Saturday, August 14, 2010

Recovering root password in linux (Red Hat)


Introduction:
Sometimes a system administrator can come across a situation when he need to perform some administrative tasks on the linux box but unable to do so due to unavailability of root password for any reason. The root password can be recovered by performing the following steps on the linux box.
Prerequisites:
To perform the following steps you need physical access to the server or a web console and downtime as server reboot is required.
Method 1(Single user mode with grub as boot loader):
  1. Reboot the linux box.
  2. In the grub screen, select the kernel to boot and press a to append the kernel boot options. (If you have password configured for grub and you forgot the root password as well then follow Method 2 to recover root password)
  3. Type “1″ or “single” at the end and press enter to boot the linux box in single user mode.
  4. Once you get the # prompt execute passwd command to set new root password.
  5. Reboot the linux box in normal mode (init 3 or 5) and login as root with new password.
Method 1 (Single user mode with lilo as boot loader):
  1. Reboot the linux box.
  2. On the lilo boot prompt, type linux single and press enter.
  3. Once you get the # prompt, execute passwd command to set new root password.
  4. Reboot the linux box in normal mode (init 3 or 5) and login as root with new password.
Method 2 (Rescue Mode):
  1. Reboot the linux box.
  2. Boot from the linux boot cd. At the boot prompt, type linux rescue and press enter to boot linux in rescue mode. At the end, the boot program will search for root environment and mount as /mnt/sysimage.
  3. Change the root to /mnt/sysimage by executing chroot /mnt/sysimage command.
  4. Edit /etc/shadow file and remove the root password. When you edit the /etc/shadow file, you will see something liike “root:$1$YI044.3/$wQsdPfMXdbJXGK6iyBLDV.:14012:0:99999:7:::”. The text marked in red is the root password separated by colons (:). Delete the root password and save the file. The root entry in the /etc/shadow file should look like “root::14012:099999:7:::” after deleting the root password.
  5. Reboot the linux box in normal mode (init 3 or 5) and login as root with blank password. Once you get # prompt, execute passwd command to set a new password for root user.
  6. Log out and relogin as root with the new password to make sure that the password is changed.