mount -o remount,rw -t ext3 /dev/sda2", for example.

If you can do this, just type "passwd" once you are in and reset it to whatever you like.

One more try before boot media

Another trick is to add "init=/bin/bash" (LILO "linux init=/bin/bash" or add it to the Grub "kernel" line). This will dump you to a bash prompt much earlier than single user mode, and a lot less has been initialized, mounted, etc. Note that other filesystems aren't mounted at all, so you may need to mount them manually if you need them. Look in /etc/fstab for the device names or use "fdisk -l" to list available partitions.

You almost certainly need to remount root with this trick. Then try "passwd".

If you have to use boot media

However, some systems are protected with boot loader passwords that won't let you do that without THAT password. If the boot loader is password protected, you need to boot from other media - for newer systems, the install CD probably has the recovery tools for that ("linux rescue" for example). You could use your install disks or download something like Tom's Root and Boot Disk.

If using something like "linux rescue" or other boot media, if the recovery disk doesn't automatically mount your disk, you need to do it manually. This shouldn't be difficult unless you have an unusual disk controller. For example, a Compaq raid controller will probably be /dev/ida/c0d0. Find the partitions by using fdisk /dev/ida/c0d0 (just "p" and quit) and then mount what you need.

You might "mount /dev/hda2 /mnt". Once you have your filesystem mounted, you might try "chroot" and then use "passwd" to fix things up. Say you have the old drive at "/mnt" - type "chroot /mnt" and then use "passwd".

Or just edit /mnt/etc/shadow to remove the password field: move to just beyond the first ":" and remove everything up to the next ":". With vi, that would be "/:" to move to the first ":", space bar once, then "d/:" and ENTER. You'll get a warning about changing a read-only file; that's normal. Before you do this, /mnt/etc/shadow might look like:

root:$1$8NFmV6tr$rT.INHxDBWn1VvU5gjGzi/:12209:0:99999:7:-1:-1:1074970543
bin:*:12187:0:99999:7:::
daemon:*:12187:0:99999:7:::
adm:*:12187:0:99999:7:::
 

and after, the first few lines should be:

root::12209:0:99999:7:-1:-1:1074970543
bin:*:12187:0:99999:7:::
daemon:*:12187:0:99999:7:::
adm:*:12187:0:99999:7:::
 

You'll need to force the write: with vi, ":wq!". (If that still doesn't work, you needed to do the -o remount,rw, see above). If it does work, you have reset root to not have a password. You'll want to change that soon, of course.

If you are having trouble with editing (you really do have to learn vi one of these days), you could just (after making a copy, of course) just

  echo  "root::12832:0:::::" > /mnt/etc/shadow 
or, if you were in single user mode
  echo  "root::12832:0:::::" > /etc//shadow 
 

and then fix things up when rebooted.

Don't forget to cd back to your boot media and umount before typing "reboot".

Final resort

If all else fails, you can pull this drive (or install another drive in this machine) and mount it from another running Linux. Then recover/reset the root password as explained above.

All set?

Keep this in mind if you have a Linux machine in a publically accessible place : without more protection, it's not usually hard to recover a lost root password, which means it's just as easy for someone to CHANGE it, or access root without your knowlege. The only difference between "break root" and this is intent. Hacking root's password can be accomplished with these same methods, so if you want to protect your machine, you may want to close these off.

Consider that nowadays a USB stick can be boot media.




If this page was useful to you, please help others find it:  





53 comments




More Articles by - Find me on Google+



Click here to add your comments
- no registration needed!


You are king!


Helped me too. Thanks.

Same here. Thanks, man u saved me! :)

Quite usefull piece of information. Hellos from Finland 9.6.2004.

very helpful on my "learning linux - leaving windows" thank you.

Very nice way :)

Thanks! You saved the day.

Luckily this was 1st time I neeeded this, but this makes a mockary of linux security. Thx a million!

---July 21, 2004

No, there's no mockery: you CAN setup your system so that none of this would work.

