How To Change or Reset Root Password on Ubuntu Linux

Losing the only admin path on an Ubuntu machine gets stressful fast, especially once you discover that root is locked by default. You can change or reset the root password on Ubuntu either from a working sudo session or, when that path is gone, from GRUB recovery mode.

The terminal examples below stay intentionally detailed so you can compare your screen line by line instead of guessing. Both workflows apply to Ubuntu 26.04 LTS, 24.04 LTS, and 22.04 LTS on desktop, server, VM, and minimal cloud images.

The root account starts locked on all three supported Ubuntu releases. A full-disk-encrypted system still needs the disk unlock passphrase before Ubuntu can reach recovery mode.

On this page hide

Change or Reset the Root Password on Ubuntu

Reset a Forgotten Root Password on Ubuntu from GRUB Recovery Mode

Lock the Root Account Again on Ubuntu

Understand How Ubuntu Handles the Root Account

Troubleshoot Changing or Resetting the Root Password on Ubuntu

Change or Reset Root Password on Ubuntu FAQ

Conclusion

Change or Reset the Root Password on Ubuntu

Start with a status check so you know whether Ubuntu is about to set the root password for the first time or replace an existing one.

Check the Current Root Password Status on Ubuntu

sudo passwd -S root

This fast path assumes you still have a working sudo session. If the only admin password is gone or your account no longer has sudo access, skip ahead to the recovery-mode workflow below.

The -S flag prints the password status for the account. On Ubuntu, L means the root account is locked and P means a usable password is set. A default or relocked system looks like this:

root L 2026-03-10 0 99999 7 -1

The date field changes when the password state changes. Ubuntu 22.04 may print that date in 03/10/2026 format instead, but the L or P flag is the part that matters.

Change the Root Password from a Working sudo Session

Run passwd through sudo so Ubuntu updates the root account directly. If the account was locked, this enables password authentication for root. If a root password already existed, the same command rotates it.

sudo passwd root

Enter the new password twice when prompted. Ubuntu does not show characters while you type, and the blank-looking prompt is normal. The clearer visual confirmation comes from the status check in the next step.

Verify the Root Password Status on Ubuntu

Check the account again after sudo passwd root finishes so you can confirm that the password is now active.

sudo passwd -S root

root P 2026-03-10 0 99999 7 -1

Once the status flag changes to P, the root account has a usable password. If the status still shows L, rerun sudo passwd root and make sure both password prompts matched.

Reset a Forgotten Root Password on Ubuntu from GRUB Recovery Mode

When sudo is no longer available, Ubuntu recovery mode gives you a root shell from GRUB. On many Ubuntu systems the real fix is resetting the main sudo user’s password rather than the root account itself, because root starts locked by default.

You need physical access, a hypervisor console, or another out-of-band console for this workflow. SSH alone cannot open GRUB or the recovery menu.

Open the Ubuntu Recovery Shell from GRUB

Reboot or power on the Ubuntu system.
Hold Shift on BIOS systems or tap Esc repeatedly on UEFI systems until the GRUB menu appears.
Select Advanced options for Ubuntu.
Choose the newest kernel entry that ends with (recovery mode).
In the recovery menu, select root – Drop to root shell prompt.

If Ubuntu pauses with a maintenance prompt, press Enter to continue into the recovery shell.

Remount the Ubuntu Root Filesystem Read-Write

The recovery shell starts with the root filesystem mounted read-only. Remount it read-write before you change any password or group membership.

mount -o remount,rw /

Confirm the change before you continue:

findmnt -no OPTIONS /

rw,relatime

Any result that starts with rw, means the filesystem is writable. Ubuntu 22.04 may append extra flags such as errors=remount-ro, which is normal as long as rw is still present.

Choose Which Ubuntu Account to Reset

The recovery shell is already running as root, so you can repair whichever account is actually blocking access. On many Ubuntu systems the urgent fix is the main sudo-capable user, not the root account itself.

Recovery Task	Command	When to Use It
Reset an enabled root password	`passwd root`	You deliberately enabled the root account earlier and forgot that password.
Reset the main admin user’s password	`passwd yourusername`	The normal desktop, console, or SSH password is forgotten.
Restore lost sudo group access	`usermod -aG sudo yourusername`	The password still works, but the account no longer has sudo rights.

If you are unsure which local username needs recovery, list the home directories first with ls /home. On server builds that use a different layout, getent passwd | awk -F: '$3 >= 1000 {print $1}' gives a broader view of normal user accounts.

Reset the Forgotten Password from the Recovery Shell

Run the command that matches the account you are recovering. Replace yourusername with the real account name if you are restoring a sudo user instead of root.

The old password is not required in this shell because recovery mode already handed you a root prompt. You are setting the new password directly, not authenticating through the account you forgot.

# Reset an enabled root account
passwd root

# Reset the main admin user instead
passwd yourusername

Enter the new password twice when prompted. Ubuntu does not echo characters in the recovery shell, so the password field looks blank while you type.

