Punishment for laziness – root password recovery

I had a new idea for adding one more computer to my life.  The task was to actually provide some fun new functionality to my family and I attacked the task.

At the beginning, I needed to log in as root fairly often to get Apache setup and configured as well as some of my own customization’s.  Because of this, all the passwords were at the tip of my fingers.  My customization’s got better and better so eventually I rarely logged into the computer at all, not as root, nor even as a normal user.

One day I actually did need to log in as the root user only to discover that I couldn’t remember the password.  There was no fear, as I normally have all my passwords in a password safe.

Well, I must have been distracted when setting up that computer because I failed to write down any of the information.  This pretty much left me with a few options

  1. the application is fine, just use it and never change it
  2. copy my configuration and scripts and re-setup the computer
  3. find a way to reset the root password

I had to do this once before for a Linux Mint computer that I setup.  I was hoping that these instructions would do the trick.  This time it was a Debian (8.2) system.  The method to do this is really easy.

Attempt #1

  1. change kernal parameters from grub to boot to a shell
  2. change the password

For some reason, when I did this with this machine the prompt would come up and then the machine would hang.  I wanted to do a quick update to ensure that everything was up to date but didn’t have the root password.

Attempt #2

  1. change kernel parameters for group to boot to single user mode
  2. use passwd to change the password

I was experiencing the same difficulties with this option as experienced with the first attempt.  The machine would boot to single user mode and hang.

Attempt #3

  1. boot with a live disk
  2. mount root partition
  3. change shadow file

Despite the supposed difficulty of this option, there really is nothing to it.  The only problems that this computer system was sitting in the corner headless.  This doesn’t really increase the difficulty of the task other than the additional effort of moving the computer and connecting up the accessories.

This computer is actually just a tiny one with no CD/DVD rom drive.  Thus the task was slightly changed to the following.

  1. download a live image
  2. create bootable USB stick
  3. boot computer from USB stick
  4. mount root partition
  5. change shadow file

The description of how to actually reset the root password via the shadow file is really well described in a lot of places, but the site that I used was


You only need to change the line for the root user in the shadow file and don’t need to do anything with the password file.  In the tutorial the password is reset to nothing, so you do need to make sure that this server is not reachable by anyone else during this critical time.

I did find one more interesting method that could be used to reset the password.

Runner up

  1. boot a live disk
  2. mount the root partition
  3. chroot to disk
  4. use passwd to change password of root user

This also would have been a pretty simple option but I was a bit concerned that the distribution that was being booted didn’t match the one that was installed.


It was a very interesting evening but actually it should be considered more of a punishment for failing to keep better track of a system that I setup.

This should also serve as a object lesson that security.  If someone else has unlimited access to the physical computer it is no longer secure.

This entry was posted in Command line and tagged , . Bookmark the permalink.