How to Boot Debian into Single-User Mode to Reset Forgotten Root Password


3 views

When attempting to reset a forgotten root password on Debian, many users encounter a confusing GRUB menu that doesn't match older tutorials. The key difference is that modern Debian systems use linux instead of the traditional kernel line in GRUB configuration.

Here's how to properly modify the boot parameters:

  1. At the GRUB menu, press e to edit the boot entry
  2. Locate the line starting with linux /boot/vmlinuz...
  3. Find the quiet parameter and replace it with:
init=/bin/bash

The modern Debian GRUB configuration differs from older versions in several ways:

  • UEFI systems use linux instead of kernel
  • The init parameter is more reliable than single for password recovery
  • Newer kernels handle boot parameters differently

Here's what your modified line should look like:

linux /boot/vmlinuz-5.10.0-9-amd64 root=UUID=xxxx ro init=/bin/bash

After booting, you'll need to remount the filesystem and change the password:

mount -o remount,rw /
passwd
sync
exec /sbin/init

If you encounter issues:

  • Check for typos in the boot parameters
  • Ensure you're editing the correct menu entry
  • Try alternative methods like recovery mode if available

When attempting to reset a forgotten root password on Debian systems, many administrators encounter confusion with modern GRUB2 menus. Unlike legacy GRUB, the bootloader configuration appears differently:

menuentry 'Debian GNU/Linux' {
    linux   /boot/vmlinuz-5.10.0-21-amd64 root=UUID=fc2e5a5f-2e05-4d5d ro quiet
    initrd  /boot/initrd.img-5.10.0-21-amd64
}

In GRUB2, what was previously the kernel line is now displayed as the linux line. This contains the actual kernel parameters we need to modify. The key difference in syntax is:

Old GRUB: kernel /vmlinuz-version ro root=/dev/sda1 single
GRUB2:    linux /boot/vmlinuz-version root=/dev/sda1 ro single
  1. At GRUB menu, press e for edit mode
  2. Locate the line starting with linux /boot/vmlinuz
  3. Find the word quiet (usually near the end)
  4. Replace it with either:
    • single - Classic single-user mode
    • init=/bin/bash - More direct root shell
  5. Press Ctrl+X or F10 to boot

Case 1: If you only see quiet splash, try:

linux /boot/vmlinuz-5.10.0-21-amd64 root=UUID=fc2e5a5f-2e05-4d5d ro init=/bin/bash

Case 2: For systems with encrypted LUKS partitions:

linux /boot/vmlinuz-5.10.0-21-amd64 root=UUID=fc2e5a5f-2e05-4d5d ro single cryptopts=source=/dev/sda2,target=root

Once in single-user mode, ensure filesystems are writable:

mount -o remount,rw /
passwd root
sync
exec /sbin/init

For systems using init=/bin/bash approach:

mount -n -o remount,rw /
chroot /mnt /bin/bash
passwd root
exit
reboot -f

Consider setting up alternative access methods:

# Install and configure sudo for administrative users
apt install sudo
usermod -aG sudo username
visudo

Or enable serial console access in /etc/default/grub:

GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"