--TonyLawrence





---August 3, 2004

Thanks! Saved me a headache :-)


---August 8, 2004

This helped me a lot. Thank you.


---August 14, 2004

Nice pease of information! Very helpfull!

---August 25, 2004

You have saved me! DCosta.

---September 27, 2004

reply to TonyLawrence: Yes, you can ... but still, there is no way to save your PC from hacker with physical access to it (reset CMOS by disconnecting battery, plug in own disk ...). Only way to protect data is encrypt them, which means typing password on each boot.

-- September 27, 2004

True, but even then, assuming physical possession and enough computing resources (and time, depending on the encryption), your data isn't safe.

Resources change, so you can't really depend that anything is safe.

I was simply noting that just because its this easy to break into a system without any extra controls (boot password, cmos password, encryption) it doesn't mean that it "makes a mockery of Linux Security".

Security, like everything else, is a matter of degree. A simple root password keeps your system safe from a very large number of people. As you add more impediments, you decrease the likelihood that the system can be compromised, but there is no absolute security, and even if you were 99.999 % secure today, changing technology might make that 80% tomorrow.

--TonyLawrence



---October 26, 2004


very nice! THX

-- butonic 2004-10-26 00:02:36.542

You ARE the man ! Saved a linux newbie from a lot of pain. Thanks!!

---October 26, 2004


---October 27, 2004

koolmen I got it. Perfect. You are good!

---December 1, 2004


Just perfect. The init-procedure worked for me, as the name for root was changed to iroot in passwd but not in the shadow!
THX!

---December 7, 2004

Yep! Works just like that! (I had to use the init procedure)! Saved my about 100 years time.. !THANKS
(SUSE 9)

Vassilis - Greece


---December 13, 2004

Worked great, helped me behind the maitenance root password by adding the shell command. I would never have thought of that! Thanks a million! (Suse 9.0)

Theo - The Netherlands

---December 25, 2004

Great and clear lesson, saves money and time, thanks &lt;= r0bis, Latvia


---December 26, 2004

You Rock !! Nothing like a good Christmas day scare to refocus my efforts on getting around to documenting stuff.

---January 3, 2005

Grateful !!

---January 11, 2005

Seems to work with SuSE 9.2. Thanks so much!!


---January 17, 2005


Nicely documented. Thanks!
- Linux admin from Finland

---January 20, 2005

Seems pretty nice but doesn't work with Linux Mandrake 9.1. The "linux single" method asks for "root password for maintenance", and the other method makes kernel panic "attempted to kill init"...

---January 20, 2005

Hella cool. Thanks so much i installed Linux Mandrake 10.0 and then i must have typed root password wrong TWICE, so i did your trick with linux single and bam im in like flint. uber cool man!

---February 2, 2005



Thankyou , you saved me one days work !
Ivar, Oslo

---February 9, 2005

Merci, Just do it and "Voila"
Nicolas, Switzerland (SUSE 9.2)





Wed Feb 16 14:51:27 2005: 33   anonymous


you just saved me, i have a presentation and the one that handles the computer quited, i didn't knew what to do thanks a lot



Sat Feb 26 16:23:56 2005: 86   anonymous


Excellent site describing what you need to recover the passwd.
Took me more than 1 hour to reach this site, then 2 min to change my root passwd.
Thanks a lot!



Sat Feb 26 16:56:02 2005: 87   TonyLawrence

gravatar
Just curious: why did it take you an hour to get here? This page is the number 1 hit for Google "lost root password" and is in the top ten for many other similar searches..



Tue Mar 8 21:23:50 2005: 118   anonymous


Thanks, excellent information. Helped me get into an old linux box that had been lying around for years and no one had the password.

-IT guy from Canada



Wed Mar 16 18:06:50 2005: 182   anonymous


Saved me a huge re-install. I knew I had done this before but I couldn't remember how and you were the only site I found with the COMPLETE information. Kudos.



Fri Mar 18 03:59:39 2005: 190   TyroneThanatos




good job man
you've slove my problem




Thu Apr 21 12:47:55 2005: 357   anonymous


thank you, thank you, thank YOU!



