Forgot the root password in debian

It is possible to boot a system and log on to the root account without knowing the root password as long as one has access to the console keyboard.

This is a procedure which requires no external boot disks and no change in BIOS boot settings. Here, "Linux" is the label for booting the Linux kernel in the default Debian install.

Solution 1

At the lilo boot screen, as soon as boot: appears (you must press a shift key at this point on some systems to prevent automatic booting and when lilo uses the framebuffer you have to press TAB to see the options you type), enter:

boot: Linux init=/bin/sh

This causes the system to boot the kernel and run /bin/sh instead of its standard init. Now you have gained root privileges and a root shell. Since / is currently mounted read-only and many disk partitions have not been mounted yet, you must do the following to have a reasonably functioning system.

init-2.03# mount -n -o remount,rw /
init-2.03# mount -avt nonfs,noproc,nosmbfs
init-2.03# cd /etc
init-2.03# vi passwd
init-2.03# vi shadow

(If the second data field in /etc/passwd is "x" for every username, your system uses shadow passwords, and you must edit /etc/shadow.) To disable the root password, edit the second data field in the password file so that it is empty. Now the system can be rebooted and you can log on as root without a password. When booting into runlevel 1, Debian (at least after Potato) requires a password, which some older distributions did not.

It is a good idea to have a minimal editor in /bin/ in case /usr/ is not accessible
Also consider installing the sash package. When the system becomes unbootable, execute:

boot: Linux init=/bin/sash

sash serves as an interactive substitute for sh even when /bin/sh is unusable. It's statically linked, and includes many standard utilities as built-ins.

Solution 2

Boot from any emergency boot/root disk set. If /dev/hda3 is the original root partition, the following will let one edit the password file just as easily as the above.

# mkdir fixit
# mount /dev/hda3 fixit
# cd fixit/etc
# vi shadow
# vi passwd

The advantage of this approach over the previous method is one does not need to know the lilo password . But to use it one must be able to access the BIOS setup to allow the system to boot from floppy disk or CD, if that is not already set.