Recover Root Password in Linux

Forgot your Linux root password? If you have physical access to the machine, you can recover it. These are some quick steps to recover your password (assuming GRUB is your bootloader):

How To?

• During boot, go to the GRUB menu.
• Select the desired boot line from the GRUB menu and press 'e' (Edit). You will see another menu with boot options in it.
• Select the kernel line in that menu and press 'e' (Edit)
• Append the following at the end of the kernel line: init=/bin/bash. Press Enter to come out of the edit mode.
• Press b to boot the selected boot menu item. The system will boot into a root shell.
• The root partition will be mounted in read-only mode. You now need to remount in read-write mode using: mount -o remount, rw /dev/sdax. Here x is the device number.
• Now execute the passwd command to enter the new password. Thats it. Reboot the system.

Root Password Vulnerability

Anyone who has physical access to the system can reset the root password of the system. How do you make your system less vulnerable to this?

1. Disable the boot prompt. So the above 'init' trick won't work.
2. Disable the "Boot from CD" option in the BIOS. Attacker cannot boot your system from a bootable linux CD now. Thus she cannot get into the "linux single" mode.
3. Password protect your BIOS, so that no one can change the setting in Step-2 above.
4. The only way a person can reset your root password now is by physical access to the system motherboard in order to erase the CMOS settings. This is generally done by some jumper settings or DIP switches on the motherboard. Once the CMOS settings are erased, the attacker can change your boot options from the BIOS setup.

The above steps are certainly not foolproof. But they make it much harder to reset the root password.