Ubuntu

How To Change or Reset Root Password on Ubuntu 26.04, 24.04 and 22.04

Change or reset the root password on Ubuntu 26.04, 24.04 and 22.04 using sudo or GRUB recovery mode. Covers relocking root, sudo recovery and SSH checks.

Last updatedAuthorJoshua JamesRead time7 minGuide typeUbuntu
Ubuntu logo with a password key panel, reset arrows, and a green confirmation checkmark

Losing the only admin path on an Ubuntu machine gets stressful fast, especially once you discover that root is locked by default. You can change or reset the root password on Ubuntu either from a working sudo session or, when that path is gone, from GRUB recovery mode.

These workflows apply to Ubuntu 26.04 LTS, 24.04 LTS, and 22.04 LTS. Use the sudo path when you can still authenticate locally or over SSH; use recovery mode only when you have physical, hypervisor, serial, or provider console access.

Ubuntu has no default root password to look up. The root account starts locked on all three supported Ubuntu releases, and a full-disk-encrypted system still needs the disk unlock passphrase before Ubuntu can reach recovery mode.

Change or Reset the Root Password on Ubuntu

If you only need to change the password for the account you are already using, use the normal login-password command instead of enabling root:

passwd

This is the normal way to change your Ubuntu login password. Continue with the root workflow only when you deliberately need the root account, or when recovery mode is needed to repair an account you cannot access.

Start with a status check so you know whether Ubuntu is about to set the root password for the first time or replace an existing one.

Check the Current Root Password Status on Ubuntu

sudo passwd -S root | awk '{print $1, $2}'

This fast path assumes you still have a working sudo session. If the only admin password is gone or your account no longer has sudo access, use the recovery-mode workflow later in the article.

The -S flag prints the password status for the account. The awk filter keeps the output focused on the stable fields: L means the root account is locked, and P means a usable password is set.

root L

Change the Root Password from a Working sudo Session

Run passwd through sudo so Ubuntu updates the root account directly. If the account was locked, this enables password authentication for root. If a root password already existed, the same command rotates it.

sudo passwd root

If sudo asks for authentication first, enter your current user’s password, not the old root password. Ubuntu then asks for the new root password twice; it does not show characters while you type, and the blank-looking prompt is normal.

Verify the Root Password Status on Ubuntu

Check the account again after sudo passwd root finishes so you can confirm that the password is now active.

sudo passwd -S root | awk '{print $1, $2}'
root P

Once the status flag changes to P, the root account has a usable password. If the status still shows L, rerun sudo passwd root and make sure both password prompts matched.

Reset a Forgotten Root Password on Ubuntu from GRUB Recovery Mode

When sudo is no longer available, Ubuntu recovery mode gives you a root shell from GRUB. On many Ubuntu systems the real fix is resetting the main sudo user’s password rather than the root account itself, because root starts locked by default.

You need physical access, a hypervisor console, or another out-of-band console for this workflow. SSH alone cannot open GRUB or the recovery menu.

Open the Ubuntu Recovery Shell from GRUB

  1. Reboot or power on the Ubuntu system.
  2. Hold Shift on BIOS systems or tap Esc repeatedly on UEFI systems until the GRUB menu appears.
  3. Select Advanced options for Ubuntu.
  4. Choose the newest kernel entry that ends with (recovery mode).
  5. In the recovery menu, select root – Drop to root shell prompt.

If Ubuntu pauses with a maintenance prompt, press Enter to continue into the recovery shell.

Remount the Ubuntu Root Filesystem Read-Write

The recovery shell starts with the root filesystem mounted read-only. Remount it read-write before you change any password or group membership.

mount -o remount,rw /

Confirm the change before you continue:

findmnt -no OPTIONS /
rw,relatime

Any result that starts with rw, means the filesystem is writable. Ubuntu 22.04 may append extra flags such as errors=remount-ro, which is normal as long as rw is still present.

Choose Which Ubuntu Account to Reset

The recovery shell is already running as root, so you can repair whichever account is actually blocking access. On many Ubuntu systems the urgent fix is the main sudo-capable user, not the root account itself.

Recovery TaskWhen to Use It
Reset an enabled root passwordYou deliberately enabled the root account earlier and forgot that password.
Reset the main admin user’s passwordThe normal desktop, console, or SSH password is forgotten.
Restore lost sudo group accessThe password still works, but the account no longer has sudo rights.

If you are unsure which local username needs recovery, list the home directories first:

ls /home

On server builds that use a different layout, query normal local accounts from the password database instead:

getent passwd | awk -F: '$3 >= 1000 && $1 != "nobody" && $7 !~ /(nologin|false)$/ {print $1}'

Reset the Forgotten Password from the Recovery Shell

Run the command that matches the account you are recovering. Replace yourusername with the real account name if you are restoring a sudo user instead of root.

The old password is not required in this shell because recovery mode already handed you a root prompt. You are setting the new password directly, not authenticating through the account you forgot.

# Reset an enabled root account
passwd root

# Reset the main admin user instead
passwd yourusername

Enter the new password twice when prompted. Ubuntu does not echo characters in the recovery shell, so the password field looks blank while you type.

