Reset a forgotten root password using a live distribution
Content |
Tested on |
| Debian (Lenny) |
| Ubuntu (Lucid, Maverick) |
Objective
To reset the root password of a machine when it has been forgotten.
(This method is also applicable where the machine is administered from some other account using sudo, as is the default on Ubuntu.)
Scenario
You are unable to log into the root account of a machine because you have forgotten the password. The machine has one hard drive with the following partitions:
- The root partition is
/dev/sda2; -
/usris/dev/sda5; -
/varis/dev/sda6; and -
/homeis/dev/sda7.
Method
Overview
In order to reset the password you need to mount the root filing system of the machine to be recovered, but without booting the operating system on that partition. A convenient way to do this is by means of a live GNU/Linux distribution: one that can be booted from a removable medium without being installed on the machine. It will need to:
- be on a medium that the machine has the ability to boot from;
- be sufficiently compatible with the hardware to at least provide a text console and the ability to mount filing systems (including ones located on RAID devices or LVM volumes if applicable);
- be able to run binaries from the machine to be recovered.
A current version of Ubuntu or Knoppix will suffice for most purposes, but for specialised requirements you may need to look further afield (or even build your own). It is possible to recover a 32-bit (i386) system with a 64-bit (amd64) distribution, but not vice versa.
Boot into the live distribution
In order to boot into the live distribution you may need to reconfigure the BIOS to ensure that the machine boots from the relevant removable device in preference to the hard drive. Remember to revert any such changes when you have finished.
Mount the root partition
Mount the root partition of the system to be recovered:
mkdir /mnt/recover mount /dev/sda2 /mnt/recover
It should not be necessary to mount any other partition unless you have an unusual configuration. Note that the live distribution will not necessarily assign the same device name to each hard drive as the system being recovered (but it should assign the same partition numbers).
chroot into the root partition
The chroot command allows you to move the filesystem root to some subdirectory of the current root. In this case you want to move it to /mnt/recover:
chroot /mnt/recover
This effectively makes you the root user of the system to be recovered. For example, the file that was /mnt/recover/etc/passwd now appears as /etc/passwd. Any commands you execute will use binaries from the hard drive, not the live distribution.
Change the root password
As the root user of the system to be recovered you should now be able to change the root password in the normal manner:
passwd
The passwords for other local accounts can be changed similarly:
passwd user
Because you are root, it should not be necessary to enter the previous password.
Note that passwords provided by a remote authentication protocol such as Kerberos or LDAP cannot be reset using this method.
Exit from the chroot
You can exit from the chroot shell in the same way as any other shell, for example using the exit command:
exit
or by pressing control-D.
Unmount the root partition
umount /mnt/recover
Variations
Directly editing the password file
It is possible to achieve the same effect by directly editing the password file. This is significantly more risky than using the passwd command, but may prove useful if you can edit files but are unable to execute binaries.
The file you need to edit is /etc/passwd. Each line is a colon-separated list of fields, the first two of which are the username and password for an account. Here is a sample:
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh
In each of these four entries of this example the password field is set to ‘x’, meaning that the encrypted password can be found in /etc/shadow. If you replace the ‘x’ (or whatever else is in the second field) with the empty string then no password will be needed:
root::0:0:root:/root:/bin/bash
It would be prudent to make a backup of /etc/passwd before making any changes, because the mapping between usernames and UIDs would be very tedious to reconstruct if it were lost. You should also consider isolating the machine from any networks while it is without a root password, as it will obviously be very insecure during this period.
The ‘x’ should be re-inserted before setting a new root password, otherwise it will be stored in /etc/passwd instead of /etc/shadow.