HOWTO: Bypass a Forgotten Root Password
It’s never happened to me, but I’m sure it’s happened to others. The root password is gone. Forgotten. Changed maliciously. Mysteriously gone.
The Linux Gazette has a great article on the three most common ways to deal with this situation. It’s important to note that there’s no way to actually recover the password, but you can change it to something that you know.
Here’s the simplest and my favourite. I tested this one out on my Kanotix box and it worked as advertised:
Booting Into Single-User Mode
This is as simple editing the preferred boot line in your bootload (typically either Lilo or GRUB) at boot time.
- Reboot the system, and when you are at the selection prompt (See Fig. 2 below), highlight the line for Linux and press ‘e’. You may only have 2 seconds to do this, so be quick.
- This will take you to another screen where you should select the entry that begins with ‘kernel’ and press ‘e’ again.
- Append ' single' to the end of that line (without the quotes). Make sure that there is a space between what’s there and ’single’. If your system requires you to enter your root password to log into single-user
mode, then append init=/bin/bash after ’single’. Hit ‘Enter’ to
save the changes. - Press ‘b’ to boot into Single User mode.
- Once the system finishes booting, you will be logged in as root. Use passwd and choose a new password for root.
- Type reboot to reboot the system, and you can login with the new password you just selected.
There are two other ways to reset your root password. One involves booting from a floppy or Live CD and the other involves mouting the drive on another machine altogether.
As the guide indicates, it really is that easy to crack a root account if you have physical access.
Check it out: How to Reset forgotten Root passwords LG #107
Shoot. Give me remote root access and I can do it (which begs the question if I have root access why would I need to, but that’s another question… don’t confuse me with the facts!).
All I have to do is:
# init 1
You know I’m stupid and in holiday mode.
Runlevel 1 (init 1) doesn’t have networking capability so what good would that do me except kick me off?
Sigh.
Back to your normal programming, folks.
You’re killing me!
Yeah I know. Just making sure if you’re still awake!
I don’t know if you’ve ever read my entry on recursive acronyms, but I wrote the entire article with the word ‘algorithm’ instead of ‘acronym’.
I’m da king of stupid things
It was known to me from earlier, forgotton.But thanks to remind me. I think LINUX is much more insecured as any one can break teh root password.
Hi Kaylan,
I still think GNU/Linux is pretty secure. Any of these methods to retrieve or change the root password require physical access to the machine. If someone has physical access to your machine, then you’ve got bigger problems
thank you, it works!
now i can continue my adventures in the magical world called Linux *O*
Hey Tom,
Glad it helped! Enjoy your magical adventures
Hi Guys please help me, i have a Suse Linux and the root passwd is unknown. Please help me?
Cypian,
Did you try the method above?
Guys, i tried the /init/bash method on PCLinuxOS and it backfired. Something to do with not being able to read cracklib dict, whatever tat is. any Help?
boot off a LiveCD, chroot into the primary hard disk and use passwd.
It is really good stuff!
Thanks for it.
@Praful
but is there a way to change the root password while you have already locked on the machine without necessarily booting in single mood.
but let me try out the above first.
Doesn’t work for me. I get to the command line prompt, but when I type in “passwd”, the letters don’t appear. I press return anyway and it prompts me for a new UNIX password, but as I’m typing it in, it interprets some of my key presses as a return.
So I type “reset” and I get a properly functioning command line, run the passwd command and can apparently change the root password, but then the “reboot” command doesn’t work, instead giving the error: “shutdown: Unable to send message: Connection refused”
If I Ctrl+Alt+Del, when the machine comes back, the new password I set for root isn’t accepted.
All of this on Ubuntu 8.10, kernel 2.6.27-9-generic.