How to change a lost root password

There is no single way Linux distributions handle the root account and its password. Some, like CentOS (and, by extension, RHEL and Fedora) ask you to select a password for root and one for the user you’re going to use on a regular basis, while others, like Ubuntu or Linux Mint, disable root logins by not setting up a password for that user (although it’s still possible to assign one at a later time).┬áIf you have a Linux computer running headlessly somewhere in your home or office (as it would be the case for a NAS), forgetting the root password is more than a possibility and you may be tempted to format your computer and start from scratch if you don’t know how to reset it. But fear not, because today we’re showing you how to change your lost root password.

Getting everything ready

Before you start with the procedure itself, you’ll need to make sure that you have everything you need. Hooking up your Linux computer to a monitor and keyboard is mandatory, whereas the mouse isn’t required at all, for we’re going to use the command line only. You can use a spare keyboard you have lying around, or disconnect it from your main computer and connect it to the headless box. In this regard, using a USB switch like the one I talked about before is very convenient.

Power off your headless computer by pressing the power button for a short time (don’t hold it pressed, for that won’t ensure the system is shutting down properly) and, when the power LED goes off, hook the keyboard and monitor to it. If the computer is usually running in a hard-to-reach place, like a closet, you may want to move it to attempt the recovery procedure. When everything is ready, power it on again.

Editing the boot arguments

Linux uses a bootloader, a program that allows the operating system proper to boot, called GRUB 2. To the end user, the boot loader appears as a text-based menu where the operating system to boot can be chosen, such as shown in this picture.

The GRUB 2 menu. Its appearance may vary based on your actual Linux distribution, but it works exactly the same way in every case.

Be quick because this screen lasts only a handful of seconds (five to ten, depending on your distribution). To prevent automatic booting from happening, you may press Esc when the bootloader menu appears. Press E to edit the first item in the list. You’ll be shown a short script that describes how the operating system should boot. Scroll down using the down arrow until you reach the line starting with Linux, as shown in the screenshot below:

Press End to go at the end of this line and add the argument rd.break, then press Ctrl + X to proceed with operating system loading.

NoteNote: The changes you make in this screen are not permanent, but will be lost when the system next reboots, which is good because you won’t need to make changes a second time.

Working in initramfs

What we just did is loading initramfs, a barebone operating system that has the task of initializing hardware so that the boot procedure may proceed on to later stages. By preventing the computer to go past initramfs, we can enter a minimal maintenance mode that requires no root password.

However, you may notice that many commands you’re accustomed to, including passwd, do not work in this mode. This is because the hard disk is currently mounted as read only. We want to remount it so that we get read and write access to it. To do this, let’s use the command

mount -o remount,rw /sysroot

Now we need to change the root to /sysroot to get access to the operating system’s programs with the command

chroot /sysroot

Changing the password

It’s now time to change the password with the passwd command.

You’ll be asked to enter your new password twice. Do so and we’re pretty much done.

SELinux relabeling

In case your computer uses SELinux for security purposes, we’ll also need to update its labels. Failing to do so will prevent anyone from logging in. To prevent this, create a file named .autorelabel in the root of the file system with the command

touch /.autorelabel

You may now reboot your computer by pressing the reset button.

About Andrea Luciano Damico 137 Articles
Andrea Luciano Damico is a freelance translator from Italy. Among his interests are linguistics, technology, video games, and generally being a chill guy. He runs Let's Translate.it and Tech4Freelancers.net.