Recovering Lost Root Password

I hope this never happens to me - or to you. But, if it does, we have the solution at the ready.

This article from Linux Pipeline covers how to recover a system once the root password is lost.

Here is the meat of the article:

Lost Root Password
IMPORTANT: Physically disconnect your PC from the network and the Internet -- pull the Ethernet cable out, eject the wireless card, whatever. Just make sure you're offline. This is to protect your PC from possible Internet-borne attack while you're repairing the password. Please heed this warning and follow this safety procedure. Linux is vulnerable during these steps.

Follow this two-step process. Because the first step varies from distro to distro, we're presenting several alternatives, including an advanced version. The second step is pretty much the same across the board.

Step 1: Red Hat and Mandrake
Start with install CD #1 and boot with it. As the first screen appears, press F2 and type:

rescue (Type "linux rescue" for Red Hat.)

The computer should boot into rescue mode. The screen will display several options. Select: "mount the existing partitions" and go to the shell/console prompt. (Mandrake users: Boot into "failsafe" from the Lilo menu instead.)

Step 1: SuSE
Boot from your first install CD and press F1 at the first screen, then choose "Rescue System" from the menu and at the prompt type:

root (You do not need a password.)

Step 1: Other Distros
Boot from your first install CD (or any live CD like Knoppix) and at the boot prompt type:

linux single (For Knoppix type "knoppix single" without the quotes.)

The computer will boot in single user mode. You will see an odd looking prompt that might look something like: "sh-2.05b#".

Step 1: Advanced Alternative

If you're a regular reader of Scot's Newsletter and you carried out the Rescue CD Linux Explorers tip from the last newsletter issue, you already have a Linux rescue CD, which is required for this alternative to Step 1.

By booting with your rescue CD (or to a live Linux CD, such as Knoppix), you can bypass Step 1, mount the partition and, while logged in as root, skip right to Step 2 and make the changes to the files Step 2 requires.

Step 2
After following Step 1 as appropriate, type the following at the prompt:

# cd /etc (For Knoppix, first you must change directory to the partition with your lost-password distro.)

Step 2 requires you to make changes to these two files: "passwd" and "shadow." Type this line:

# vi passwd (This opens the file with the Vi editor.)

Next, press the I key, which places the Vi editor in Insert mode.

For more on the Vi editor, see the Vi Editor edition of Tips for Linux Explorers.

The first line of the passwd file will probably look like this:

root:x:0:0:root:/root:/bin/bash

Carefully delete the "x" after "root:" being sure to leave the colons in place. The first line should now read:

root::0:0:root:/root:/bin/bash

Save the file by pressing the Escape key and then typing:

ZZ

To edit the second file, type:

# vi shadow

Press the I key to place the Vi editor in Insert mode.

The first line of the shadow file is a long scrambled string of characters. Change it to:

root:::: (That's four colons.)

Save the file by pressing the Escape key and then typing:

ZZ

Now you can reboot your computer. Log in as your normal user, open a console, and type:

$ su
# passwd

And set the new root password. Log out as root:

Ctrl-D

And the job is done!