Reset a Lost root Password

What happens when that server that was always humming along nicely all of a sudden needs you to log in as root to check something or install something new. What was the root password? Didn't it just get changed? All of a sudden, the cold sweat starts - the root password is unknown. What do you do?

Reset it! Thankfully there are a few ways to do this.

Depending on exactly what is wrong with your system, there are three different ways that the root password can be reset (not recovered). Some of these steps will be common to the different methods but a time may come when one method works on one system but not another. As you go down the list, the attempts to reset the password become harder and harder.

1. Use a user with sudo access

If you are lucky, you have access to a user that has sudo access. All you have to do is type in the following command to reset the root password:

$ sudo passwd

Type in the new password, confirm it, and you are all set. Of course, if you have sudo access then you probably can run the command that needs root access using just sudo, and this assumes that sudo access has actually been set up for a user.

2. Reboot into recovery mode

If you don't have access to a user with sudo or sudo is not installed on the machine then the next best thing is to reboot into recovery mode (MacOSX/*BSD users may know this as single user mode). Many newer distros put a GRUB entry into the boot menu to do just this.

Simply shut down the machine and when the GRUB menu appears (this may require hitting ESC or another key to have this appear at boot), select the upper-most kernel entry that ends in (recovery mode) or something similar. On my Ubuntu workstation, this is labeled:

Ubuntu, kernel 2.6.20-16-generic (recovery mode)

The machine will boot into a special shell that is used to fix the machine with a user that has full root access. Once you get to a prompt, just type in:

$ passwd

and you can enter the new password, confirm it, and reboot. Now the root account has the password you just entered.

** 3. Boot off of a Rescue/Live CD**

This is probably the last resort if your boot menu doesn't have a rescue option. Check with your distribution and see if they offer a Rescue CD (Redhat-variants usually do). This Rescue CD should drop you into a shell to run the commands needed.

If your distro does not have a Rescue CD, download a LiveCD like Helix and use it. I recommend Helix not only because it is useful as more than a rescue CD, it lets you boot straight into a command line instead of waiting for a GUI to load.

The other thing you will need to know are the mount points for your installation. If possible, before you reboot the machine, run the following command:

df -h

This will give you an output similar to the following:

Filesystem     Size      Used      Avail     Use%      Mount On




/dev/sda1      3.2G      1.4G      1.7G      46%       /




/dev/sdb1      34G       29G       3.9G      88%       /home




/dev/sdc1      3.9G      586M      3.1G      16%       /var

Write this information down as we will need it when we reboot.

Now that we have everything that we need, boot from your CD. After a few moments you will be greeted with a command prompt, but this is may not be a prompt for your installation (unless this is a Rescue CD, in which case it will probably auto detect your mount points).

If you are not running as the root user by default, change to the root user (See your CD's documentation).

If your mount points were not automatically detected, you will need to mount enough of the file system to run the passwd command. Assuming that we do not have /usr/bin and /etc on seperate mount points, just run

$ mount /dev/sda1 /mnt

to mount what we need.

In the df output above, we can get away with mounting just /dev/sda1, but this may not be the case for you. For example, if you had

/dev/sda1     /




/dev/sda2     /usr




/dev/sda3     /home

Then you would need to do

$ mount /dev/sda1 /mnt




$ mount /dev/sda2 /mnt/usr

to get access to the passwd command and the /etc/passwd file.

Now that we have everything mounted, we can switch to our system by typing:

$ chroot /mnt

and any commands that we run will be as if we are on our installation, not the live CD. Run the following commands to reset the password:

$ passwd

$ exit

$ reboot

The CD should unmount everything cleanly, shut down and then reboot the system.

Hopefully one never has to reset the root account on their machine, but the time may come. It might be easy or it might be hard, but it can be done.


Comments

Categories: Non-Programming, Operating Systems

Tags: Disaster Recovery, Tutorial