One of the fundamental pillars of Linux is its security. This operating system, like any other, makes use of passwords to prevent unwanted users from accessing the system. Each user has their own password, as well as a complex level of privileges that define what they can do, what not, and what parts of the operating system they will have access to and which ones they will not. And above all user accounts is the master account, the administrator account: root.
The root account of Linux operating systems is the account with the highest level of privileges on the system. This account is the equivalent of SYSTEM on Windows systems, it is the one that has access to everything above all else. And, therefore, it is the one that should be best protected, since everyone who has access to this account will have full control over the operating system.
If for some reason we lose the root account, the truth is that we will lose control over our computer. In case this happens, before opting for the radical and reinstalling the operating system (something unfeasible in many situations), below we will explain how to recover this password to regain control over the PC.
Differences between root, su and sudo
Although for many these 3 concepts may seem the same, in reality there are quite a few differences between them that we must know.
The first one we are going to talk about is root. Root is the Linux superuser account, the one with absolute redo and undo privileges on the system. Only this user can perform low-level configuration, and it is one of the most basic security and protection measures on Linux systems. The rest of the users will always have a lower privilege level. And furthermore, it is never recommended to log in with this user, but to use it through other commands to gain privileges.
Su, on the other hand, is the acronym for “substitute user”, that is, it allows us to change users without logging out with the current user. This command is used when we have to execute commands with another user with more privileges (such as root, for example) from the terminal but we do not want to leave ours. With the command «su», followed by the name of the user, we will execute the commands directly with his user.
Lastly, let’s talk about sudo . This command, super user do, allows us to execute programs and commands with the level of superuser privileges, but with a series of security restrictions defined within / etc / sudoers. This is the most used command to work with root mode, since it is the most comfortable, simple and, of course, recommended.
As we can see, in the end the most important of the three is root. The other two are basically “ways” to get your permits. If we do not know, or have forgotten, the root password of any Linux distro we will not be able to use either Su or Sudo.
How to reset root password in Linux
This process is not very complicated, and we can do it in two different ways: using a Live CD or from the GRUB boot loader of our distro.
Using a Live CD to regain control of Linux
The first of the recommendations that we are going to make is to use a Live CD of a Linux distribution to carry out this task. This method is the simplest, fastest and most intuitive that we can use for this process.
The first thing we must do is create an Ubuntu Live CD on a USB memory to be able to start the computer from it. It would also work with any other distro that has Live Mode.
When we start the computer, we will choose the option ” Test Ubuntu ” and wait for it to load the system into RAM. We remember that Live Mode does not make changes to hard drives, so our data will be safe.
Once we have our Ubuntu loaded, the next step will be to open a terminal. We can do this from the list of applications or with the keyboard shortcut « Ctrl + Alt + T «.
Once we have the terminal in front of us, we execute the following command to get root privileges in Ubuntu Live:
The next step will be to identify the partition where we have our Linux installed. To do this, we execute the following command:
In our case it is / dev / sda. Now the next step is to mount the system partition to be able to work with it using the following commands.
mount /dev/sda1 /mnt/recover
We already have the Linux that we cannot access within the Live Linux that we just assembled. Now we will execute the following command to start working on this directory:
Now we execute the following command to change the root password in our Linux:
If we want to change the password of any other user, we can use the same command, but changing “root” by the name of the user in question.
We have already changed the root password. Now we only have to execute “exit” to exit the chroot, the command “umount / mnt / recover” to unmount the system partition that we have mounted and again “exit” to exit root.
Now we restart the computer and that’s it. The new root password is now available to work with.
Recover the administrator password from GRUB
If we don’t have an Ubuntu Live image handy and we urgently need to recover the password, there is another way to do it: through GRUB.
To do this, we will restart the computer, but, instead of entering our Linux, we will stay in the boot loader, which is probably GRUB. In it, we will select the option « Advanced options for Ubuntu «. And in the new screen that will appear, we will choose one of the ” Recovery Mode ” entries that will appear.
We will see the recovery menu of our Linux. Of all the options that appear, the one that interests us is the one marked as “root”, since it will allow us to open a superuser console.
We are now inside a recovery console with superuser permissions. The first thing we will do is mount the root of our Linux with write permissions (since by default it only has read permission) to be able to work with it:
mount -o rw,remount /
Once this is done, we can only use the passwd command to change the password of our Linux:
Clever. Now we will execute the “sync” and “reboot” commands so that the changes finish being applied to the hard disk and restart the computer.
When the system boots, we can use it with the new root password that we just established.
How to prevent them from recovering the root password
As we can see, any user could break the super administrator password of our Linux and get full access to it. You would simply need to have physical access to the PC, and the computer to boot from memory to load the Live image, or simply have access to the GRUB of the PC.
If we want to strengthen the security of our computer we can resort to one of the following techniques. First of all, we can put a password to the PC’s UEFI BIOS to prevent anyone, without the password, from being able to log in. But this password can be cleared relatively easily by removing the battery from the motherboard.
Therefore, another safer way to prevent anyone from using our Linux or restoring our password is to apply an encryption to the disk. Without the encryption password, the data will be totally inaccessible, and nobody will be able to do it even from a Live. Of course, if we forget the password, we must know that we will not be able to re-enter the PC, and we will have no choice but to format.
Protect Linux if you have Dual Boot
Another way they can take control of our Linux is from another operating system. Even if we have our distro correctly configured to prevent anything or anyone from entering it without permission, there is always the option to enter from the other side. For example, they can remove the hard drive from the PC and mount it on another PC, or, if we have Dual Boot, access it from the other operating system, either Windows or Linux.
No matter how many permissions we configure, if the other person tries to enter the Linux data from Windows (using WSL, or a program to read EXT), they will be able to do so with practically no problems. There is no simple way to protect ourselves in this regard. Once inside, you could modify the passwd file and get a superuser account on Linux.
Therefore, if we really want to protect our data and our hard drive, and prevent anything or anyone from taking control of said account, the only thing we have to do is resort to encryption techniques. In this way, without the key, you will not be able to access the hard drive.