How to Reset Lost Root Password on Linux

Sometimes, a lost root password reset is needed; perhaps a system administrator has left your place of work and not documented the root password, or you have experienced an error in the operating system error that has halted the system in read-only mode.

To change a password on Linux, like a user account, you’d typically use the Operating System through the passwd command (sudo passwd).

Nevertheless, the scenario differs when dealing with the root account, as a significant portion of the file system is mounted via root processes.

Guide to Reset Lost Root Password

Note: This guide assumes you have physical or virtual access to the server or access to the virtual console

Step 1: Access the GRUB2 Boot Menu

• Power on your server.
• As the server starts, watch for the GRUB2 boot menu to appear. This menu typically displays a list of available operating systems.
• Press the key indicated on the screen (often Esc, E, or Shift) to interrupt the automatic boot process and enter the GRUB2 editor.

Step 2: Modify the Boot Entry

• In the GRUB2 editor, locate the line starting with linux. This line contains the kernel parameters and boot options.
• Using the arrow keys, navigate to the end of this line.
• Add rd.break to the end of the line, ensuring there’s a space separating it from the preceding entry.
  • Example: linux /vmlinuz-.... ro root=/dev/sda1 rd.break
• Press Ctrl+x or F10 (depending on your system) to boot with the modified parameters.

The rd.break command interrupts the boot process, providing you with a shell prompt.

Note: where you add rd.break to interrupt the boot process, make sure to place it after the ro (read-only) parameter. This ensures that the root filesystem is initially mounted as read-only before breaking, reducing the risk of unintended changes.

Step 3 – Mount the Filesystem and Access the Shell

• Mount the system root using the command

 mount -o rw,remount /sysroot/ 

• Access the shell by typing

chroot /sysroot

Step 4 – Change the Root Password

Now type passwd to change the root password

passwd  

Enter a secure password when prompted

Step 5 – Relabel the Root Filesystem and Reboot

Important: now you have changed the root password, you must relabel the filesystem so that the files and folders are aware of the new password hashes. Simply type:

touch ./autorelabel

Now mount disks as read-only

mount -o ro,remount /sysroot

Then reboot

systemctl reboot

Step 6 – Verify Successful Relabeling

Verify Successful Relabeling

After rebooting, verify that the filesystem relabeling process was successful. You can check the progress by running:

restorecon -v / -R

This command displays the changes made to the file contexts. Ensure there are no errors.

Step 7 – Post Recovery Checks

Post-Recovery Checks

After logging in with the new root password, perform post-recovery checks. Verify system logs, check the integrity of critical files, and ensure that essential services are running.

Once the server reboots, you can log in using the newly changed root password. Although it might seem daunting initially, with practice, this process will become more familiar.

Further Reading

The Linux boot process explained

Root is a special user account, and it’s important for system administrators to learn how to reset the root password. It is important to know how a Linux Operating System boots. This tutorial focuses on the GRUB2 bootloader and the startup sequence completed by Systemd.

The Linux boot process is quite simple, you power on your PC or Server, then:

• The system loads BIOS or UEFI
  • BIOS – basic input/output system
  • UEFI – unified extensible firmware interface
• Next Loads GRUB2 (Grand Unified Bootloader version 2)
• Kernel starts
• Systemd starts

To change the root password, you have to break the boot process at the GRUB2 stage.

How to break the Linux boot process

There are 3 ways to break the boot process on Linux. The first 2 ways are manually entered break commands added to the boot.cfg file. The final way is using a boot disk and using rescue mode.

1. Rd.break – enters emergency mode with no system disk loaded
2. emergency  – similar to rd.break but mounts system disk
3. Rescue – like single user mode, disk mounted, and services started

To change the root password, you must use rdbreak because this process doesn’t mount the system disk. Mounting a system disk implements file system permissions. Consequently, you cannot change the root password; instead, you’ll be prompted for the root password.

Technical Q&A

Q1: Why do I need to relabel the filesystem after changing the root password?

Linux uses Security-Enhanced Linux (SELinux) to enforce mandatory access control. SELinux assigns security contexts to files and processes, which dictate how they can interact. When you change the root password, the password hash stored in /etc/shadow is updated. However, the security context of /etc/shadow remains the same. Relabeling the filesystem ensures that the security context of /etc/shadow (and other files) is updated to reflect the changes, maintaining system security and preventing potential conflicts.

Q2: What happens if I don’t relabel the filesystem?

Failure to relabel the filesystem can lead to various issues, including:

• Login problems: SELinux might prevent the system from reading the updated password hash, resulting in login failures.
• Application errors: Applications that rely on files with incorrect security contexts may malfunction or crash.
• Security vulnerabilities: Inconsistencies between file contents and their security contexts can create security loopholes.

Q3: Are there any alternative methods to reset the root password?

Yes, there are a few alternatives:

• Using a rescue disk: Boot from a Linux live CD or USB drive and use tools to mount the root partition and change the password. This method is useful if you cannot access the GRUB menu.
• Using sudo: If you have another user account with sudo privileges, you can use sudo passwd root to change the root password without needing to break the boot process.

Q4: What are some best practices for root password management?

• Use strong passwords: Employ a combination of uppercase and lowercase letters, numbers, and symbols.
• Change passwords regularly: Regular password changes reduce the risk of unauthorized access.
• Store passwords securely: Use a password manager or a secure, offline location to store the root password.
• Implement multi-factor authentication: Add an extra layer of security by requiring a second form of authentication, such as a one-time password.

What to learn more important Linux Procedures? Check out our popular tech quickies.