How-To: Recover root password under linux with single user mode

Post date: 04-May-2010 06:59:47

What if one day you sat down to your computer, and couldn't remember your user password? It could happen. Senior moments, blonde moments, Mom's-heimers -- call it what you will -- but every so often the humans among us lose random bits of data. And, because it's bad security (or rather no security) to write down your passwords, here's how you can login despite the forgotten password.

It happens sometime that you can't remember root password. On Linux, recovering root password can be done by booting Linux under a specific mode:single user mode.

This tutorial will show how to boot Linux in single user mode when using GRUB and finally how to change root password.

During normal usage, a Linux OS runs under runlevels between 2 and 5 which corresponds to various multi-user modes. Booting Linux under runlevel 1 will allow one to enter into a specific mode, single user mode. Under such a level, you directly get a root prompt. From there, changing root password is a piece of cake.

1. Entering Runlevel 1

Some Linux distribution, such as Ubuntu for instance, offer a specific boot menu entry where it is stated "Recovery Mode" or "Single-User Mode". If this is your case, selecting this menu entry will boot your machine into single user mode, you can carry on with the next part. If not, you might want to read this part.

Using GRUB, you can manually edit the proposed menu entry at boot time. To do so, when GRUB is presenting the menu list (you might need to press ESC first), follow those instructions:

  • use the arrows to select the boot entry you want to modify.

  • press e to edit the entry

  • use the arrows to go to kernel line

  • press e to edit this entry

  • at the end of the line add the word single

  • press ESC to go back to the parent menu

  • press b to boot this kernel

The kernel should be booting as usual (except for the graphical splash screen you might be used to), and you will finally get a root prompt (sh#).

Here we are, we have gained root access to the filesystem, let's finally change the password.

2. Changing Root Password

As root, changing password does not ask for your old password, therefore running the command:

# passwd

will prompt you for your new password and will ask you to confirm it to make sure there is no typo.

That's it, you can now reboot your box and gain root access again

My boot loader is LILO

At LILO boot loader type linux single and press [ENTER] key:

Boot: linux single

When you get the # prompt you will need to type passwd root to reset password:

# passwd

Reboot system:

# sync

# reboot

OR from the root shell, you can also edit the /etc/shadow file to remove the password.

OR copy the /etc/shadow /etc/passwd file and use John-The-Ripper software to try cracking the password.

Root Password - Not As Easy Method:

If for whatever reason, the above solution doesn't work for you, there is another option. Boot using a so called "Live CD" Linux distribution, such as Knoppix. For the purposes of this example, it will be assumed that the user is using Knoppix.

After booting up from the Knoppix CD, go to a terminal and su to root (no password is required). After your priviledges have been escalated, issue the following commands (be sure to replace each /hda1 with your own root ('/') partition):

Code:

mount -o dev,rw /mnt/hda1 cd /mnt/hda1/etc

Once you are into your system /etc directory, you can use a text-editor (such as vim, nano, pico, etc.) to edit the /etc/shadow file where the password is stored. Various information about root and user accounts is kept in this plain-text file, but we are only concerned with the password portion.

For example, the /etc/shadow entry for the "root" account may look something like this:

Code:

root:$1$aB7mx0Licb$CTbs2RQrfPHkz5Vna0.fnz8H68tB.:/

10852:0:99999:7:::

(The '/' indicates a line continuation)

Now, using your favorite editor (I'll use vim) delete the password hash (the green text).

Code:

vim shadow

After you've edited this field, it should look like this:

Code:

root::10852:0:99999:7:::

Now save the file and change back to the root directory and unmount the system root partition (don't forget to change the /hda1) as follows:

Code:

cd / umount /mnt/hda1

Now reboot the computer.

Once the computer has booted and you're at the login prompt, type "root" and when asked for the password just press ENTER (entering no password). After a successful login, you need to set the new password for root using the following command:

Code:

passwd

Forgotten or Lost "User" Password:

If a regular user forgets his/her password, the root user can easily reset the user's password. For this example, the username will be "bob".

Enter (as root):

Code:

passwd bob

This will prompt for a new password for the user "bob".