If the recovered user also lost sudo group membership, fix that before you reboot:

usermod -aG sudo yourusername

Verify the Recovered Ubuntu Account Before Rebooting

Check the password status before you reboot so you know the reset actually stuck.

passwd -S root

root P 2026-03-10 0 99999 7 -1

If you reset a normal user instead, run passwd -S yourusername; the same format appears with that username in the first field, and the status should still show P.

Once the password or sudo access is repaired, reboot back into the normal system:

reboot

After Ubuntu starts normally, sign in with the recovered account. If you reset a sudo-capable user, verify administrative access immediately:

sudo whoami

root

If you restored sudo group membership in recovery mode, confirm the user really picked it up after login. You are looking for 27(sudo) or the word sudo in the groups list.

id yourusername

uid=1000(joshua) gid=1000(joshua) groups=1000(joshua),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),100(users),114(lpadmin)

If you reset the root account itself, local su - can work again after boot. SSH root access is separate and still follows the server’s PermitRootLogin policy, so a new root password does not automatically enable remote root logins.

Lock the Root Account Again on Ubuntu

If you only needed temporary direct-root access, lock the account again when maintenance is finished. This restores Ubuntu’s default behavior while leaving your normal sudo workflow untouched.

sudo passwd -dl root

The -d option clears the stored password and -l locks the account, which takes you back to Ubuntu’s default locked-root state.

After relocking the account, confirm that the status flag returned to L.

sudo passwd -S root

root L 2026-03-10 0 99999 7 -1

Ubuntu 24.04 and 26.04 report passwd: password changed. after sudo passwd -dl root, while Ubuntu 22.04 may say passwd: password expiry information changed.. The follow-up status check is the reliable confirmation on all supported Ubuntu releases.

Understand How Ubuntu Handles the Root Account

Setting a root password does not replace Ubuntu’s normal sudo model. Daily administration is still safer through sudo because commands are tied to your personal account and you are less likely to leave a full root shell open longer than necessary. If you only need a one-off root shell and still have sudo, sudo -i is usually the safer choice.

Once the root account status shows P, local commands such as su - can authenticate with the root password. Before that, Ubuntu rejects direct root password login because the account is locked. If your current account does not have sudo access, create or maintain another administrator through how to add a new user to sudoers on Ubuntu instead of relying on a permanent root login.

Check Whether Root SSH Login Is Still Blocked on Ubuntu

A root password only changes the local account. OpenSSH enforces its own PermitRootLogin policy, so sudo passwd root does not automatically allow remote root login over SSH.

sudo sshd -T | grep permitrootlogin

permitrootlogin prohibit-password

If the output is permitrootlogin no or permitrootlogin prohibit-password, root password logins over SSH are still blocked even though su - works locally. Keep that separation unless you have a specific recovery requirement, and review how to install SSH on Ubuntu if you need to manage the SSH service or its authentication policy.

Troubleshoot Changing or Resetting the Root Password on Ubuntu

GRUB Does Not Appear During Boot

Fast boot timing is the usual reason. Reboot again, hold Shift earlier on BIOS systems, or tap Esc repeatedly on UEFI systems until GRUB appears. On cloud instances and headless VMs, use the provider or hypervisor console because SSH cannot reach the boot menu.

The Root Filesystem Still Looks Read-Only

If the password change does not persist after reboot or a tool refuses to write, the remount step probably did not take. Run the remount command again, then confirm that the options start with rw,.

mount -o remount,rw /
findmnt -no OPTIONS /

rw,relatime

Full-Disk Encryption Still Prompts for an Unlock Password

Recovery mode does not bypass LUKS or any other disk-encryption layer. You still need the disk unlock passphrase before Ubuntu can mount the root filesystem and reach the recovery shell.

Change or Reset Root Password on Ubuntu FAQ

Do I need the current root password to change it on Ubuntu?

No. If your current account has sudo access, sudo passwd root sets or rotates the root password without asking for the old root password first. Ubuntu authenticates your sudo session instead.

Can I reset a forgotten sudo user password from Ubuntu recovery mode?

Yes. In the recovery shell, run passwd yourusername for the affected login instead of passwd root. On most Ubuntu systems, this is usually the more useful repair because daily administration depends on a sudo-capable user, not a persistent root login.

Why does Ubuntu still ask for the disk unlock password in recovery mode?

Because recovery mode does not bypass full-disk encryption. If the system uses LUKS or another disk-encryption layer, you still need that unlock passphrase before Ubuntu can reach the root filesystem and open the recovery shell.

Does setting or resetting the root password enable SSH login for root on Ubuntu?

Not by itself. SSH still follows the effective PermitRootLogin policy, so many Ubuntu systems continue to report no or prohibit-password even after the root password is set. Check the live SSH policy with sudo sshd -T | grep permitrootlogin before you expect remote root login to work.

Should I lock root again after changing the password on Ubuntu?

If you only needed a temporary break-glass password, yes. Running sudo passwd -dl root returns Ubuntu to its default locked-root posture while your normal sudo administration workflow keeps working.

Conclusion

The root password on Ubuntu is back under your control, whether you changed it from a working sudo session or reset it through GRUB recovery mode. For routine administration, keep root locked unless you truly need it, and add a new user to sudoers on Ubuntu so the next admin problem does not depend on a single account.