How to reset the root password on a Debian machine

Today I had to bring up an old virtual machine which was used to test some homebrew modifications to the apache webserver. The root password, of course, was nowhere to be found. What can you do?

There are several ways around this issue. A regular Debian system (etch) is normally set up to use the /etc/shadow file to store encrypted passwords. These lines appear like this:


Perhaps the easiest way to replace the password is to boot up from any bootable linux livecd which has support for the filesystem you’re working on. In my case it’s the ext3 file system and the easiest available bootcd was the Debian installation disc.

All you have to do with this is boot from the CD, execute a shell, mount the partition in question, edit the /etc/shadow file and replace the password hash with something you know what is, perhaps from the shadow file on your own box (the password hash is the garble between the first and second colons).

In my case, however, I couldn’t be arsed to find the CD. What can you do without one?

Luckily, there was no password on the GRUB install. This means that when the boot menu shows up, I can press “e” to edit the selection and then press “e” again on the line starting with “kernel”. The whole line reads like this:

kernel  /boot/vmlinuz-2.6.18-4-686 root=/dev/sda1 ro clocksource=pit

All that’s needed here is to change “ro” to “rw” (or you can’t set the password with ‘passwd’) and append “init=/bin/bash“. This makes the system boot up throwing you straight into bash as root, rather than run its regular init routines.

Press “b” to boot.

Pretty soon you’ll end up with a prompt saying “root@none:~“. Unless your box is named “none” this might come as a surprise, but don’t fret. You are logged in on your box.

Then just run the regular “passwd” command to change root’s password.


..another useful thing to do here, which is what I actually ended up doing is edit the /etc/shadow file, replacing root’s password string with a single star (*) and then editing /etc/passwd and remove the x after the first colon on root’s line, leaving it as “root::0:0:root:/root:/bin/bash“. This allows you to log in as root without entering a password at all. NOT RECOMMENDED FOR GENERAL USE.

Leave a Reply

Your email address will not be published. Required fields are marked *