Table of Contents
Root user can change passwords for all users. Non-root users must know the current password to be able to change it.
If you have forgotten your root password (or the password for the account through which you access root), you will not be able to reset it or even log in to the system.
However, there is a trick to help it.
When the computer starts up, after the low-level stuff is initialized (e.g. the BIOS part on the PC architecture), it will load a bootloader program. The bootloader will then load the first or default OS entry configured in it, which is your Linux installation.
The bootloader can pass additional arguments to the Linux kernel. One of the parameters is
init=. It specifies which
program the kernel will run after it initializes itself. By age-old convention, this program is called
It is the first and only process started by the kernel, and when it starts up it takes care of booting the rest of the system.
The option to overwrite kernel’s default init was originally added to be able to test upgraded versions of
init. The upgrade would usually configure the kernel to boot into
init=/bin/newinit on next attempt, and if
that went OK,
/bin/newinit was copied over the old
/bin/init, and the
init= setting was reverted back
to its default value.
But by modifying the
init= argument ourselves to start a shell like
/bin/sh instead of
/bin/init, we can get root access
to the machine without a password.
Note that this is only possible if the bootloader has been configured to allow modifying the entries, and if it has not been password-protected. But in almost all default installations it is unlocked and allows modification, so this method can be used.
The session to reach the bootloader and boot a kernel with modified configuration could look like this:
Reset the computer.
Wait for the bootloader menu to show up. If it does not show up automatically, try holding Alt or Ctrl key during boot. If it still does not show up, try resetting the machine while halfway booted into Linux. The bootloader might detect a problem and automatically show prompt on next boot.
In the bootloader, locate the entry which you want to boot. It is usually the first entry in the list.
Edit the boot entry (usually by pressing ’e’ to edit).
In the configuration, find a line which mentions “vmlinuz” (not line that mentions “initrd” or any other line).
On the line which refers to “vmlinuz”, press End on the keyboard, or use any other method to get to end of the line (although any position after “vmlinuz” is fine)
Append or insert text
init=/bin/sh, ensuring it is either at the end of the line or there are spaces around it
Boot into the modified entry (usually by pressing ‘Ctrl+x’ to boot the current configuration)
When the machine boots, instead of the usual startup procedure you will be greeted by the root prompt,
This will be a limited environment because there will be no “job control” in it, and also there will be
no TAB completion or other conveniences because we have started
sh instead of
bash. But it will be
more than enough for our purpose, and you could also run
bash or other shells if needed.
Once in the shell, you need to make sure that the root partition is mounted read-write, and then you can change the password. Afterwards, you need to remount the partition back to read-only, to ensure that all buffers are flushed to disk and that the partition will be unmounted cleanly when you reboot.
The whole term session might look like this:
# mount -o remount,rw / # passwd SOME_USERNAME # mount -o remount,ro /
Reboot the machine by typing
shutdown -r now, or pressing
Alt+SysRq+b. (On typical PC keyboards, the SysRq key is labeled “Print Screen”.)
Alternatively, just hard-reset the machine.
(For more information about the “magic SysRq key” see Linux Magic System Request Key Hacks .)
Which method will succeed rebooting may depend, because the machine was booted to a limited environment.
After rebooting, you should be able to log in normally, using the new password.
Funny Story - Password Reset Prank
In the late ’90s I told the trick about
init=/bin/sh to a friend. He went to his college campus and changed
the root password on one of the machines that was used for Usenet posts (mostly binaries). He changed it two or three times that week.
(Important for the story: on Unix there is a thing called motd – message of the day. It is used for
notifications from system administrators to users. Administrators save any important
message to file
/etc/motd and it gets displayed to users automatically on the login screen.)
A couple days after root password was incessantly being reset, the following message appeared in machine’s motd:
I KNOW WHO IS DOING THIS AND WILL DEAL WITH HIM!!!!
Funny Story - Pepper Bites!
A college campus I knew of in the late ’90s used to run SGI IRIX operating system on a number of machines.
One local user brute-forced the systems administrator’s root password. The password was
Then, he decided to prank the admin one evening and change the password. He changed it from
He also sent admin an email from admin’s own address, further mocking him.
In the morning he realized the inappropriateness and tried to use root access to delete the email. However, it was too late, the email was already read.
This article is part of the following series:
1. Basic Unix and Linux
Automatic LinksThe following links appear in the article:
1. Linux Magic System Request Key Hacks - https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html