Securing your Linux system begins with changing the root password, and knowing how to change root password in linux is a fundamental skill for any administrator. Whether you have forgotten the current password or simply want to tighten security, this guide walks you through every method clearly and safely.
Root access is the most powerful account on any Linux machine. It can install software, modify system files, and manage users. But with great power comes great responsibility—and the need to keep that password secure. Let’s get straight into the steps.
Why Change The Root Password Regularly
Changing your root password periodically reduces the risk of unauthorized access. If someone guesses or steals your current password, they can take over your entire system. Regular updates are a simple but effective defense.
You might also need to change the password after a security breach, when a team member leaves, or if you inherit a system with an unknown password. Whatever the reason, the process is straightforward once you understand the tools.
Prerequisites For Changing The Root Password
Before you start, make sure you have:
- Access to the system via terminal or SSH
- Current root password (or sudo privileges)
- A strong new password in mind
- Backup of important data (just in case)
If you are logged in as a regular user with sudo rights, you can still change the root password. If you have no access at all, you will need to use recovery mode or a live USB—covered later.
How To Change Root Password In Linux
This is the core section of the article. Below are the most common methods, from simplest to more advanced. Follow the one that fits your situation.
Method 1: Using The Passwd Command While Logged In As Root
This is the easiest method if you already know the current root password. Open a terminal and type:
su -
Enter the current root password when prompted. Then run:
passwd
The system will ask you to enter a new password twice. You won’t see any characters as you type—that’s normal for security. Once confirmed, you will see a success message like “password updated successfully.”
That’s it. Your root password is now changed. Make sure to remember it or store it in a secure password manager.
Method 2: Using Sudo From A Regular User Account
If you have sudo privileges but don’t want to switch to root, you can change the root password directly:
sudo passwd root
Enter your sudo password (your user password) when asked. Then type the new root password twice. The same success message appears. This method is faster and doesn’t require you to log out of your user session.
This works on most modern Linux distributions including Ubuntu, Debian, Fedora, and CentOS. Some systems disable root login by default (like Ubuntu), but the root account still exists and can have a password set.
Method 3: Changing Root Password Without Knowing The Current One
What if you forgot the root password and have no sudo access? Don’t panic. You can reset it using recovery mode or a live USB. Here is how.
Using GRUB Recovery Mode (Single-User Mode)
Reboot your system. When the GRUB menu appears, press e to edit the boot entry. Find the line that starts with linux or linux16. At the end of that line, add:
init=/bin/bash
Press Ctrl+X or F10 to boot. You will get a root shell. Remount the filesystem as read-write:
mount -o remount,rw /
Now run the passwd command:
passwd
Enter your new password twice. Then reboot with:
exec /sbin/init
Or simply type reboot -f. Your root password is now changed. This method works on most Linux distros with GRUB.
Using A Live USB
If GRUB recovery doesn’t work, use a live USB. Boot from a Linux live USB (like Ubuntu installer). Open a terminal and find your root partition:
sudo fdisk -l
Mount that partition (usually /dev/sda1 or similar):
sudo mount /dev/sda1 /mnt
Change root into that mounted system:
sudo chroot /mnt
Now you are in your installed system. Run:
passwd
Set the new password, then exit and reboot. Remove the live USB. You are done.
Method 4: Changing Root Password Over SSH
If you manage a remote server, you can change the root password via SSH. Connect to your server:
ssh root@your-server-ip
Or connect as a regular user and then use sudo:
ssh user@your-server-ip
sudo passwd root
Follow the same prompts. Be careful: if you change the password while connected as root, your session stays active, but new SSH connections will require the new password. Test it after disconnecting.
Best Practices For Root Passwords
A strong root password is your first line of defense. Here are some tips:
- Use at least 12 characters with a mix of uppercase, lowercase, numbers, and symbols
- Avoid common words, birthdays, or simple patterns
- Use a password manager to generate and store complex passwords
- Never share the root password via email or unencrypted messages
- Consider using SSH keys for remote access instead of passwords
Some administrators disable direct root login entirely and rely on sudo. That adds an extra layer of security because you need both a user password and sudo rights.
Common Mistakes And Troubleshooting
Even experienced users make errors. Here are frequent issues and how to fix them.
Password Too Weak
Linux may reject a weak password with a message like “BAD PASSWORD: it is too simplistic/systematic.” Use a stronger password. If you really want to use a weak one, you can bypass the check with:
passwd --stdin root
But this is not recommended for production systems.
Passwd Command Not Found
If you see “command not found,” you might be in a minimal environment like a container or recovery shell. Install the passwd utility or use an alternative like chpasswd:
echo "root:newpassword" | chpasswd
Root Account Locked
On some systems (like Ubuntu), the root account is locked by default. You can still set a password, but direct root login may be disabled. To unlock the account after setting a password:
sudo passwd -u root
Or edit /etc/shadow and remove the exclamation mark from the root entry. Be cautious.
Permission Denied
If you get “Permission denied” when trying to change the password, you are not root and don’t have sudo rights. Use the recovery methods described earlier.
Automating Root Password Changes
For system administrators managing many servers, manual password changes are inefficient. You can automate the process using scripts or configuration management tools like Ansible.
A simple script using chpasswd:
#!/bin/bash
echo "root:NewP@ssw0rd123" | chpasswd
Run it as root. For better security, generate random passwords and store them in a vault.
Ansible example:
- name: Change root password
user:
name: root
password: "{{ 'NewP@ssw0rd123' | password_hash('sha512') }}"
Automation reduces human error and ensures consistency across your infrastructure.
Security Considerations After Changing Root Password
Once you change the root password, take these additional steps:
- Update any scripts or services that used the old password
- Check for unauthorized SSH keys in
/root/.ssh/authorized_keys - Review system logs for suspicious activity
- Consider disabling root login over SSH and using sudo instead
- Enable two-factor authentication for SSH if possible
Changing the password is just one part of securing your system. Combine it with regular updates, firewalls, and intrusion detection.
Frequently Asked Questions
Can I Change The Root Password Without Rebooting?
Yes, if you have root or sudo access, you can change it instantly using the passwd command. No reboot is needed.
What If I Get “Authentication Token Manipulation Error”?
This usually means the filesystem is mounted as read-only. Remount it as read-write with mount -o remount,rw / and try again.
Is It Safe To Set An Empty Root Password?
No. An empty password is extremely dangerous. It allows anyone to gain root access without authentication. Always use a strong password.
How Do I Change Root Password On A Headless Server?
Use SSH to connect remotely, then run sudo passwd root or su - followed by passwd. All methods work over SSH.
Does Changing Root Password Affect Other Users?
No, it only affects the root account. Regular users and their passwords remain unchanged.
Final Thoughts On Root Password Management
Knowing how to change root password in linux is a skill you will use again and again. Whether you are securing a personal laptop or a production server, the steps are the same. Always use strong passwords, keep them safe, and change them when needed.
If you ever get locked out, remember the recovery methods: GRUB single-user mode or a live USB. These are your lifelines. Practice them in a test environment before you need them in an emergency.
Take a moment now to review your current root password. If it is weak or shared, change it using one of the methods above. Your system will thank you.