Lost User Password

So you forgot your user password, eh? The following steps assume you've forgotten your user password but remember your root password. If you don't remember your root password, skip down to that section.

Start by logging in as root. (If you're not sure how to do that, read Logging in and out as Root on LinuxClues.com.) Next, open a terminal or console and type the three lines that follow. (Remember, don't type the pound symbol, that shows you're logged in as root.)

# passwd {type your username here without the curly brackets}

Type in a new password (Ignore the error message you'll probably get.)

Type in the new password again.

Log out as root and back in as user with your new password.

Of course, this fix assumes you remember your root password. What do you do if you forget your root password? Not possible? Ok, just imagine you disappear on a fantastic vacation, sans PC. (It COULD happen.) Let's say you spend a glorious two weeks of baking your brains in the sun, or hiking up the sides of mountains viewing stunning vistas. Day after day after day. Then after 14 days of this you head back home, where you power up the PC, go to login and have brain fade trying to remember your root password. What should you do? Well, we'll show you.

Lost Root Password

IMPORTANT: Physically disconnect your PC from the network and the Internet -- pull the Ethernet cable out, eject the wireless card, whatever. Just make sure you're offline. This is to protect your PC from possible Internet-borne attack while you're repairing the password. Please heed this warning and follow this safety procedure. Linux is vulnerable during these steps.

Follow this two-step process. Because the first step varies from distro to distro, we're presenting several alternatives, including an advanced version. The second step is pretty much the same across the board.

Step 1: Red Hat and Mandrake

Start with install CD #1 and boot with it. As the first screen appears, press F2 and type:

rescue (Type "linux rescue" for Red Hat.)

The computer should boot into rescue mode. The screen will display several options. Select: "mount the existing partitions" and go to the shell/console prompt. (Mandrake users: Boot into "failsafe" from the Lilo menu instead.)

Step 1: SuSE

Boot from your first install CD and press F1 at the first screen, then choose "Rescue System" from the menu and at the prompt type:

root (You do not need a password.)

Step 1: Other Distros

Boot from your first install CD (or any live CD like Knoppix) and at the boot prompt type:

linux single (For Knoppix type "knoppix single" without the quotes.)

The computer will boot in single user mode. You will see an odd looking prompt that might look something like: "sh-2.05b#".

Step 1: Advanced Alternative

If you're a regular reader of Scot's Newsletter and you carried out the Rescue CD Linux Explorers tip from the last newsletter issue, you already have a Linux rescue CD, which is required for this alternative to Step 1.

By booting with your rescue CD (or to a live Linux CD, such as Knoppix), you can bypass Step 1, mount the partition and, while logged in as root, skip right to Step 2 and make the changes to the files Step 2 requires.

Step 2

After following Step 1 as appropriate, type the following at the prompt:

# cd /etc (For Knoppix, first you must change directory to the partition with your lost-password distro.)

Step 2 requires you to make changes to these two files: "passwd" and "shadow." Type this line:

# vi passwd (This opens the file with the Vi editor.)

Next, press the I key, which places the Vi editor in Insert mode.

For more on the Vi editor, see the Vi Editor edition of Tips for Linux Explorers.

The first line of the passwd file will probably look like this:

root:x:0:0:root:/root:/bin/bash

Carefully delete the "x" after "root:" being sure to leave the colons in place. The first line should now read:

root::0:0:root:/root:/bin/bash

Save the file by pressing the Escape key and then typing:

ZZ

To edit the second file, type:

# vi shadow

Press the I key to place the Vi editor in Insert mode.

The first line of the shadow file is a long scrambled string of characters. Change it to:

root:::: (That's four colons.)

Save the file by pressing the Escape key and then typing:

ZZ

Now you can reboot your computer. Log in as your normal user, open a console, and type:

$ su

# passwd

And set the new root password. Log out as root:

Ctrl-D

And the job is done!

Congratulations! You've now reset your lost password. You should plan on never, ever going on another extended vacation again (or getting older, or having kids, and so forth) -- so this will never happen again. After all, there's nothing more important than Linux. Right? Priorities, people!

tuck? Let me know...