Debian/Ubuntu Tips and Tricks


Debian/Ubuntu Tips and Tricks

How-To: Recover root password under linux with single user mode

Posted by chantra on April 8th, 2007

It happens sometime that you can't remember root password. On Linux, recovering root password can be done by booting Linux under a specific mode: single user mode.
This tutorial will show how to boot Linux in single user mode when using GRUB and finally how to change root password.

During normal usage, a Linux OS runs under runlevels between 2 and 5 which corresponds to various multi-user modes. Booting Linux under runlevel 1 will allow one to enter into a specific mode, single user mode. Under such a level, you directly get a root prompt. From there, changing root password is a piece of cake.

1. Entering runlevel 1

Some Linux distribution, such as Ubuntu for instance, offer a specific boot menu entry where it is stated "Recovery Mode" or "Single-User Mode". If this is your case, selecting this menu entry will boot your machine into single user mode, you can carry on with the next part. If not, you might want to read this part.

Using GRUB, you can manually edit the proposed menu entry at boot time. To do so, when GRUB is presenting the menu list (you might need to press ESC first), follow those instructions:

  • use the arrows to select the boot entry you want to modify.
  • press e to edit the entry
  • use the arrows to go to kernel line
  • press e to edit this entry
  • at the end of the line add the word single
  • press ESC to go back to the parent menu
  • press b to boot this kernel

The kernel should be booting as usual (except for the graphical splash screen you might be used to), and you will finally get a root prompt (sh#).

Here we are, we have gained root access to the filesystem, let's finally change the password.

2. Changing root password

As root, changing password does not ask for your old password, therefore running the command:

# passwd

will prompt you for your new password and will ask you to confirm it to make sure there is no typo.

That's it, you can now reboot your box and gain root access again

27 Responses to “How-To: Recover root password under linux with single user mode”

  1. I tried this, but when used passwd it echoed the following:

    passwd: Authentication token manipulation error
    passwd: password unchanged

    What is it trying to tell me?

  2. On a secure system, the root password will be required when going into single user mode. See, for example this link found by searching for 'linux "single user" password'

  3. if linux allows you to boot to single user mode and just change the root password without knowing it, then linux is the worst operating system when it comes to security....

    • hussam,
      you can prevent this with some trickery, but honestly, there is not many system that are safe once you have physical access to them.

      What you want really is encrypting your filesystem.

  4. As a primarily Windows admin that occasionally dabbles with various Linux distros, this is no more or less secure than windows. I have had to hack the SAM database on windows in order to reset admin passwords to gain entry in both non-domain and domain environments. The local password database is not encrypted and therefor can be edited so long as you have access to the disk.

    It is why physically security for any server is essential. You could encrypt the disk if you want to increase the security but then there are issues with recovery later down the road. It is easier to just control the physical access to the machine.

  5. yes.. any OS is secure until you can phisically access the server/pc.
    also on windows, you can boot from recovery media and reset all passwords...

  6. It seems like author has missed to mention below steps after moving to single user mode.

    You need to mount at least / and other partitions:
    # mount -t proc proc /proc
    # mount -o remount,rw /

    Change the root password, enter:
    # passwd

    Finally reboot system:
    # sync
    # reboot

  7. it will say new password-(and although what you are typing isnt being shown, it is there)
    all you need to do after typing the 'passwd' command is type a password and press enter then do the same for the confirm password

  8. Very true....I have to do it on a regular basis repairing computers and the user forgets to give me the "correct" passowrd. I just wipe them all out and reboot

  9. I tried this but i am also getting:
    passwd: authentication token manipulation error
    passwd: password unchanged
    As you said it might be because i entered the wrong passwors when i had to retype it...
    But when i entered even a single letteror many too carefully, even then it is giving me the same error... what do i do in such a case... plz help.....

  10. kubusb,

    i am pretty sure i typed my password correctly but it still gives me the authentication token manipulation error. can it be something else. i tried 7 times to change it but it won't work.

  11. f you have, a password protected grub boot loader and you forgot both root and grub password, then you can recover grub-boot loader password using the following method/procedure:

    * Use Knoppix cd
    * Remove the password from Grub configuration file
    * Reboot the system
    * Change the root password
    * Setup new Grub password if required (optional)

  12. Try below steps :

    1. go to single user mode
    2. check selinux - if it is enforcing do , setenforce 0
    3. try to change passwd .

  13. I am using ubuntu but i fail to get booting menu .Itried to press ctr-x for booting but wont respond .how to solve I forgetton a password

  14. Any system Windows/Mac/IBM/SUN/Linux can be booted with a linux boot iso and all data from hard drive can be stolen or system destroyed or password hacked easily. There is nothing that could stop some one if physical access is available. Take the hard drive and mount elsewhere.Take the system. Or move the whole building to another country. lol

    Security talks about remotely hacking Guys.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>