If the recovered user also lost sudo group membership, fix that before you reboot:

usermod -aG sudo yourusername

Verify the Recovered Ubuntu Account Before Rebooting

Check the password status before you reboot so you know the reset actually stuck.

passwd -S root | awk '{print $1, $2}'
root P

If you reset a normal user instead, check that username directly. The same format appears with that username in the first field, and the status should still show P.

passwd -S yourusername | awk '{print $1, $2}'
yourusername P

Once the password or sudo access is repaired, reboot back into the normal system:

reboot

After Ubuntu starts normally, sign in with the recovered account. If you reset a sudo-capable user, verify administrative access immediately:

sudo whoami
root

If you restored sudo group membership in recovery mode, confirm the user really picked it up after login. You are looking for sudo in the group list.

id -nG yourusername
yourusername adm cdrom sudo dip plugdev users lpadmin

If you reset the root account itself, local su - can work again after boot. SSH root access is separate and still follows the server’s PermitRootLogin policy, so a new root password does not automatically enable remote root logins.

Lock the Root Account Again on Ubuntu

If you only needed temporary direct-root access, lock the account again when maintenance is finished. This restores Ubuntu’s default behavior while leaving your normal sudo workflow untouched.

sudo passwd -dl root

The -d option clears the stored password and -l locks the account, which takes you back to Ubuntu’s default locked-root state.

After relocking the account, confirm that the status flag returned to L.

sudo passwd -S root | awk '{print $1, $2}'
root L

The message printed by sudo passwd -dl root can differ between Ubuntu releases, so the follow-up status check is the reliable confirmation.

Understand How Ubuntu Handles the Root Account

Setting a root password does not replace Ubuntu’s normal sudo model. Daily administration is still safer through sudo because commands are tied to your personal account and you are less likely to leave a full root shell open longer than necessary. If you only need a one-off root shell and still have sudo, sudo -i is usually the safer choice.

Once the root account status shows P, local commands such as su - can authenticate with the root password. Before that, Ubuntu rejects direct root password login because the account is locked. If your current account does not have sudo access, create or maintain another administrator through how to add a new user to sudoers on Ubuntu instead of relying on a permanent root login.

Check Whether Root SSH Login Is Still Blocked on Ubuntu

A root password only changes the local account. OpenSSH enforces its own PermitRootLogin policy, so sudo passwd root does not automatically allow remote root login over SSH.

sudo sshd -T | grep '^permitrootlogin'
permitrootlogin no

If the output is permitrootlogin no or permitrootlogin prohibit-password, root password logins over SSH are still blocked even though su - works locally. Keep that separation unless you have a specific recovery requirement, and review how to enable and configure SSH on Ubuntu if you need to manage the SSH service or its authentication policy.

Troubleshoot Changing or Resetting the Root Password on Ubuntu

GRUB Does Not Appear During Boot

Fast boot timing is the usual reason. Reboot again, hold Shift earlier on BIOS systems, or tap Esc repeatedly on UEFI systems until GRUB appears. On cloud instances and headless VMs, use the provider or hypervisor console because SSH cannot reach the boot menu.

The Root Filesystem Still Looks Read-Only

If the password change does not persist after reboot, or if passwd reports Authentication token manipulation error or usermod reports cannot lock /etc/passwd; try again later, the remount step probably did not take. Remount the filesystem again, then confirm that the options start with rw,.

mount -o remount,rw /
findmnt -no OPTIONS /
rw,relatime

SSH Says to Login as the ubuntu User Instead of root

Ubuntu cloud images often block direct root SSH even when a root password exists. The message usually looks like this:

Please login as the user "ubuntu" rather than the user "root".

Sign in as ubuntu or the image’s configured administrator account, then use sudo for local password changes. If that administrator password is gone too, use the provider’s rescue, serial, or console recovery path; resetting the root password inside Ubuntu does not override the cloud image’s SSH account policy.

Full-Disk Encryption Still Prompts for an Unlock Password

Recovery mode does not bypass LUKS or any other disk-encryption layer. You still need the disk unlock passphrase before Ubuntu can mount the root filesystem and reach the recovery shell.

Conclusion

The blocked admin path is back under your control, whether you changed the root password from a working sudo session or repaired an account through GRUB recovery mode. For routine administration, keep root locked unless you truly need it, and add a new user to sudoers on Ubuntu so the next admin problem does not depend on a single account.

Share this guide

Help another Linux user troubleshoot faster

Share this guide with someone troubleshooting Linux systems or saving it for later.

BlueskyRedditXTumblrFacebookLinkedIn
Follow LinuxCapable

Want more LinuxCapable guides in Google?

Add LinuxCapable as a preferred source so Google can show our tutorials more often in Top Stories and mark them as preferred in AI Mode and AI Overviews when relevant.

Add LinuxCapable as a preferred source on Google
Search LinuxCapable

Need another guide?

Search LinuxCapable for package installs, commands, troubleshooting, and follow-up guides related to what you just read.

Found this guide useful?

Support LinuxCapable to keep tutorials free and up to date.

Buy me a coffeeBuy me a coffee
Before commenting, please review our Comments Policy.
Formatting tips for your comment

You can use basic HTML to format your comment. Useful tags currently allowed in published comments:

You type Result
<code>command</code> command
<strong>bold</strong> bold
<em>italic</em> italic
<a href="https://example.com">link</a> link
<blockquote>quote</blockquote> quote block

Add to the discussion

Questions, fixes, command output, and version notes help keep this guide current.

Verify before posting: