Back to homepage

Reset a lost UNIX password

I found myself needing to reuse a box that was sitting in my room for a longer time unused. After I booted it up I realized that I forgot both the username and the password. That's kindof a problem. I tried to boot into recovery mode via the GRUB entry (debian stable), but it greeted me with a message Press Control-D to continue or give root password for maintenance. Well that's a catch 22.

So how do you reset a password on UNIX?

It's as simple as it gets.

In general changing the root password consists of three steps

  1. Get into a root shell
  2. Remount the root filesystem as rw (otherwise the passwd(8) will fail)
  3. Change the password

Usually its the first step that is difficult. Here are some ways of getting a root shell

Single user mode

Some systems (especially BSDs) have a special boot option that runs the system in single-user mode, and usually gives you a root shell. NetBSD, OpenBSD and FreeBSD use the -s boot flag to bring the system up in single user mode. This should give you a root shell in most cases. See man boot.

Linux based systems take the argument single on the cmdline to boot it single-user mode, but its way easier to tell it to boot bash straight away with init=/bin/bash, which will execute the shell as soon as the kernel boots. This is so far the easiest way to do it.

Activating the boot loader varies on the system, on x86 based machines you usually get a menu that allows you to enter the options, and on Sparc based machines the boot prompt shows up after you press the Break key on the keyboard, or send a break if you are using a serial console

Remounting the shadow file partiton (single-user mode)

Systems booted in single user mode usually do not remount their root file system as rw, so you have to manually remount it. Other filesystems are usually not mounted at all, so if your passwd (shadow) file is on a filesystem separate from the rootfs, then you need to mount it first

On Linux, remounting the / partition is done this way:

# mount -o remout,rw /
BSDs dont have the remount nor rw option so it's done like this:
# mount -w /

It's worth to note here that the system may refuse to mount the filesystem if it was marked dirty, in which case you need to run fsck. It should tell you anyway, so that's easy

Live/Install CD boot

Boot up an OS from a CD (it should be similar, or best, the same that you are recovering, and be the same architecture of course). In my case there was debian stable x64 on the box, and I used an Arch install ISO (because I was sure it has the chroot command which is essential for what we are planning to do.)

Remounting the shadow file partition (in case of livecd boot)

After it boots up and logs you in (or you log in with the default ISO credientials), find out where is your boxes / partition (or, to be precise, where is /etc/shadow or /etc/passwd)

fdisk -l

Now if you spot the partition which might look like your /, mount it:

mount /dev/sdXY /mnt 

Verify it's the / partition

ls /mnt

You should see the usual directories (/bin, /dev, /root etc.). If not, try another partiton (unmount this one with umount /mnt)

Now chroot into your boxes /

chroot /mnt /bin/bash

It's good to provide the shell to run to chroot (/bin/bash) in case the Live CD uses a different shell (in case of arch it uses zsh which was not installed on the debian box, and chroot gave an error).

Running passwd

Now you can reset the password with

passwd

to reset root's password, or

passwd [username]

to reset it for a given user (provided you actually remember your username on the box which was not the case here ;) )

Its worth to mention that at this point you can do many other things, like add users, change groups, run visudo, etc., but I think it's more conveinient to do that when booted from the normal system after you recover your root pass

reboot

If everything went well you should be able to log in to your box with the new password

Other tips and tricks

You can see the list of users by examining /etc/passwd

In single-user mode, FreeBSD will ask for a password if the console is marked as insecure in /etc/ttys

On BSDs, the manpage for the bootloader is boot(8)

On Linux, the boot process is descibed in the boot(7) manpage, but the boot options are in the bootparam(7) manpage

When using a serial console, pressing ^\ (that is Control-backslash) will generate a break. VT320 sends a break after pressing the F5 key, other serial terminals have different keys for that (if you are using one, you probably know it anyway ;-) )

Back to homepage