Essential Guide for Linux System Administrators: Ultimate Guide to Changing the Root Password

1. General Scenario: Known Regular User Password

Applicable Scenario: When a regular user account with sudo privileges is available

1. Open Terminal<span><span>Ctrl+Alt+T</span></span> to quickly launch the terminal, or search for “Terminal” in the application menu.2. Execute Password Change Command

sudo passwd root

3. Authentication Process

  • First, enter the current regular user password (for sudo permission verification)
  • Enter the new root password twice (it is normal that no asterisks are shown when entering the password)

4. Verify the Change Result

su - root
# Enter the new password to confirm successful login

2. Privileged Scenario: Known Current Root Password

Applicable Scenario: Quick update when root access is already available

1. Obtain Root Session

sudo -i  # or su root + password verification

2. Start Password Change Program

passwd

3. Set New Credentials

  • When the system prompts <span><span>New password:</span></span>, enter the new password
  • Repeat confirmation when prompted with <span><span>Retype new password:</span></span>.

4. Password Strength Check (for some distributions)If prompted with “BAD PASSWORD”, you can force usage (not recommended) or redesign a complex password.

3. Emergency Scenario: Complete Password Forgetting

⚠️ High-risk operation, physical access to the server is required

1. Restart the SystemLong press the power button or execute <span><span>reboot</span></span> 2. Enter GRUB Boot MenuQuickly press <span><span>Shift</span></span> or <span><span>Esc</span></span> key during boot 3. Edit Boot Parameters

  • Select the kernel line and press <span><span>e</span></span> to enter edit mode
  • Add <span><span>init=/bin/bash</span></span> at the end of the <span><span>linux</span></span> line

4. Remount the File System

mount -o remount,rw /

5. Password Reset Operation

passwd root

6. Force Write and Restart

exec /sbin/init

🔥 Advanced Techniques and Security Guidelines

1. Password Policy ConfigurationModify <span><span>/etc/login.defs</span></span> to set password validity period, manage expiration policy through <span><span>chage</span></span> command.2. Key Alternative SolutionConfigure SSH key login, execute <span><span>ssh-copy-id root@localhost</span></span> to enhance security.3. Sudoers Protection MechanismUse <span><span>visudo</span></span> command to configure permission whitelist, avoiding abuse of the root account.4. Password Complexity CheckInstall <span><span>libpam-pwquality</span></span> to enforce passwords to include uppercase/lowercase letters, numbers, and special characters.5. Audit TrackingMonitor root login records through <span><span>lastlog</span></span> and <span><span>/var/log/auth.log</span></span>.

🚨 Important Security Warning

  • Avoid using weak passwords such as birthdays or consecutive numbers (recommended to use a password manager to generate).
  • In production environments, it is recommended to change the root password every 90 days.
  • Do not enable root remote login unless necessary (modify <span><span>/etc/ssh/sshd_config</span></span> to change PermitRootLogin).
  • Enable two-factor authentication (e.g., Google Authenticator) for enhanced protection.
  • Regularly back up important data to prevent system unavailability due to password loss.

With this guide, you have mastered root password management techniques from basic to advanced. It is recommended to bookmark this article and share it with colleagues who need to manage Linux systems!

Leave a Comment