Reset Linux Root Password Without Knowing The Password

by admin Date: 11-04-2013


So there it goes - Linux is a secure OS. No, really it is. Despite the title of this post, Linux is actually a secure system. Before we proceed to the main topic, let us consider a few points:

  1. Linux is flexible to a very large extent.
  2. Linux's administrator account is called 'root'.
  3. Linux systems never deny access to any resource whatsoever to the root account. If there are any restrictions in place, the root can remove those as well.
  4. The root account can set and change the password of any user.
  5. To change the password of root, you need to first login as root!

It is the 5th point where the problem is. Much like in Windows, you would get locked out of the system. But since Linux is not (as pathetic as) Windows, there are ways to work around it. Let us see some of them.

Method 1 - Use 'sudo su'

In many systems, a normal user which is added to the system is also added to the list of sudoers. These users can gain the power of root account by running a command prepended with the word sudo. So if the person passes sudo passwd root or passes sudo su to first get the root power and then run the passwd command, he or she would be able to reset the root password. Simple. Easy. Effective. But this does not work everywhere

Method 2 - recovery mode

The sudo su method works on many systems, but not all. It would work on Ubuntu systems most of the time but other distributions like OpenSUSE, Fedora, Sabayon etc. may not be able to use it because they either do not put the normal users in the list of suoders or they want the password of root (not the same normal account) to give root power.

On such systems, one can use the recovery console to reset root password. To do so, one can select 'recovery menu' in the boot menu. Normally every Linux distribution that gets installed will install a 'recovery mode' or a 'failsafe mode' boot entry which allows the user to boot into runlevel 1 where only the root can login. The user can then pass the command passwd to reset the password.

Method 3 - override the init file!

The recovery mode thing cannot work always because many systems (or should I say 'most' systems) will ask for the root password for logging in. Now, since you do not know the root password in the first place, that trick will fail. In such a case, you can try this:

In the boot menu, highlight your Linux menu entry (not the one for recovery mode, but for the normal one) and press 'e' key on the keyboard. This will start an editor where you can change the boot parameter. In most new Linux systems, Grub2 comes as the boot loader. In such systems, the boot menu entry would be a bit complicated. So you might get intimidated by what you see at first. Do not worry, search for the line which starts with the word 'linux'. It would look something like this:

linux   /boot/vmlinuz-3.7.10-1.1-desktop root=UUID=ba08039b-33ba-4074-857c-9688856c3583   video=1366x768 resume=/dev/disk/by-id/ata-WDC_WD3200BEVT-75ZCT2_WD-WXE1A9033884-part2 splash=silent quiet showopts

You have to add this to the end of that line: init=/bin/bash. So the line will start looking like this:

linux   /boot/vmlinuz-3.7.10-1.1-desktop root=UUID=ba08039b-33ba-4074-857c-9688856c3583   video=1366x768 resume=/dev/disk/by-id/ata-WDC_WD3200BEVT-75ZCT2_WD-WXE1A9033884-part2 splash=silent quiet showopts init=/bin/bash

Now press the F10 button (or whatever is being shown on the screen for the booting) to boot the system.

NOTE: If you do not have Grub2, but a lower version of grub then you should search for the line starting with the word 'kernel' instead of 'linux'. Also, you would have to press the 'b' key to boot the entry in that case.

When you boot like that, you would be given the root prompt. You can then run the command passwd root to change the root password. The reason why this happens is because normally when a Linux system boots, the kernel is loaded first. After the kernel is loaded, it loads the ramdisk and gets ready for continuing the rest of the booting. Once it is ready, it runs the init command (usually located at /sbin/init) which would run the rest of the system. When you pass init=/bin/bash to the kernel, it will not load /sbin/init file for booting; instead it will load /bin/bash file which starts the bash shell with the root user's power (because the kernel itself called it) and hence that prompt would allow you to change the root user's password. Actually, this prompt had more power than anything else on Linux because it is running with all the privileges of the system!

Method 4 - the ultimate method - change the password hash

If none of the above works for you then you can take help of another Live Linux CD/DVD to change the root password. This method is long and is a step by step process. You should follow it carefully. Here are the steps (we will consider that the installed system was OpenSUSE and the Live DVD was that of Ubuntu):

  1. Boot into the Live Linux system (Ubuntu) using the DVD.
  2. Once the system is up, go to the terminal and type 'sudo su'. This will get you to the root user.
  3. Now, mount the partition of the disk which contains the /etc directory of the installed system (i.e. the root partition of the OpenSUSE installation on disk). Usually, it would be /dev/sda1 or /dev/sda2 etc. You would know it better. Assuming it was on /dev/sda2, run the command:
mkdir /tmpmnt

mount /dev/sda2 /tmpmnt
  1. Above command will mount your installed system's root partition on /tmpmnt directory of the live system.
  2. Now you run the command: 'passwd root'. It will ask for password twice. Enter the password and remember the password well!
  3. Open the file /etc/shadow of live system (use vim or nano) and search for the line which begins with the word 'root'. It will look something like this: root:$6$o9LWR1MJXjmO$IRP3uil/aSsDVR/HoCqXvTMUbp9.91z58MkiZSoHfFv3AuB54xQetmTP6E9Y6k2Wku80O9wbjcXC24kl6zKUz/:15609::::::
  4. Now, the gibberish you see after the first colon is your password hash. Copy that hash. (In this case, the hash is $6$o9LWR1MJXjmO$IRP3uil/aSsDVR/HoCqXvTMUbp9.91z58MkiZSoHfFv3AuB54xQetmTP6E9Y6k2Wku80O9wbjcXC24kl6zKUz/)
  5. Open the /tmpmnt/etc/shadow file and search for the line that begins with 'root'. It will look very much similar to what you saw in step 6. Replace the existing hash in this file (/tmpmnt/etc/shadow) with the one you have copied (from /etc/shadow); i.e. you have to delete the existing text after the first colon in the file /tmpmnt/etc/shadow and paste the copied hash there!
  6. Save the file and reboot the system to the installation on the disk. Try to login as root and use the password as what you had used in step 5. You should be able to login!

Viola, you have successfully changed the password!

The last trick is the master trick of them all. If none of the steps work for you (try them in the order they have been mentioned), please let us know what issues you are facing in the comments. OR you can register at the site and ask specific questions in the forums.

source: http://www.c-integration.com/blog/  By Vaibhav Kaushal

 
by admin Date: 11-04-2013 hits : 1189