Lost root password recovery (Linux)
How to recover a lost or forgotten Linux root password depends on how well the system was protected originally. It can be very easy - or not!
Have you ever forgotten your root password and needed to reset it? I have a very good memory. I remember most of my client's
passwords (there are a few I forget regularly for no reason that I
can understand, but I really do know most), I remember telephone
numbers, and of course I know my own passwords. That last isn't as
easy as it might sound, because I have quite a few different
systems and each has its own password, but though I might use the
wrong one now and then, I'll get it on the second or third try.
If you just need to CHANGE root's password, and you are already logged in as root, just type "passwd" at a shell prompt to reset it.
Well, not this time. A while back I installed Fedora on a
system here, and today I wanted to look at something and .. what
was the root password? Hmm, not that.. how about? .. nope, well it
must be.. darn!
This is worth checking
Twice I have been at customer sites with a lost root pasword
and found that root was already logged in on one of the Alt screens. It is worth checking.. check "w" too. It's a long shot,
but somebody might be in a long forgotten window.
Let's try the easy way first
Before we go to far with this, some systems use "sudo" and
may have configured your ordinary user account to use it with your
own password. Just on that chance, try typing:
sudo su -
at a shell prompt. If it asks for a password, just type in your
usual password. If you get a "#" prompt, you are now logged in as root and
can reset or change your password however you like.
You could now even use a program like Jack the Ripper if you
would rather not change the password or are curious as to
what it was.
If you can't do sudo, it might be harder to recover a
Try single user mode
But let's try it the easy way first. The next thing to try is to boot to single user mode. This MIGHT not work for you, because your system might be configured to still ask for a root password to get to single user mode. If that's the case, we'll use another trick that replaces init with /bin/bash.
Reboot (ctrl-alt-delete or the reset button or pull the plug if that's what it takes)to get access to your boot loader - LILO or Grub.
Note: getting access to the Grub command line can be annoying. Older
versions told you what to do. Grub 2 doesn't: Hold down SHIFT to display the menu during boot (formerly ESC in GRUB legacy).
If you don't see either a LILO or GRUB boot screen, try hitting CTRL-X to get one. Once you have that, if it's LILO, just type "linux single" and that should do it (assuming that "linux" is the lilo label, which it probably is). If GRUB, hit 'e", then select the "kernel" line, hit "e" again, and add " single" (or just " 1") to the end of the line. Press ENTER, and then "b" to boot. (More modern grub uses "a" to append to the boot line)
You should get a fairly normal looking boot sequence except that it terminates a little early at a bash prompt. If you get a "Give root password for system maintenance", this isn't going to work, so try the "init" version below.
If you do get the prompt, try typing "passwd" now. If that works, you are good to go. Reboot and consider setting up
sudo for next time.
If not, the / filesystem may not be mounted rw (although "mount" may say it is). Do
mount -o remount,rw /
and try "passwd" again.
If that doesn't work (it might not), just type "mount" to find
out where "/" is mounted. Let's say it is on /dev/sda2. You'd then
mount -o remount,rw /dev/sda2
If you don't know what filesystems are there, 'fdisk -l'
will tell you.
Note that you might have to specify a filesystem type: "mount -o remount,rw -t ext3 /dev/sda2", for example.
If you can do this, just type "passwd" once you are in and
reset it to whatever you like.
One more try before boot media
Another trick is to add "init=/bin/bash" (LILO "linux init=/bin/bash" or add it to the Grub "kernel" line). This will dump you to a bash prompt much earlier than single user mode, and a lot less has been initialized, mounted, etc. Note that other filesystems aren't mounted at all, so you may need to mount them manually if you need them. Look in /etc/fstab for the device names or use "fdisk -l" to list available partitions.
You almost certainly need to remount root with this trick. Then try "passwd".
If you have to use boot media
However, some systems are protected with boot loader passwords that won't let you do that without THAT password. If the boot loader is password protected, you need to boot from other media - for newer systems, the install CD probably has the recovery tools for that ("linux rescue" for example). You could use your install disks or download something like Tom's Root and Boot Disk.
If using something like "linux rescue" or other boot media, if the recovery disk doesn't automatically mount your disk, you need to do it manually. This shouldn't be difficult unless you have an unusual disk controller. For example, a Compaq raid controller will probably be /dev/ida/c0d0. Find the partitions by using fdisk /dev/ida/c0d0 (just "p" and quit) and then mount what you need.
You might "mount /dev/hda2 /mnt". Once you have your
filesystem mounted, you might try "chroot" and then use "passwd" to fix things up. Say you have the old drive at "/mnt" - type "chroot /mnt" and then use "passwd".
Or just edit /mnt/etc/shadow to remove the password field: move to just beyond the first ":" and remove everything up to the next ":". With vi, that would be "/:" to move to the first ":", space bar once, then "d/:" and ENTER. You'll get a warning about changing a read-only file; that's normal. Before you do this, /mnt/etc/shadow might look like:
and after, the first few lines should be:
You'll need to force the write: with vi, ":wq!". (If that still
doesn't work, you needed to do the -o remount,rw, see above). If it does work, you have reset root to not have a password. You'll want
to change that soon, of course.
If you are having trouble with editing (you really do have to learn vi one of these days), you could just (after making a copy, of course) just
echo "root::12832:0:::::" > /mnt/etc/shadow
or, if you were in single user mode
echo "root::12832:0:::::" > /etc//shadow
and then fix things up when rebooted.
Don't forget to cd back to your boot media and umount before typing "reboot".
If all else fails, you can pull this drive (or install another drive in this machine) and mount it from another running Linux. Then recover/reset the root password as explained above.
Keep this in mind if you have a Linux machine in a publically accessible place : without more protection, it's not usually hard to recover a lost root password, which means it's just as easy for someone to CHANGE it, or access root without your knowlege. The only difference between "break root" and this is intent. Hacking root's password can be accomplished with these same methods, so if
you want to protect your machine, you may want to close these off.
Consider that nowadays a USB stick can be boot media.
If this page was useful to you, please help others find it:
More Articles by Tony Lawrence
- Find me on Google+
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site:
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Publishing your articles here
Jump to Comments
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.