Resetting the Root Password


The following methods can be used for resetting the root password if the root password is unknown.

If you use GRUB for booting, select the system to be booted, and add 1 to the end of the kernel boot command. If you're not presented with an edit “box” to add boot parameters, try using GRUB's edit command (the letter e). The 1 tells the kernel to boot to single-user mode.

The system now should boot to a root prompt. At this point, simply use the passwd command to change the root password.

Another option is to boot a rescue CD or an installation CD that lets you get to the command line. Once you're at a command prompt, mount the system's root directory if it's not already mounted:

$ mkdir /mnt/system
$ mount /dev/sda1 /mnt/system

Now, do a chroot and reset the password:

$ chroot /mnt/system
$ passwd


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Most motherboards have

Anonymous's picture

Most motherboards have jumper of switch labeled "Clear CMOS". Just do it and the BIOS password is gone too.

What about LILO?

Logick's picture

What are the steps to do this with LILO? I can Google it, but it would be nice to see that in this article for completeness. I liked the article BTW and I wish people had less time on their hands than to complain. I think if you lose the root password, the drawback of a simple reboot is insignificant in the grand scheme of things.

ignore this article

jf's picture

For Linux Journal I would hope that you wouldn't have such lame answers for such questions; but then again this type of stuff is exactly why I stopped paying you money years ago.

Just remember this: at the kernel command line: init=/bin/sh (you may need to also specify your root partition as being read-write, i.e. for /dev/sda1 init=/bin/sh root=/dev/sda1 rw)

Rebooting is soooooo '80s

Anonymous's picture

Well, that was rather uncalled for...go get yourself some ice water. This tip is didn't pay for the entire issue of the printed magazine....sheesh.

First of all, if you already have a access to a root shell prompt, remounting the root file system to run the passwd command is much quicker (and much more elegant). Suggesting a reboot of the entire machine just to get to a prompt that allows you to change the root password is just as bad of an idea as you claim this tip is.

FYI -- you can also replace the 'root' account information line in both the /etc/passwd and /etc/shadow files to either a known good-working one or no password at all. Just make sure the GID and UID remain at 0 otherwise, root is nothing better than a normal user...

Of course, all of these methods are much easier than trying to change the password on a Redmond-based OS's...unless you have a Linux boot disk, of course... ;).

How to avoid reseting by

Pawka's picture

How to avoid reseting by this way?

how to avoid resetting..

Anonymous's picture

1. Set grub password.
2. In BIOS, prevent booting from CD and external media (USB, firewire)

Physical access means game over...

Dan Fekete's picture

A bootloader and bios password are great deterrents... but don't rely on them to protect you. All one has to do is plug the hard drive into another system, mount and chroot as described above.

... unless you encrypt your data

Steven Bakker's picture

All one has to do is plug the hard drive into another system ...

Indeed, once someone has physical access to your hardware all bets are basically off. The only feasible way of protecting your sensitive data is to use strong encryption and not store the encryption keys (or store them as far away from your data as possible).

See also which has tips for encrypting your (root) FS while booting off of a USB flash disk (so you only bring the two together when you boot).


Slacker 12.2's picture

It's simple.
Password-protect your bootloader(LILO or GRUB) and BIOS.
That way if anyone tries to boot your system to single-user mode he'll be immediately required to give the password.
Same goes to BIOS, if anyone tries to change your boot sequence to CD/DVD drive, they must give the BIOS password first in order to change the said boot sequence.