Unless otherwise noted, articles © 2005-2008 Doug Spencer, SecurityBulletins.com. Linking to articles is welcomed. Articles on this site are general information and are NOT GUARANTEED to work for your specific needs. I offer paid professional consulting services and will be happy to develop custom solutions for your specific needs. View the consulting page for more information.

---

From SecurityBulletins.com

Written by Doug Spencer 11/19/2006

There are a couple of ways to get into a Linux system where you have lost the root password, if you have physical access to the machine.

The first is easy if you don't have a password on the boot loader.

• Reboot the system.
• Indicate to the boot manager (GRUB, LILO, etc) that you want to edit the boot command
• Add "init=/bin/sh" to the boot command as a kernel parameter.
• Boot the system. It will start up into the shell. You can then update the root password to something you know.

The second is the standard way of recovering from a lost password on a UNIX system:

• Boot from CD-ROM, network, or other media. Start in single user mode from this media.
• Once you have a command prompt in single user mode, mount your root device to /mnt
• Edit the password in /mnt/etc/passwd or /mnt/etc/shadow as the case may be.
• Save the changes. Run 'sync" to synchronize the disks. Change directory to /. Run "umount /mnt"
• Reboot from your standard root disk and login