How To Reset Password In Linux – Sudo Passwd Reset Process

by

Lost access to your Linux account? Using the root recovery method from the bootloader lets you set a new password without knowing the old one. Learning how to reset password in linux is a vital skill for any system administrator or regular user who might forget their credentials. This guide covers multiple methods, from single-user mode to live USB recovery, ensuring you can always regain access.

Forgetting a password happens to everyone. The good news is Linux provides several built-in ways to reset it. You don’t need to reinstall the system or lose your files. The process is straightforward if you follow the steps carefully.

Before starting, understand that resetting a password requires root privileges or physical access to the machine. If you are on a remote server, you might need console access via your hosting provider. This article assumes you have physical or virtual console control.

How To Reset Password In Linux

This section covers the most common and reliable method: booting into recovery mode from the GRUB bootloader. This works on most Linux distributions like Ubuntu, Debian, Fedora, and CentOS.

Step 1: Access The GRUB Boot Menu

Restart your computer. As soon as the system starts booting, press and hold the Shift key (for BIOS systems) or the Esc key (for UEFI systems) repeatedly. You should see the GRUB menu with a list of kernel options.

  • If you see a graphical menu, press e to edit the boot entry.
  • If you see a text-based menu, select the kernel you want to boot and press e.

Step 2: Edit The Kernel Boot Parameters

After pressing e, you will see a screen with boot parameters. Look for a line that starts with linux or linux16. It usually contains words like ro (read-only) and quiet.

Using the arrow keys, navigate to the end of that line. Add a space, then type:

init=/bin/bash

This tells the kernel to start a Bash shell directly instead of the normal init system. Some distributions may require rw (read-write) instead of ro. You can change ro to rw to mount the filesystem as writable from the start.

Step 3: Boot Into Single-User Mode

Press Ctrl+X or F10 to boot with these parameters. The system will skip the normal boot process and drop you into a root shell. You should see a prompt like bash-4.2# or sh-4.2#.

If the filesystem is still mounted as read-only, remount it as read-write:

mount -o remount,rw /

Step 4: Reset The Password

Now you can change the password for any user. To reset the root password, type:

passwd root

To reset a regular user’s password (e.g., username “john”), type:

passwd john

You will be prompted to enter a new password twice. Note that no characters will appear as you type. This is normal. After success, you will see a message like “password updated successfully”.

Step 5: Reboot The System

Type exec /sbin/init or reboot -f to restart the system. Remove any installation media if you used one. Boot normally, and log in with your new password.

This method works on almost all Linux distributions. However, some systems with full disk encryption (LUKS) may require additional steps to unlock the drive first.

Alternative Method: Using A Live USB

If you cannot access the GRUB menu or the system is unbootable, a live USB is your best option. This method is also usefull if you need to reset a password on a system with encrypted partitions.

Step 1: Boot From A Live USB

Create a bootable USB drive with any Linux distribution (Ubuntu, Linux Mint, etc.). Insert the USB, restart the computer, and boot from it. Choose “Try Ubuntu” or “Live session” to get a working desktop environment.

Step 2: Mount The Root Partition

Open a terminal. Identify your root partition using:

lsblk

Look for partitions like /dev/sda1, /dev/nvme0n1p2, etc. The root partition is usually the largest one mounted at / in your installed system. Mount it to a temporary directory:

sudo mount /dev/sda1 /mnt

If you have separate partitions for /boot or /home, mount them as well. For example:

sudo mount /dev/sda2 /mnt/boot

Step 3: Chroot Into The System

Change the root directory to your mounted partition:

sudo chroot /mnt

Now you are inside your installed system with root privileges. You can now reset the password using the passwd command as described earlier.

Step 4: Exit And Reboot

Type exit to leave the chroot environment. Then unmount all partitions:

sudo umount /mnt/boot
sudo umount /mnt

Remove the live USB and reboot. Your password should be reset.

This method is more robust and works even if the bootloader is broken. It also allows you to backup important files before making changes.

Resetting Password On Encrypted Systems

If your system uses full disk encryption (LUKS), you will need to unlock the encrypted partition first. This requires the LUKS passphrase. If you forgot that, you cannot reset the password without reinstalling the system.

Steps For LUKS Encrypted Systems

  1. Boot from a live USB as described above.
  2. Open the encrypted partition using cryptsetup:
sudo cryptsetup luksOpen /dev/sda1 cryptroot

Enter your LUKS passphrase when prompted.

  1. Mount the decrypted device:
sudo mount /dev/mapper/cryptroot /mnt
  1. Proceed with chroot and password reset as before.