Tue Apr 26 04:13:10 2005: 378   Saturn


That way would work great, if you had the time and energy and patience to do it all.....Or you could just do this:

When the LILO: prompt appears (or boot: prompt if you inserted a boot disk), enter:

linux -s

OR

linux single

When the bash# prompt appears, enter:

passwd

This will then prompt you for a new root password, without asking for the old one.

Press Ctrl+D and start up Linux proper, then log in to the root account with your new password!



Tue Apr 26 10:06:36 2005: 380   TonyLawrence

gravatar
Huh? Did you even read this?

The whole point is that the "simple" procedure sometimes isn't.. and the article says to do exactly what you say if you can do it that way!

Sheesh! :-)




Wed Apr 27 01:05:31 2005: 387   Saturn


Yes I read the article. And you was showing Linux Geru's (Supposibly) how to fix the problem of root password being lost. I just helped all those other people that just recently converted over from Windoze to *nix how to do the same thing in a lot less time and reading, and I almost bet, I didn't scare them off either!!!



Wed Apr 27 10:19:41 2005: 390   TonyLawrence

gravatar
You have the wrong idea. First it's "guru" and I'm not one. See No Wizards Here

But more important than that is that you don't understand that your "simple" way isn't always going to work. If it did, that's all I would have written - why would I go on and on with "if that doesn't work, you need to" etc. if it would?







Sat Apr 30 01:16:44 2005: 413   anonymous


Hey Man,

You saved my time...You are the best and Good Angels bless you for sharing your knowledge :))))


Angel



Mon May 23 10:41:17 2005: 566   anonymous


Thanks, thanks, thanks

Frans



Sat Oct 8 12:59:27 2005: 1179   anonymous


That's so easy it's scary!



Sat Nov 26 19:19:57 2005: 1382   anonymous


Sir,

you are great u made my day. Saved a lot of effort of us. May the Tux bless you with a looooooong n healthy life.



Mon Nov 28 17:52:01 2005: 1384   Melvin


Dude, you help me alot.
you saved me from re installing the os
Thanks



Wed Nov 30 16:26:03 2005: 1388   LeeGreen


I just reset a forgotten root password on Suse Linux 10. I needed to use the "init" method due to single user mode requiring root's password. However, I found that I did not have to mount the root filesystem since it was done automatically. I'm not sure that will be true in all cases under this version of the OS, but I would recommend using "df" to see if the filesystem is already mounted before assuming it's not.



Sun Dec 4 14:47:24 2005: 1404   anonymous


After sleepless weekend finaly a productive solution.
you really helped me since I'm working on my station since 2 month starting
with ZERO knowlage in Linux\Unix administration.

again and again 10x

Note - the "init=......." line is confusing, maybe you can notice that this line should be added without the commas.



Tue Feb 14 13:49:11 2006: 1639   anonymous


... mac OS X.4? Any ideas?



Tue Feb 14 19:47:04 2006: 1640   TonyLawrence

gravatar
Sure. You need to boot single user mode.. see http://www.macosxhints.com/article.php?story=20001217230925152

Unfortunately the original article referred to there is apparently moved or gone.


If you previously bothered to set a Master Password (often ignored because they really don't explain it well, see http://aplawrence.com/foo-mac/master-password.html ), just mistype the login until it asks for the master.

Or, if you as Admin still have sudo rights, just do "sudo passwd root" in a terminal. It will ask for YOUR password first, and then you will be asked for a new root password.










