Resetting root (admin) password using "chroot" (or not) on a LUKS encrypted+lvm filesystem

Sometimes useful if you're locked out of a machine where you've forgotten your user or root password.

  • If you've forgotten your encryption password: .... find a dark corner and weep 'cause you probably wont get in without some black magic.
    If wanted, you can easily change the existing LUKS password from a running system but that's out of scope for this article, though:
    How to Change Your LUKS Encryption Passphrase - Make Tech Easier

Boot up live session ... in console mode will do for our purposes, which is a lot faster.

Become root with "sudo su", (Elive will not prompt for a password) and decrypt the filesystem on the machine you're locked out of (we'll call it "lost-machine" from now on) which, in my case is /dev/sda3.

"cryptsetup luksOpen /dev/sda3 lost-machine"

and enter the decryption password when prompted.

Mount the unencrypted filesystem on "lost-machine" (you'll want the / filesystem where passwords are stored):

"mount /dev/mapper/elive_vg-root_lv /mnt"

  • TIP: make use of hitting Tab (autocomplete) after /dev/mapper to show the system names available and to avoid typos.

Check if it is indeed the wanted root filesystem with "ls /mnt"

and "mount" to see if it is indeed mounted "rw". Specifically "w" for write is a necessity to make changes.

chroot into /mnt :

"chroot /mnt "
And you're running your lost-machine as root in single user mode (init 1)

If you don't know the user name on lost-machine do:

"less /etc/group" where you'll probably be wanting the adm: user ... or to show other users do

"less /etc/group |grep 100"

  • To change the root password simply type "passwd" and enter a password for root and wait for the "successfully changed" message.

  • If you need to change a forgotten user password, like in my case for "triantares" you give the same command with the wanted username added: "passwd triantares" and after entering the new passwords, wait for the success message

And reboot the machine with Ctrl,Altand Del combo.
You'll find the passwords changed as wanted. :smiley14:

Secondly if it's a simple installed system (not encrypted) you wont need 'chroot' at all.

Here's how:
There is:
Boot into the GRUB window (some distros require holding "shift" for that) and hit "e" for edit.

Go to the kernel line and remove "quiet splash" and add " init=/bin/bash" and let it boot.
Then once the command prompt is there:
"mount -o remount,rw /"
"mount -o remount, rw /proc"

Then (for root password):
"passwd" and subsequently change password
This will set a password for root.

If, like on Elive there's no 'root' user then, simply change the password of the user you want to access with username added. In my case that would be(like in the above example):
passwd triantares

and don't forget to do:
Then "reboot" and login as root to administer the system as wanted.