Therefore, the work of this user must be especially responsible, if for some reason we want to access Linux with this root user and we have forgotten the password, which happens more frequently than you think, we must follow the steps that we will give you here together with the necessary advice to recover said password, having the option to change or delete it without any problem, since, with the use of root, it is simpler to execute the support and administration tasks in the system avoiding the use of “sudo” to said operations.
Change or remove Linux root password via GRUB
GRUB (GRand Unified Bootloader) is the boot loader developed by the GNU project that will allow us to choose which operating system to boot on the computer or on the server. It is normally used in GNU / Linux based operating systems, but it is also capable of booting a Windows operating system without any problem. Other interesting features of GRUB is that it supports configuration commands and can load a default configuration, in addition, we have a menu interface and also a command line to execute whatever we want, it supports all the file systems that are currently used, such as BtfFS, any version of EXT and FAT, NTFS, ZFS and many others. It is also capable of accessing data located on any installed device, and it even supports logical block addressing (LBA) and network booting.
The GRUB is the first thing to load at system boot, the BIOS or UEFI will look for a boot device such as the hard drive or SSD, and it will load the MBR with the GRUB inside. In the first phase, the basic GRUB will start, and it will be in charge of loading the complete GRUB located anywhere on the disk. Once it has loaded, the user will be presented with the start menu, and we will be able to load the Kernel or the operating system that we want.
If we want to recover the root password, or, rather, reset this password, we must turn on or restart the system to access the initial GRUB console, which will allow us to start the password recovery process and that when it is displayed offers us the following options:
For this case we select the initial option, or we enter into the different installed kernels.
We press the «e» key to access the GRUB editor which has the following appearance. There we use the scroll arrows on our keyboard to locate the line that begins with “Linux” and at the end of it is the term «ro single«. We have to change the string «ro single» to «rw init = / bin / bash«. You must remember to also remove the “single”, right now in the next screenshot it is set if you have selected the kernel from recovery mode.
Now we must use the Ctrl + X or F10 keys to start the simple user mode (single-user) and once we access the console line we execute the following command:
What it will do is load in read and write mode by running the bash terminal, to reset the root password. This allows us to enable write permissions in the system startup manager, and to be able to make modifications to the operating system.
We execute the popular command:
And we can change the superuser password easily and quickly. It is in this step when we must choose if we want to change or eliminate the root password, since, if we write something and accept the text, what we have written will remain as a password. If we want to delete it, we will not enter any text and we will also accept as a new password for the root user, then we will receive the confirmation of the change that we have just executed, if we have written something it will be the new password and if we have not written anything, the password will be deleted password and will not ask for it when entering root.
After this we can start Linux again and access with the root user using the password that we have previously established, or accessing directly if we have deleted it.
With these simple steps we will be able to change or eliminate the root password, we only have to look at what we choose in the couple of intermediate steps, since it is the most complicated part of this method, the rest of the steps are simple and in a few minutes we will be able to have Once our root password has been changed or deleted, from here we recommend changing it, because deleting it can be highly dangerous and highly discouraged.
Is this a Linux security flaw?
From the simplicity of the method, it appears that any Linux operating system can be accessed by changing or removing the root password. However, we must bear in mind that it is necessary to be physically on the computer or server, or at least, have an administration interface with physical access to the equipment, in this way, we can access root. It cannot be done remotely through protocols such as SSH or Telnet, only with physical access.
If you want to prevent someone from being able to perform this method to change or remove the root password, you will have to incorporate an authentication password in GRUB, without this password you will not be able to start GRUB and proceed with the step. Another way is fully encrypt the OS partition with LUKS or similar, in this way, it will not be possible to access the change of the operating system if we do not know this password.