Note that some systems use LVM on top of LUKS. In that case, you may need to activate volume groups after opening the encrypted partition:

sudo vgchange -ay

Then mount the logical volumes accordingly.

Using Systemd Rescue Mode

Modern Linux distributions using systemd offer a rescue mode. This is similar to single-user mode but more integrated.

How To Access Systemd Rescue Mode

At the GRUB menu, edit the boot entry as before. Instead of init=/bin/bash, add systemd.unit=rescue.target to the kernel line. Boot with Ctrl+X.

You will be prompted for the root password to enter rescue mode. If you forgot the root password, this method won’t work. In that case, use the init=/bin/bash method instead.

Resetting Password On Cloud Servers

For cloud instances (AWS, Google Cloud, DigitalOcean), you usually have a web console or serial console access. The process is similar but may require mounting the root volume from a recovery instance.

General Steps For Cloud Servers

  1. Stop the instance.
  2. Detach the root volume.
  3. Attach it to a temporary recovery instance.
  4. Mount the volume and chroot into it.
  5. Reset the password using passwd.
  6. Detach the volume and reattach it to the original instance.

Each cloud provider has specific instructions. Check their documentation for detailed steps. The underlying principle is the same: gain root access to the filesystem and change the password file.

Important Considerations And Warnings

Resetting a password using these methods gives you full root access. This is a security risk if someone else has physical access to your machine. Always secure your bootloader with a password to prevent unauthorized resets.

  • Set a GRUB password to protect against boot parameter editing.
  • Use full disk encryption to protect data even if someone boots from a live USB.
  • Regularly backup your data to avoid loss during recovery attempts.

If you are resetting a password for a user other than root, ensure you know the username. You can list all users by checking the /etc/passwd file:

cat /etc/passwd | grep /home

This shows users with home directories, which are typically real users.

Common Issues And Troubleshooting

Sometimes the process does not go smoothly. Here are common problems and solutions.

Filesystem Is Read-Only

If you forget to remount the filesystem as read-write, the passwd command will fail. Run:

mount -o remount,rw /

If you are in a chroot environment, ensure the mount point is writable.

SELinux Or AppArmor Interference

Some systems with SELinux may prevent password changes. You may need to temporarily disable SELinux:

setenforce 0

After resetting the password, re-enable it with setenforce 1. For AppArmor, you can stop the service temporarily.

Keyboard Layout Issues

In the recovery shell, the keyboard layout might be different from what you expect. If your password contains special characters, type carefully. You can change the layout using loadkeys:

loadkeys us

Replace “us” with your locale (e.g., “de” for German, “fr” for French).

Preventing Future Lockouts

To avoid needing to reset your password again, consider these best practices:

  • Use a password manager to store credentials securely.
  • Set up SSH key authentication for remote access.
  • Create a recovery user with a different password.
  • Write down the root password and store it in a safe place.

For system administrators, consider using centralized authentication like LDAP or Active Directory. This reduces the need to manage local passwords.

Frequently Asked Questions

Can I Reset A Linux Password Without Root Access?

No, you need root privileges to change any user’s password. The methods described here give you temporary root access through boot parameters or live USB.

What If I Forgot The LUKS Encryption Passphrase?

Without the LUKS passphrase, you cannot access the encrypted data. The only option is to reinstall the system, which will erase all data. Always backup your LUKS header and passphrase.

Does Resetting The Password Affect My Files?

No, resetting the password only changes the authentication credentials. Your files, settings, and applications remain untouched. However, if you use encrypted home directories, you may need to regenerate the encryption key.

How Do I Reset The Password On A Raspberry Pi Running Linux?

The process is the same as for any Linux system. Insert the SD card into a computer, mount the root partition, and edit the /etc/shadow file or use passwd in a chroot environment.

Is It Possible To Reset A Password Remotely?

If you have SSH access with another user that has sudo privileges, you can reset the password remotely using sudo passwd username. Without any access, you need physical or console access.

Conclusion

Knowing how to reset password in linux is an essential skill that can save you from a locked-out situation. Whether you use the GRUB recovery method, a live USB, or cloud recovery tools, the process is straightforward once you understand the steps. Always secure your system against unauthorized physical access by using bootloader passwords and encryption. With these techniques, you can regain access to your Linux system quickly and safely, without losing any data.

Remember to test these methods on a non-critical system first to build confidence. Practice makes perfect, and having this knowledge ensures you are never permanently locked out of your own machine.