Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

comp.security.unix and comp.security.misc frequently asked questions
Section - How do I recover from forgetting my root password? (Similarly: I messed up the root line in /etc/passwd and can't su or login as

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Business Photos and Profiles ]


Top Document: comp.security.unix and comp.security.misc frequently asked questions
Previous Document: How do I prevent my machine from announcing OS version, daemon version, etc in the banner message?
Next Document: Is a portscan of a machine malicious/illegal/unfriendly?
See reader questions & answers on this topic! - Help others by sharing your knowledge
	root; what do I do?)

Basically, you want to boot from CD/floppy or in single-user mode.
Single-user mode in some versions of unix still prompts for the root
password, but can nevertheless be used to recover from messing up the root
line in /etc/passwd farther along, e.g. changing the shell to something
inappropriate.  And in some versions of unix it doesn't ask for the password.

To boot in single-user mode, in a prom monitor (e.g. L1-A on a Sun, or press
ESC while booting an SGI), you want a command like "single" or "boot -s"
or "b -s".  At the linux LILO prompt, you want something like "linux s".
If "linux s" gives you problems, "linux init=/bin/sh" might bypass the
normal boot sequence and just give you a shell, but you'll have to remount
the root filesystem (see below).

After single-user mode, it's cleaner to reboot rather than to press ^D to
do the multiuser boot, because the init "runlevel" mechanism is hacky.

It might be more rewarding to boot from OS installation media.  They usually
give you the opportunity to run a shell (e.g. in irix inst, type "sh"; in
redhat linux, press ctrl-alt-F2; in solaris, get a menu with the right button
in the background and select "command tool" in the "utilities" submenu).
In this case, do a "df" to find your root partition on something like /root
or /mnt (or, in solaris, /a).

Sometimes it's easier to make like a "cracker" and break in to it.
I imagine that most people who forget their root password have machines
which can easily be broken into...

Once you're in, you can edit the password file (or /etc/shadow as
appropriate), or you can change the password without supplying the old one
as root by typing "passwd root".  (Depending on how you got there, a plain
"passwd" might not know it's root's password you're trying to change.)

If you clear the password entry, be disconnected from the internet until
you've set a new root password (probably after a normal reboot).

If the above doesn't answer your question, please look for a faq specific
to your version of unix; if you end up posting here, please state precise
version of unix including version number (e.g. "irix 5.3", not just "5.3").

Problems editing the password file or running "passwd root" include:

/usr might not be mounted in single-user mode (and /bin might be a symlink to
/usr/bin, so most things might be on /usr).  You can probably just type "mount
/usr" or "/sbin/mount /usr".  Other filesystems might also be unavailable
but probably aren't needed just to change the password (and you're about
to reboot to get things back to normal after you change root's password).

The root filesystem might be mounted read-only, depending on how you
got there.  "mount / -o remount,rw" might fix this.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA