How To Reset Root Password In Linux – Single User Mode Password Change

by

Resetting the root password in Linux requires booting into single‑user mode or using a live environment to edit the shadow file. If you’ve forgotten your root password, don’t panic—this guide will walk you through how to reset root password in Linux step by step. You’ll learn multiple methods, from simple recovery mode tricks to manual file edits. Let’s get started with the easiest approach first.

How To Reset Root Password In Linux

This section covers the most common ways to regain root access. We’ll focus on GRUB bootloader methods, live USB recovery, and init=/bin/bash tricks. Each method works on most distributions like Ubuntu, CentOS, Debian, and Fedora.

Method 1: Reset Using Single User Mode With GRUB

Single user mode gives you a root shell without a password. It’s the quickest fix for most Linux systems. Here’s how to do it:

  1. Reboot your machine and hold down the Shift key (or press Esc on some systems) to open the GRUB menu.
  2. Select the kernel you want to boot (usually the first one) and press e to edit the boot parameters.
  3. Find the line starting with linux or linux16. It often ends with ro quiet splash.
  4. Change ro to rw init=/sysroot/bin/sh or simply add single at the end. For older systems, use 1 instead of single.
  5. Press Ctrl+X or F10 to boot with these changes.
  6. You’ll land in a root shell. Run passwd root and enter your new password twice.
  7. Type exec /sbin/init or reboot -f to restart normally.

This method works on most modern Linux distros. If you see a read-only filesystem error, remount it first with mount -o remount,rw /. Some systems require you to run mount -o remount,rw /sysroot before changing the password.

Method 2: Using Init=/bin/Bash Kernel Parameter

Another GRUB trick is to boot directly into a bash shell. This bypasses all init scripts and gives you immediate root access. Follow these steps:

  1. Boot into the GRUB menu as described above.
  2. Press e to edit the kernel line.
  3. Find the linux line and append init=/bin/bash at the end.
  4. Press Ctrl+X to boot.
  5. You’ll see a bash prompt. The filesystem is usually mounted read-only, so run mount -o remount,rw /.
  6. Now type passwd root and set a new password.
  7. Reboot with exec /sbin/init or reboot -f.

This method is reliable but may not work if SELinux is enforcing. You might need to run touch /.autorelabel after changing the password to relabel files on next boot. This prevents login issues with SELinux.

Method 3: Reset Using A Live USB Or CD

If GRUB is broken or you can’t access the boot menu, use a live Linux USB. This method works even if your system won’t boot normally. Here’s the process:

  1. Boot from a live Linux USB (like Ubuntu Live or SystemRescue).
  2. Open a terminal and identify your root partition with lsblk or fdisk -l. It’s usually /dev/sda1, /dev/nvme0n1p2, or similar.
  3. Mount the root partition: sudo mount /dev/sda1 /mnt. Replace /dev/sda1 with your actual partition.
  4. Chroot into the mounted system: sudo chroot /mnt.
  5. Now run passwd root and enter your new password.
  6. Exit chroot with exit, then unmount: sudo umount /mnt.
  7. Reboot into your installed system.

This method is bulletproof. You can also edit the shadow file directly if needed (see next method). Make sure you mount the correct partition—if you have separate /boot or /home partitions, mount them too.

Method 4: Manually Editing The Shadow File

If you can’t use passwd, you can manually clear the root password hash in the shadow file. This sets an empty password, which you can change later. Use a live USB or single user mode to do this:

  1. Boot into a live environment or single user mode with read-write access.
  2. Open the shadow file: nano /etc/shadow or vi /etc/shadow.
  3. Find the line starting with root:. It looks like: root:$6$salt$hash:....
  4. Delete everything between the first and second colons (the password hash). The line should become: root::....
  5. Save and exit. In nano, press Ctrl+O, then Ctrl+X.
  6. Reboot and login as root with no password. Immediately run passwd root to set a real password.

Be careful—some systems lock the root account if the password field is empty. In that case, set the hash to * or ! to disable the account, then use sudo to reset it. This method is advanced and should only be used if other methods fail.

Method 5: Using Recovery Mode (Ubuntu/Debian)

Ubuntu and Debian have a built-in recovery mode in GRUB. It’s even simpler than the generic single user mode. Here’s how:

  1. Reboot and hold Shift to open GRUB.
  2. Select “Advanced options for Ubuntu” (or Debian).
  3. Choose a kernel with “(recovery mode)” at the end.
  4. From the recovery menu, select “root – Drop to root shell prompt”.
  5. The filesystem is mounted read-only. Remount it with: mount -o remount,rw /
  6. Run passwd root and set a new password.
  7. Type exit to return to the recovery menu, then select “resume” to boot normally.

This method is user-friendly and works on most Debian-based systems. If you don’t see the recovery menu, your GRUB config might be hidden. Press Esc repeatedly during boot to force the menu.

Method 6: Using Systemd Rescue Target

Modern Linux systems with systemd can boot into a rescue target. This is similar to single user mode but uses systemd’s own mechanism. Follow these steps:

  1. At the GRUB menu, press e to edit the kernel line.
  2. Append systemd.unit=rescue.target at the end of the linux line.
  3. Press Ctrl+X to boot.
  4. You’ll be prompted for the root password—but since you forgot it, this won’t work directly. Instead, use the init=/bin/bash method first, then change the password.
  5. Alternatively, boot with rd.break (for Red Hat-based systems) to break into an emergency shell before the password prompt.

The rescue target is more useful for troubleshooting than password resets. For password recovery, stick with the init=/bin/bash or single user mode methods.

Important Considerations And Warnings

Resetting the root password gives you full control, but it also exposes security risks. Anyone with physical access to your machine can do this. Always encrypt your disk with LUKS to prevent unauthorized password resets. If you have full disk encryption, you’ll need the LUKS passphrase first—this guide assumes you already have that.

Some distributions like CentOS 8 or Fedora have SELinux enforcing by default. After resetting the password, you might need to run restorecon -v /etc/shadow or touch /.autorelabel to fix file contexts. Otherwise, login may fail with “authentication token manipulation error”.

If your system uses Secure Boot, some GRUB edits might be blocked. Disable Secure Boot in your BIOS/UEFI settings if you encounter errors. Also, check if your bootloader is GRUB2 or legacy GRUB—the steps are similar but key names differ slightly.

What To Do If The Password Change Doesn’t Stick

Sometimes the new password doesn’t work after reboot. This usually happens because of:

  • Read-only filesystem during the change. Always remount with rw.
  • SELinux or AppArmor blocking the write. Disable them temporarily with setenforce 0.
  • Shadow file permissions. Ensure /etc/shadow is owned by root and has 640 permissions.
  • Password complexity rules. Some systems require uppercase, numbers, or special characters.

If you still can’t login, boot into single user mode again and check /etc/shadow for the new hash. If it’s empty or corrupted, re-run passwd carefully.

Frequently Asked Questions

Can I reset root password without rebooting?

No, you generally need to reboot to access single user mode or a live environment. However, if you have sudo access, you can run sudo passwd root directly without rebooting.

What if I don’t have physical access to the machine?

You’ll need remote console access (like IPMI, iDRAC, or iLO) to simulate a reboot and GRUB edit. Without that, you can’t reset the password remotely unless you have sudo privileges.

Will this work on cloud servers like AWS or DigitalOcean?

Yes, but you need to use their recovery consoles. AWS EC2 instances can be booted into single user mode via the system log or by attaching the root volume to another instance. DigitalOcean offers a recovery ISO in their control panel.

Is it possible to recover the old password instead of resetting?

No, Linux stores password hashes, not plaintext. You cannot reverse the hash. Resetting is the only option unless you have a backup of the shadow file.

Does resetting root password affect other user accounts?

No, only the root account password changes. Other users’ passwords remain unchanged. However, if you use the same password for multiple accounts, update them separately.

Final Tips For A Smooth Reset

Always test the new password immediately after resetting. Lock the screen and try logging in from a different terminal. If you’re using SSH, keep the current session open until you verify the new password works—this prevents you from locking yourself out.

Consider setting up a sudo user with full privileges to avoid needing the root password for daily tasks. This reduces the risk of forgetting the root password in the future. On Ubuntu, the root account is disabled by default; use sudo -i instead.

If you’re managing multiple servers, store root passwords in a password manager. Write down the recovery steps and keep them accessible. Practice the reset process on a test machine before you need it in an emergency.

Remember, resetting the root password is a straightforward process once you understand the boot process. The methods above cover 99% of Linux systems. Choose the one that matches your distro and hardware setup. With a live USB or GRUB edit, you’ll regain root access in minutes.