In unfortunate situations, IT administrators lose root passwords. Fortunately, IT security is usually foiled by physical access to the device. Below is an example of how one could reset the root password to a XCP-ng hypervisor, but these instructions would be generally applicable to most Linux systems.

While being physically present during the booting phase, stop the GRUB screen from automatic selection, choose any of the options, and hit ā€œeā€ to modify the option. Modifications made at this screen is not saved, so rest assure that the next boot will revert any potentially bugs you add. Replace the word ro with rw, and word splash with init=/bin/bash. The purpose is to mount the filesystem in a read-write mode, and to drop you into a bash screen instead of the XCP-ng splash screen. Instead of init=/bin/bash, one could also use init=/bin/sh. To continue, hit either F10 or Ctrl-c to execute the modified commands as the GRUB screen suggests.

The boot will now land you with a bash terminal. Type in passwd and proceed to enter your new password twice. Hopefully, the root password is now changed for you. If not, read on.

You might find the bash terminal being unresponsive to keyboard inputs. This is due to the USB drivers not being loaded properly. To rectify this, either

  • Plug your keyboard into another USB port, ideally a USB 2.0 instead of a USB 3.0 port.
  • Modify your BIOS with regards to the XHCI settings to change how the USB port behaves.
  • Leave the file system in the read only (ro) mode.

Somehow, the last option worked for me for reasons I have not figured out. Why does mounting in an ro mode gives me a responsive keyboard and a rw mode does not? Let me know if you have the answer. Anyway, if you reach the bash/shell terminal with a responsive keyboard but in only an ro mode, you might excitedly be typing in your password twice only to find out that it does not work.

bash-4.2# passwd
Changing password for user root.
New password: ***
Retype new password: ***
passwd: Authentication token manipulation error
bash-4.2# _

To rectify this, manually remount the file system in a read-write mode with your now-working keyboard (take note of the / character at the end of the command).

mount -o remount,rw /

The root password can now be changed.

bash-4.2# mount -o rw,remount /
bash-4.2# passwd
Changing password for user root.
New password: ***
Retype new password: ***
passwd: all authentication tokens updated successfully.
bash-4.2# _

If adding commands at the GRUB screen does not work, another option would be to run some Linux live CD and enter the following to mount the device partitions as the root drive and passwd there(src).

sudo su -
fdisk -l              # List partition and identify the correct one
mkdir /mnt/recover    # Create dummy dir in preparation for the mount
mount /dev/sd[abc][0-9] /mnt/recover
chroot /mnt/recover
passwd root
exit
umount /mnt/recover
exit
sudo reboot

If fdisk does not show a sensible partition for mounting, maybe you have logical volumes. Search for logical volumes with the following.

pvscan
vgscan
vgchange -a y
lvscan

Good luck.

References

The Arms Race: Attacks and Defense

How to reset an administrative root password on XenServer 7 Linux