Table of Contents

About

This section describes some methods of recovering the root password from a Linux system in case the password has been lost or forgotten.

Avenues

You can recover the root password using the following methods:

Using a Bootable Medium

Using a CD, DVD or USB stick that contains a live Linux distribution, you would boot into the live system and then mount the hard-drive partition. For example, in case the hard-drive partition is at /dev/sda2, you would issue:

mount -o rw /dev/sda2 /mnt

to mount the root partition on the mount point /mnt (if /mnt does not exist, then just create it with mkdir).

Next, create a bind mount for /proc, /sys and /dev just to be sure:

mount -o bind /proc /mnt/proc
mount -o bind /sys /mnt/sys
mount -o bind /dev /mnt/dev

Now, change root inside the mounted partition:

chroot /mnt

and change the password:

passwd root

And you are down.

Boot to Single User Mode

Booting into single user mode depends on the Linux distribution and may not work in case the distribution is configured to still require a root password for booting into single user mode. To attempt recovery through booting into single user mode, restart the machine and then whilst the machine is booting, keep pressing some key (for example, Ctrl+X).

In case the machine has the LILO bootloader installed, then add to the startup parameters:

linux single

In case the machine has the GRUB bootloader installed, then select the current kernel to boot and press E. This will allow you to edit the long line with kernel parameters. Add to that line the number 1 and then press B to boot.

The machine should then boot to single user mode but it may stall with a message similar to Give root password for system maintenance - in that latter case, this recovery procedure will not work.

Otherwise, if the system booted to single-user mode, you may have to remount the root partition in read-write mode with:

mount -o remount,rw /

and then issue:

passwd root

to change the root password.

Replace INIT by a Shell

A different approach is to add:

init=/bin/bash

to the kernel command-line and then boot.

This will have the effect of booting the system but before starting any scripts, the system will spawn the shell /bin/bash (can be any other shell).

From then on, you should remount the root filesystem in read-write mode:

mount -o remount,rw /

and then change the root password with:

passwd root

Removing the Password

In case passwd does not work, another way is to somehow edit /etc/shadow and remove the password entirely. You can do that editing /etc/shadow and finding the root entry such as:

root:$1$8NDWsv6dwer$rT.InxDHDWBV1VvGziiHz/:0:0:99999:7-1:-1:192345

and remove the hashed password $1$8NDWsv6dwer$rT.InxDHDWBV1VvGziiHz/ such that the modified line will look like:

root::0:0:99999:7-1:-1:192345