On Linux, normal users and super users can access services using password authentication. If a normal user has forgotten their password, a super user can reset the password of a normal user directly from the terminal. But what if the superuser (or root user) loses his password? You will need to recover the lost password before starting the login screen. In this way, any malicious user with physical access to your Linux host can take full ownership. This article explains how to recover a lost root password on Linux using two different methods.
Note: The method for resetting a root password is similar for most distributions. Here we demonstrate the process using Ubuntu. For the sake of simplicity, we will also use the “root password” throughout the tutorial, but this can be interchangeably interpreted as the root password.
1. Reset Lost Linux Root Password from the Grub Menu
1. To recover a lost root password, the first thing to do is reboot the Linux host, assuming you have forgotten the root password.
2. Once the GRUB page appears, quickly select the “* Advanced options for GNU/Linux” option by pressing the down arrow key and Enter.
3. Now press e to edit the commands.
You need to change it or switch from “read-only” mode to “read-write” mode. Find the line that begins with “Linux.” Find ro and change it to rw. Add init = /bin/bash to the end of the line.
4. Press F10. This will display a screen with a prompt.
5. Mount your root file system in read-write mode:
mount -n -o remount,rw /
6. Now you can reset your lost root password with the following command:
passwd root
Once you are done, type:
exec /sbin/init
This will exit the command prompt and restart the computer.
2. Reset Lost Root Password Using Live CD
If you have a Linux Live CD/USB, you can boot it up and use it to reset the root password.
1. Download the latest version of Ubuntu and create a bootable Live CD / USB stick from it. Boot your system from the removable drive instead of your hard drive.
2. Select “Try Ubuntu” on the screen. This will take you to the Live CD desktop.
3. Open Terminal and enter the following command to become root:
sudo su
4. Find the location of the hard drive partition with the following command:
fdisk -l
In most cases it will be “/dev/sda1”, although it may differ depending on how your hard drive is partitioned.
5. Mount the partition of the system hard disk to recover with the following command:
mkdir /mnt/recover mount /dev/sda1 /mnt/recover
6. At this point we have to lock ourselves in the “mnt/recovery” directory. This means that we are pretending to be on the normal Linux file system. This is simply known as chrooting.
chroot /mnt/recover
7. Use the following command to reset your Linux root password:
passwd root
8. Once completed, exit from the chroot shell:
exit
9. Unmount the root partition:
umount /mnt/recover
and exit your root:
exit
10. Lastly, remove the Live CD and reboot your Linux system.
Changing the root password on Linux is easy once you’ve gotten through the intimidation of the extra steps you need to take. Note that anyone with access to your computer can use this method to reset their superuser or root password. If you want to be more careful who has access to these types of permissions, consider encrypting your hard drive so that it cannot be easily started or mounted.
Frequently Asked Questions
1. How does full disk encryption affect my ability to change my root password?
Although encryption can complicate things when you’re trying to troubleshoot a problem in Linux, it doesn’t when you’re trying to change the root password. You can still easily do this from Grub as described above, as long as you can access the hard drive.
The only difference now is that outsiders can’t just sneak in and do the same.
2. What is the difference between root and superuser password?
In most cases, the root user is the same as the superuser. Changing the root password should also change the superuser password. In Ubuntu, the superuser is the one with user ID 0. If you have configured a different user with UID 0, the root and superuser passwords are not identical in this case.
3. Can I create an expiration date for passwords?
If you can! You can use the -x mark to set the password duration for a specific user. For example, if you enter passwd -x 30 root, the root password is only valid for 30 days. You will need to change the password after it has expired.
Additionally, you can use the -w flag to specify the number of days required for an advance warning that a password must be changed. If you enter passwd -w 7 root, you will receive a warning about the root password change one week before the previously set deadline with the -x mark.