Thu Feb 23 14:27:48 2006: 1702   anonymous


Hi i m kiran , u r idea is to good... but one thing i dont get abot how i can get the root password ..suppose i m using Linux(any Version ) actually wht happen i have 2 account in that . one is root and other one is student . k so suppose i have to change something in System file so it must ask the password for ROOT so how i can know that. and one more thing suppose i want to Login in ROOT but i dont know the root password of that PC (Suppose this is NETWORK PC i m using telnet k and i want to know main server ROOt Password i can login with my ID and Password )but suppose i have to install new or change any thing in tht network so wht i can do 4 that....) can u help me on this problem ..............


form ur suggetion i can do that /bin/shadow but it cant show the password it can show some char like xhjagaz 2121addadzzaa xas like that so wht i ccan i do is there any METHOD to change that no into PASSWORD ..........

plz help me as soon as possible

bye
thanxk



Thu Feb 23 14:56:06 2006: 1703   TonyLawrence

gravatar
You can't *know* the password. Well, that's not entirely true, but there's no direct decryption method. If you have access to the shadow file, you can use programs like John the Ripper ( http://aplawrence.com/Words2005/2005_03_26.html) to try to match all possible passwords - that can take a long, long time (which is why cautious admins change passwords often)



Sun Feb 26 03:22:36 2006: 1711   anonymous


Thanks! Saved me a lot of time!! )



Thu Mar 9 03:38:02 2006: 1753   anonymous




i'm new to linux. I don't even know if I lost my password or not, because I don't know if the user that I have a password as root priveliges. No matter.
Just wanted to ask, does this site means afterall linux security is a mith?
It looks to easy to get someone else root password.



Thu Mar 9 11:13:11 2006: 1754   TonyLawrence

gravatar
No. With physical access to the machine, any OS is vulnerable. If you read all this carefully, you'd see that there is more you could do to secure your machine if you needed to.



Thu Mar 16 20:16:38 2006: 1796   anonymous


Super! Thank you!



Mon Apr 10 18:00:06 2006: 1888   anonymous


You saved me so much time reformatting!



Sun Apr 23 13:50:30 2006: 1954   anonymous


Thanks very much for this - it was easy to find, easy to follow and the simple straightforward approach worked great with Fedora Core 5.



Mon May 22 22:41:18 2006: 2043   anonymous


Chalk another one up - THANKS man!



Thu Aug 3 16:32:37 2006: 2358   anonymous


Saved my butt too! Many thanks.



Thu Aug 10 15:49:01 2006: 2384   zorrack


Really cool. Thanks a lot. No need to reinstall system :)



Tue Aug 29 20:54:48 2006: 2434   anonymous


Thank you, thank you, just saved 4 hours here.



Fri Sep 1 15:12:09 2006: 2435   anonymous


Thank you very much, on Suse 10.1 works fine the 2nd (init=/bin/bash)
solution; first solution asks, as you said, for root password.



Tue Sep 26 06:55:04 2006: 2485   anonymous


It works!!!

Im using the Grub option.

Thanks. :)



Thu Oct 5 14:50:57 2006: 2504   anonymous


Yesterday I there was an successful attack on my gateway. The atacker changed the password so I had to rescue it. Thanx for this site.



Sun Oct 22 21:37:20 2006: 2549   Chris


What do I need to do to get Tony's tips to work on Ubunutu Linux? Or maybe I missed something...??? I'm in a mess because without my root password, there are 189 updates in synaptic package manager that I can't get to because Ubuntu still thinks I am giving the wrong password. I hope someone can help me!!!

I can get to the Grub screen by hitting Esc, then 'e' to edit, 'e' again to edit kernel line (my system has 4 kernel lines to pick from, I just picked to first one, is that ok...?), then had to add ' single' because ' 1' didn't work the first time. Then hit 'b' to boot it. Then got the 'give root passwd for maint' message, so I tried the init method. It seemed to work fine. (' init=/bin/bash' instead of ' single'. then typed 'mount -o remount,rw /', and 'passwd', and successfully entered and re-entered new password.) However, when I reboot, the Ubunutu login screen still will not accept the new password for my login. Is it looking at an old copy of my old password, even though the unix or linux or whatever runs behind the GUI is looking at the new one?

Please try to use idiot-proof terms, I am new at Linux and will miss it if you skip over a step that you'd assume people would know.



