How to unlock root, add admin privileges (using sudo) and reset root password in Linux

  • How to unlock root from login (and ssh)
# set a password will unlock root
$ sudo passwd

# to lock back use '-l'
$ sudo passwd -l root

# to enable/disable root ssh login
$ cat /etc/ssh/sshd_config
PermitRootLogin yes
$ service sshd restart

see passwd@man

  • How to add administrator privileges to users
# add user to sudo(rhel) or wheel(ubuntu) group
$ sudo usedmod -a -G wheel username
$ newgrp wheel

# if not defined, define a group to allow to execute any command
# note: need to be in 'sudo/whell' to edit sudoers
$ cat /etc/sudoers
%wheel ALL=(ALL) ALL
# same but without password
# optionally set sudo session timeout (default is 15 mins, <0 never expires, 0 asks every time for password)
Defaults env_reset,timestamp_timeout=10

# if you get 'username is not in the sudoers file' then
# reboot into recovery mode (or single-user mode)
$ mount -o remount,rw /
$ usermod -a -G sudo username
$ exit

see sudoers@man

  • How to reset root password using single-user mode
# pre-GRUB2, boot into single-user mode by 'esc' or 'shift' to enter GRUB menu and append '1' (for runlevel 1)

# in GRUB2 root passwd is now required to operate in single-user mode so 
# find 'linux' line and replace 'rhgb quiet' with 'init=/bin/sh' (or 'rd.break' to drop to emergency mode)

# ctrl+x to boot
$ passwd
$ exit (or reboot) 

# if 'passwd' is read-only then
$ mount -o remount,rw /

# alternatively to single-user mode is boot into recovery (ubuntu only)

from lostpassword@ubuntu and resetpasswd@centos


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s