If we don't know the root password and don't have root access to the machine, how can we change the root password?
RHEL – How to Change Root Password
passwordrhel
passwordrhel
If we don't know the root password and don't have root access to the machine, how can we change the root password?
Best Answer
Here are a few ways I can think of, from the least intrusive to the most intrusive.
Without Rebooting
With sudo: if you have
sudo
permissions to runpasswd
, you can do:Enter your password, then enter a new password for root twice. Done.
Editing files: this works in the unlikely case you don't have full
sudo
access, but you do have access to edit/etc/{passwd,shadow}
. Open/etc/shadow
, either withsudoedit /etc/shadow
, or withsudo $EDITOR /etc/shadow
. Replace root's password field (all the random characters between the second and third colons:
) with your own user's password field. Save. The local has the same password as you. Log in and change the password to something else.These are the easy ones.
Reboot Required
Single User mode: This was just explained by Renan. It works if you can get to GRUB (or your boot loader) and you can edit the Linux command line. It doesn't work if you use Debian, Ubuntu, and some others. Some boot loader configurations require a password to do so, and you must know that to proceed. Without further ado:
kernel
orlinux
.Your system will boot up in single user mode. Some distributions won't ask you for a root password at this point (Debian and Debian-based ones do). You're root now. Change your password:
and
reboot
, or, if you know your normal runlevel, saytelinit 2
(or whatever it is).Replacing
init
: superficially similar to the single user mode trick, with largely the same instructions, but requires much more prowess with the command line. You boot your kernel as above, but instead ofsingle
, you addinit=/bin/sh
. This will run/bin/sh
in place ofinit
, and will give you a very early shell with almost no amenities. At this point your aim is to:passwd
running.passwd
command.Depending on your particular setup, these may be trivial (identical to the instructions for single user mode), or highly non-trivial: loading modules, initialising software RAID, opening encrypted volumes, starting LVM, et cetera. Without
init
, you aren't running dæmons or any other processes but/bin/sh
and its children, so you're pretty literally on your own. You also don't have job control, so be careful what you type. One misplacedcat
and you may have to reboot if you can't get out of it.Rescue Disk: this one's easy. Boot a rescue disk of your choice. Mount your root filesystem. The process depends on how your volumes are layered, but eventually boils down to:
Obviously,
$SOME_ROOT_DEV
is whatever block device name is assigned to your root filesystem by the rescue disk and$EDITOR
is your favourite editor (which may have to bevi
on the rescue system). After thereboot
, allow the machine to boot normally; root's password will be that of your own user. Log in as root and change it immediately.Other Ways
Obviously, there are countless variations to the above. They all boil down to two steps: