HOWTO: Bypass a Forgotten Root Password
It’s never happened to me, but I’m sure it’s happened to others. The root password is gone. Forgotten. Changed maliciously. Mysteriously gone.
The Linux Gazette has a great article on the three most common ways to deal with this situation. It’s important to note that there’s no way to actually recover the password, but you can change it to something that you know.
Here’s the simplest and my favourite. I tested this one out on my Kanotix box and it worked as advertised:
Booting Into Single-User Mode
This is as simple editing the preferred boot line in your bootload (typically either Lilo or GRUB) at boot time.
- Reboot the system, and when you are at the selection prompt (See Fig. 2 below), highlight the line for Linux and press ‘e’. You may only have 2 seconds to do this, so be quick.
- This will take you to another screen where you should select the entry that begins with ‘kernel’ and press ‘e’ again.
- Append ‘ single’ to the end of that line (without the quotes). Make sure that there is a space between what’s there and ’single’. If your system requires you to enter your root password to log into single-user
mode, then append init=/bin/bash after ’single’. Hit ‘Enter’ to
save the changes. - Press ‘b’ to boot into Single User mode.
- Once the system finishes booting, you will be logged in as root. Use passwd and choose a new password for root.
- Type reboot to reboot the system, and you can login with the new password you just selected.
There are two other ways to reset your root password. One involves booting from a floppy or Live CD and the other involves mouting the drive on another machine altogether.
As the guide indicates, it really is that easy to crack a root account if you have physical access.
Check it out: How to Reset forgotten Root passwords LG #107
Related Stories
POSTED IN: General
12 opinions for HOWTO: Bypass a Forgotten Root Password
Aaron Brazell
Dec 23, 2005 at 11:07 am
Shoot. Give me remote root access and I can do it (which begs the question if I have root access why would I need to, but that’s another question… don’t confuse me with the facts!).
All I have to do is:
# init 1
Aaron Brazell
Dec 23, 2005 at 11:08 am
You know I’m stupid and in holiday mode.
Runlevel 1 (init 1) doesn’t have networking capability so what good would that do me except kick me off?
Sigh.
Back to your normal programming, folks.
Jon
Dec 23, 2005 at 11:33 am
You’re killing me!
:)
Aaron Brazell
Dec 23, 2005 at 11:55 am
Yeah I know. Just making sure if you’re still awake!
Jon
Dec 24, 2005 at 9:37 am
I don’t know if you’ve ever read my entry on recursive acronyms, but I wrote the entire article with the word ‘algorithm’ instead of ‘acronym’.
I’m da king of stupid things :)
Kalyan Talukdar
Jan 4, 2006 at 3:25 am
It was known to me from earlier, forgotton.But thanks to remind me. I think LINUX is much more insecured as any one can break teh root password.
Jon
Jan 4, 2006 at 6:18 am
Hi Kaylan,
I still think GNU/Linux is pretty secure. Any of these methods to retrieve or change the root password require physical access to the machine. If someone has physical access to your machine, then you’ve got bigger problems :)
Tom
Jan 11, 2006 at 6:05 am
thank you, it works!
now i can continue my adventures in the magical world called Linux *O*
Jon
Jan 11, 2006 at 6:23 am
Hey Tom,
Glad it helped! Enjoy your magical adventures :)
Cyprian M Makhafola
Mar 8, 2006 at 10:10 am
Hi Guys please help me, i have a Suse Linux and the root passwd is unknown. Please help me?
Jon
Mar 8, 2006 at 10:17 am
Cypian,
Did you try the method above?
Vituz
Oct 15, 2007 at 9:35 am
Guys, i tried the /init/bash method on PCLinuxOS and it backfired. Something to do with not being able to read cracklib dict, whatever tat is. any Help?
Have an opinion? Leave a comment: