How to reset forgotten Root password?

Ok, so you have forgot your root password, huh? Oh well, now you need to gain access to a computer and you cannot "remember" the root's password. OR you have just taken over as a new system administrator from another person just before they left and they forgot to give you the root password. Here is some methods to reset your root password.

Method One : Booting in single mode from GRUB or LILO:

  1. Reboot the system and wait for the GRUB screen to appear
    Highlight the kernel version you're currently using (usually the newest version) from the GRUB list
  2. Press "e" You may only have 2 seconds to do this, so be quick.
  3. This will take you to the boot commands edit screen, highlight the line which starts with kernel and press "e" again
  4. Append “single” to the end of that line (without the quotes). so it will look like this:
    kernel /vmlinuz-kernel-version ro root=LABEL=/ rhgb quiet single
  5. Press "Enter" to save the changes
  6. Press "b" to boot in single user mode.
  7. Once the system finishes booting, you will be logged in as root. Use passwd and choose a new password for root.
  8. Type reboot to reboot the system, and you can login with the new password you just selected.

Hey, but its asking me for root password to log into single-user mode?

Don’t worry…..

  1. In step 4, just append init=/bin/bash after 'single' (without the quotes). Press "Enter" to save the changes.

The same method will work if you have LILO as boot loader instead of GRUB.

Method Two : Using Boot disk or Live CD....

In this method, you need a Linux boot disk or a rescue disk. (If you didn't create one when prompted during the installation then let this be a lesson for you.) You can use your installation CD as a rescue disk; most distros have an option to allow you to boot into rescue mode.

Boot from Red hat Linux CD, at command prompt type “linux rescue” (without the quotes) to start the rescue mode. This will drop you in the root bash prompt in Single User Mode.

If you using a Live CD like Knoppix or Gnoppix then boot the live cd as normal & once system finishes booting, press + + (The Control, Alt and F1 key together) to switch to a virtual terminal or simply open terminal from GUI.

  1. Create a mount point in /mnt

# mkdir /mnt/hd
# mount /dev/hdaX /mnt/hd
(where /dev/hdaX is your Linux system partition with forgotten root password, it could be /dev/hda1 if you IDE hard disk or /dev/sdaX if you have a S-ATA drive).

  1. # chroot /mnt/hd

Once this command completed you can use passwd to set new root password.

# passwd
If chroot is not working for some reason then change to the "/etc" directory on your root partition by typing cd

# cd /mnt/hd/etc

  1. open the 'shadow' file for editing using vi editor. If you won't have a shadow file, in which case you need to edit the 'passwd' file.)

# vi shadow

or

# vi passwd

  1. Scroll down to the line containing the root user's information, which looks something like:
    root:$1$oPldWBFd$3rQbA.Fz7KtyF4IAFP0kq1:13472:0:99999:7:::

  2. Delete everything between the first and second colons, so that the line looks like:
    root:: 13472:0:99999:7:::

  3. Save the file and exit using..

(ESC) :wq

  1. Return to your home directory and un mount hd partition

# cd /
# umount /mnt/hd

  1. Type reboot to reboot your system, and remove the Redhat Linux CD or rescues or live CD from the drive to boot in your regular Linux system.

  2. Once the boot process is complete, you will be asked for a user name: type root and for a password: press ENTER (NO password because you edited the /etc/shadow or /etc/passwd file).
  3. Make sure you change the password immediately using passwd

Method Three : Mounting your hard disk on another Linux system.....

Ah…I don’t know why you want to use this method…any way this is also sure to work

  1. Shut down the machine needless to say after backing up all important data.
  2. Remove the hard drive from machine, and take it to another machine that must be running Linux, since Windows can't read the Linux partition formats.
  3. Connect the hard disk as a slave drive and boot the new system.
  4. Once the system finishes booting, mount the slave drive's root partition as shown above and edit the shadow or password file.

Do you think Linux doesn't have any security and you are very security-consious...here are various way to preventing others from resetting the root password....

  1. Password protecting Single User mode

    # vi /etc/inittab
    - Add the following line BEFORE the id:X:initdefault: line:
    ~~:S:wait:/sbin/sulogin

    This will require the user to enter the root password before dropping him in the root bash prompt in Single User Mode.

  2. Password Protecting Boot loader:

Once the boot loader has been password protected, you won't be able to edit the kernel boot options (add single to the kernel line) unless you enter the boot loader password. However, you will be able to select what kernel to boot.

GRUB:
# /sbin/grub-md5-crypt
- Enter the password you want to set for GRUB. The MD5 hash will appear. Copy this hash line.
# vi /boot/grub/grub.conf and add the line under the timeout=5:
password --md5 passwordHASH
- Replace passwordHASH with the hash resulted from grub-md5-crypt. Simply paste here.
- It will look like this:
timeout=5
password --md5 $1$1OBii1$x78zK/tZB.VMoXzEzcg7x.
- Save the file and exit. Next time you reboot, you will have to press P and enter the password entered in order to edit the kernel boot options.

LILO:
- # vi /etc/lilo.conf
- Add the following line before the first image stanza:
password=NewPassword where NewPassword is the password you want to set for LILO.
- # /sbin/lilo -v This will let the changes take effect
- # chmod 600 /etc/lilo.conf This will allow only root to read and edit the file, since the password is in plain text.

  1. Preventing booting from a Boot disk or Live CD....

    To prevent this from happening, reboot your PC, enter BIOS configuration screen, set the Linux drive as the first boot device and then set a master password for the BIOS itself.


Thats it.

If you want me write some method to preventing someone from removing the hard drive, mount it on another server and edit the /etc files & blah blah …......, then forget it.

Get a good lock from market, locked you cabinet. :)

Labels: