Softpanorama
(slightly skeptical)
Open Source Software Educational Society
May the source be with you, but remember the KISS principle ;-)
Softpanorama Search
|
Softpanorama |
May the source be with you, but remember the KISS principle ;-)
Softpanorama Search
|
| Recommended Links | Sudo | Minimalistic and Rescue Linux Distributions | Knoppix Linux | Runlevels | Serial console | ||
| YaST | Resetting root password on MySQL | Humor | Etc |
Generally it is highly recommended to configure Sudo so the wheel group does not require password to get to root. Wheel group should be limited to users who are system administrators of the server. That increases the resilience of the system against lost root password problem without negatively affecting the security of the machine (you need an inside information to know which user belongs to wheel group and the password of the user to get to the root via privileged account).
If this is not the case and root password is lost, there are three main options:
The first thing to try is to boot to single user mode and check if your system was configured to ask for a root password to get to single user mode.
When presented with the grub boot menu, select your choice, then hit 'e' to edit instead of enter.
Then scroll down to the line it displays with 'kernel
/boot/kernel-X.Y.Z ....' and enter 'e' to edit it.
Scroll to the end of the line and append a "1" (no quotes), then ENTER. This tells
the kernel to boot into runlevel 1, the single user level.
Enter 'b' to boot using this new configuration. Note that this is a temporary
change to your grub configuration. Upon next reboot the 1 will not be there and
you will be back to the regular options.
You should get a fairly normal looking boot sequence except that it terminates a little early at a bash prompt. If you get a "Give root password for system maintenance", this isn't going to work. If you are lucky you will be presented with a root prompt (/bin/bash).
In case single usr mode is password protected you need to use init=/bin/bash trick described below. It is very similar to previous but instead of appending 1 you append init=/bin/bash
If you do get the prompt, the / filesystem may not be mounted rw (although "mount" may say it is). You need to remount it with the command:
mount -o remount,rw /
If that doesn't work (it might not), just type "mount" to find out where "/" is mounted. Let's say it is on /dev/sda2. You'd then type:
mount -o remount,rw /dev/sda2
On many distros the 'single' or 'rescue' boot will still ask for a password.
You can get around this by starting linux without starting initd, just launch a
shell instead; and it's blindingly fast.
'e' to edit the boot entry, select the kernel line and press 'e' again, then type
"init=/bin/bash", enter, press 'b' to boot it. You end up at a root prompt with
/ mounted read-only. (depending on the distro, you might need /bin/sh instead)
# mount / -o remount,rw
# passwd
<change your root password here>
# mount / -o remount,ro
reboot
This trick is also useful for fixing up boot problems connected with the modification of various init scripts.
In Grub :Once you're at a /bin/bash prompt...
- Type 'e' to edit the default kernel line
- Then 'e' again on the line that starts with 'kernel'
- Add 'init=/bin/bash' to the end of the 'kernel' line
- Press <ENTER>
- Type 'b' to boot it
Remount the filesystem read/write (will be ro when bin/bash'ing):
# mount -o remount,rw /Then change the passwd: # passwd root
Remount the filesystem back to read/only (keep things clean):
# mount -o remount,ro /Then CTR-ALT-DELETE (though this will result in a kernel panic most likely). After rebooting the system and you should be good to go.
First, try single user. If you don't see either a LILO or GRUB boot screen, try hitting CTRL-X to get one. If it's LILO, just type "linux single" and that should do it (assuming that "linux" is the lilo label). If GRUB, hit 'e", then select the "kernel" line, hit "e" again, and add " single" (or just " 1") to the end of the line. Press ENTER, and then "b" to boot.
You should get a fairly normal looking boot sequence except that it terminates a little early at a bash prompt. If you get a "Give root password for system maintenance", this isn't going to work, so see the "init" version below.
If you do get the prompt, the / filesystem may not be mounted rw (although "mount" may say it is). Do
mount -o remount,rw /
If that doesn't work (it might not), just type "mount" to find out where "/" is mounted. Let's say it is on /dev/sda2. You'd then type:
mount -o remount,rw /dev/sda2
If you can do this, just type "passwd" once you are in and change it to whatever you like. Or just edit /etc/shadow to remove the password field: move to just beyond the first ":" and remove everything up to the next ":". With vi, that would be "/:" to move to the first ":", space bar once, then "d/:" and ENTER. You'll get a warning about changing a read-only file; that's normal. Before you do this, /etc/shadow might look like:
root:$1$8NFmV6tr$rT.INHxDBWn1VvU5gjGzi/:12209:0:99999:7:-1:-1:1074970543
bin:*:12187:0:99999:7:::
daemon:*:12187:0:99999:7:::
adm:*:12187:0:99999:7:::
and after, the first few lines should be:
root::12209:0:99999:7:-1:-1:1074970543
bin:*:12187:0:99999:7:::
daemon:*:12187:0:99999:7:::
adm:*:12187:0:99999:7:::
You'll need to force the write: with vi, ":wq!". (If that still doesn't work, you needed to do the -o remount,rw, see above).
Another trick is to add "init=/bin/bash" (LILO "linux init=/bin/bash" or add it to the Grub "kernel" line). This will dump you to a bash prompt much earlier than single user mode, and a lot less has been initialized, mounted, etc. You'll definitely need the "-o remount,rw" here. Also note that other filesystems aren't mounted at all, so you may need to mount them manually if you need them. Look in /etc/fstab for the device names.
See also
http://aplawrence.com/Bofcusm/861.html
http://aplawrence.com/Bofcusm/872.html
http://aplawrence.com/Bofcusm/873.html
Linux Journal
The following methods can be used for resetting the root password if the root password is unknown.
If you use GRUB for booting, select the system to be booted, and add 1 to the end of the kernel boot command. If you're not presented with an edit “box” to add boot parameters, try using GRUB's edit command (the letter e). The 1 tells the kernel to boot to single-user mode.
The system now should boot to a root prompt. At this point, simply use the passwd command to change the root password.
Another option is to boot a rescue CD or an installation CD that lets you get to the command line. Once you're at a command prompt, mount the system's root directory if it's not already mounted:
$ mkdir /mnt/system $ mount /dev/sda1 /mnt/systemNow, do a chroot and reset the password:
$ chroot /mnt/system $ passwd
08/06/2008 - Thanks for this Additional Useful Information From zcat:
On many distros the 'single' or 'rescue' boot will still ask for a password. You can get around this by starting linux without starting initd, just launch a shell instead; and it's blindingly fast.
'e' to edit the boot entry, select the kernel line and press 'e' again, then type "init=/bin/bash", enter, press 'b' to boot it. You end up at a root prompt with / mounted read-only. (depending on the distro, you might need /bin/sh instead)
# mount / -o remount,rw
# passwd
<change your root password here>
# mount / -o remount,ro
<three-finger salute or hit the reset button>
It's also useful for fixing up boot problems, if you're silly enough to have put commands in various init scripts that don't actually exit or daemonize...
By the way, when you do init=/bin/sh (or bash), it isn't strictly necessary to reboot afterwards (well, depending on what you change I suppose), you can just do an 'exec /sbin/init' to continue the boot process. Make sure the state of the system is as it would normally be though (e.g. umount /usr, make / readonly again etc).
How to Reset forgotten Root passwords LG #107
How To Reset Linux Root Forgotten Passwords Get Retrieve Root Password
How-To Recover root password under linux with single user mode Debian-Ubuntu Tips & Tricks
Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
Disclaimer:
Last modified: January 08, 2010