Tue Nov 14 02:46:54 2006: 2613   anonymous


Thank you, it was very helpfull :)



Thu Nov 16 10:30:49 2006: 2622   anonymous


TY
i just installed a new version of linux on my box and i hmmm i must have entered a wrong passsword :P



Thu Nov 30 23:53:46 2006: 2672   Mike


Yep. Works like charm. You are King.

We have a GRUB loader with FedoraCore Linux. Just type "a" at the loader screen, added "single" as one of the boot argument, continue with boot, chanced passwd file in single user mode. Works like charm.






Fri Dec 15 00:02:15 2006: 2740   anonymous


great help. thank you... i misread how to enter grub, though, and somehow got to a regular grub shell, instead of grub append. so for anyone using fedora or redhat, press "a" at the boot loader menu (the colorized menu where you select which kernel to boot) and then you'll enter grub mode and you then just add the word "single" to the end of command and hit enter.

or just read this

http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/step-guide/s1-q-and-a-root-passwd.html



Tue May 10 19:06:36 2011: 9493   anonymous




Good that you put in to try the easy way first. I had no idea that my login had sudo powers but it did so zap! That was easy :)



Tue Aug 30 12:58:27 2011: 9750   Joe

gravatar


found server in abandoned house, plugged to see if it works, yep! it does, poor thing had survived a foreclosed house with no heating/no AC, but it has Linux and it has a password that I have no idea how to bypass it,
Need help, I'm new to lInux and want to switch to Ubuntu server



Tue Aug 30 13:39:27 2011: 9751   TonyLawrence

gravatar


If you simply want to install Ubuntu, you don't need to break the password - just create a Ubuntu cd elsewhere and install it on this machine., overwriting the old entirely.



Tue Sep 13 05:36:39 2011: 9826   anonymous

gravatar


Thanks a lot man..! your first idea itself made me recovered..!



Mon Nov 14 22:17:09 2011: 10178   Per

gravatar


First tip helped me out, thanks a bunch for saving me precious hours!!



Sat May 26 18:09:53 2012: 11019   anonymous

gravatar


Thanks, saved my butt from a password initially entered from a bad keyboard!!!!

You Rock!



Tue May 29 02:08:49 2012: 11024   anonymous

gravatar


great job on this very informative this really helps i will try this later on thanks for taking the time to help newbies like myself linux rules haa haa



Tue Jun 5 12:04:19 2012: 11062   anonymous

gravatar


You have saved this tired old man a great deal of frustration, and help bring an old SUSE box back to life.

Many thanks



Wed Aug 28 15:28:17 2013: Website: http://geekswing.com12296   Ben

gravatar


Haven't heard of Tom's Root And Boot. Interesting, will need to check it out. I use Clonezilla which is a free imaging tool (that rocks!) but an unexpected bonus is a really nice mini linux kernel with shell access! I've used clonezilla for many fun recovery type tasks including resetting root password on inherited systems many times! Check that out too :)
http://geekswing.com/geek/resetting-root-password-on-a-linux-system-using-clonezilla/



Tue Sep 24 18:24:12 2013: Website: 12319   anonymous

gravatar


running scrippt that envokes superusr. Can not enter password. I am on a computer with a dual boot system running Linux Mint 15 Mate. 77 old newbie needs help!!!!



Tue Sep 24 22:06:02 2013: Website: 12320   TonyLawrence

gravatar


That has nothing to do with this.







Thu Sep 4 18:21:25 2014: Website: 12524   anonymous

gravatar


extremely useful 11 years later. This is the first article that I could find with the init= command.

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments


If you want a picture to show with your comment, go get a Gravatar

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments



Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

I am a Kerio reseller. Articles here related to Kerio products reflect my honest opinion, but I do have an obvious interest in selling those products also.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.

pavatar.jpg

This post tagged:

       - Administration
       - Linux
       - Popular
       - Security
       - Unix



















My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!


book graphic unix and linux troubleshooting guide



Buy Kerio from a dealer
who knows tech:
I sell and support

Kerio Connect Mail server, Control, Workspace and Operator licenses and subscription renewals



Click and enter your name and phone number to call me about Kerio® products right now (Flash required)