Raspbian root default password

Question

I tried to modify the sudoers file on Raspbian /etc/sudoers, and it looks like I made a mistake, as I'm unable to modify it again. I am also unable to call any command that requires sudo permissions. So I have done some research and I found a solution here.

The solution uses the command *pkexec visudo*, but when I tried that it gives me an error message: Authentication is needed to run '/usr/sbin/visudo' as the super user. Also there is a drop-down list, it contains only the word 'root' (and couldn't be changed). As well as named Identity and a blank text-box named Password.

So the question is how could I know the root password? I tried 'root', 'raspberry', 'admin' e.t.c... but nothing has worked.

According to the answers, it seems a little bit impossible to log in using root, then using pkexec visudo will not solve my problem! and according to the answer my only way is to use a linux pc in order to view my sd contents and modify the sudoers file. I've already installed Debian on my virtual machine, and Finally I can access the sudoers file but I have no permission to access it! it says that I'm not the owner of the file! I understand this security issue, but as many people during my online search suggests to use a linux pc to modify the sudoers file, then there should be a way to gain access to it. is there anyone know this way?

goldilocks · Answer 1 · 2016-05-13T11:30:15.230

19

Raspbian by default is configured so that the root account can't be logged into using a password. This is done by starting with an entry in /etc/password which begins:

root:x:0:0:

The fields are separated by colons and explained in man 5 passwd (note the 5, since man passwd will give you the man page for the command passwd; section 5 is for configuration files, and in this case they have the same name). Here the first one is the name (root), the third and fourth are the numerical uid and gid (both 0), and the second is for the password. For most entries this will be x, indicating the actual password is in another file, /etc/shadow.

Note that "the actual password" is not really stored anywhere. What's stored in shadow is a one-way hash of the actual password. A one way hash is the result of a process which will always produce the same thing (allowing your password to be verified), but is irreversible. In other words, if someone gets their hands on shadow, there is no way to deduce the password from the hash. However, if they can modify shadow, obviously they can disable or change what will work as a password. But they will never be able to discover your passwords. This is why even root cannot do that (although root can always change them to something else without needing the original).

In root's case, the entry in shadow starts like this, as it does for most other system accounts:

root:*:

The * indicates there is currently no possible password which could be used for this account.

The root user can change this, however, using the passwd command to set a new password, which will replace the * with the hash mentioned earlier (these always begin $n$ where n is some random value that's used as the "salt" for the hash, but you don't need to understand that).

Anyway, when I set up a card from a fresh image the first thing I do is go into /etc/passwd and remove the x so root's entry now starts:

root::0:0

Notice there's now no second field. This means there's no password and all you have to do is type root at a login prompt and you are logged in as root. You can then use passwd to set one.

So, you have two choices here but they both require you take the card out of the pi and access the second partition from another system (that can read/write ext4 partitions).

Restore sudoers. If you have a reference image this is easy, you can just put it back the way it was by replacing it. Otherwise it is the more complicated option since you must know what you are doing (and your track record with sudoers is not so good...).
Edit /etc/passwd and remove that x as described above, put the card back in, log in as root, create a password. Of course, you'll still need to fix sudoers, but trial and error will be made easier since if you are really root, you will always be able to access it.

If you don't have a system that can access ext4 filesystems (a Debian "live CD" is a good choice here), then you're stuck. You'll have to reflash the card and start again.

edited May 13 '16 at 11:30

answered May 10 '16 at 13:31

goldilocks

56,430
17
109
217

I already installed debian in VM Ware, and I inserted my card but it view only files that are shown as if I'm using windows system. I mean I can't view/modify sudoers file. should I use some commands to view them in debian? – Dani May 10 '16 at 13:49
I'm not a VM ware user so I can't help with the specifics of that, but presumably you do have root access in the VM, right? If so, and you can access the SD card from the VM, you should be able to mount the second partition and look in `/etc`. If `sudoers` is not there you may have accidentally deleted it, in which case you'll have to replace it from a fresh debian image (you don't have to create a new card, you just need the image file, [see here](http://raspberrypi.stackexchange.com/questions/13137/how-can-i-mount-a-raspberry-pi-linux-distro-image))... – goldilocks May 10 '16 at 13:54
...You should also be able to access `etc/passwd` on the card and change that via the Debian VM root account. – goldilocks May 10 '16 at 13:55
(you should be able to mount the second partition and look in /etc) what commands should I use to mount the second partition? – Dani May 10 '16 at 13:59
From a VMware VM? I don't know. I use virtualbox, but I've never had to set up access to hardware or mounts on the host system besides networking (if I have to transfer data I just do it via the network). I presume it's possible and simple, but my host system is also linux. I'd also presume there's some way using VMware with a Windows/Mac/Whatever host to give the VM access to the SD device connected to the host hardware...even if the host itself can't read the partition, it can still access the actual card, so the VM should be able to as well (and then the VM's OS can read it). – goldilocks May 10 '16 at 14:07
The VM (with debian installed) is able to access the sd card, but it is not able to access all files on it. it only access files that windows can access like cmdline.txt. – Dani May 10 '16 at 14:12
If that's a genuine limitation you'll have to go the live CD route. They're painfully slow to use but they usually provide a GUI desktop with a "root terminal" somewhere in the applications menu. However, you might want to check on [Unix & Linux](http://unix.stackexchange.com/) or [Super User](http://superuser.com/) first to see if there's a way to access a *device* (not a partition, since the host can't see it) from VM ware, as in, e.g. "How to access a device from a linux VM on MS Windows?". Someone around here probably knows too, but those sites are much larger. – goldilocks May 10 '16 at 14:18
WRT the live CD: Make sure you check and possibly ask if a particular distro CD does have this "demo" mode first. I've noticed there's a trend toward just deploying them as installers but still calling them "live CDs" that can't be used to do anything but install a system. – goldilocks May 10 '16 at 14:21
Dear goldilocks, finally I can view the sd card contents using debian, but when I tried to open/modify it it says permission denied, since I'm not the owner of the file. Is there any way to work around and solve this? – Dani May 11 '16 at 07:32
You should be able to use sudo or "su" to become root **while** using the Live CD ... read the live CD webpage help for **their** root password. – flakeshake May 13 '16 at 09:59
The root account on a Live CD might not be password-protected at all , too (empty password). – flakeshake May 13 '16 at 10:01
Yeah I think in fact I've noted that before -- the last working one I have is at least a few years old though (fedora switched to pure installer disks a while ago, and I only need one once in a blue moon -- but I am pretty sure debian and ubuntu still do it). Anyway, they traditionally have a "root terminal" app somewhere in the application menu (under "system" or something). You don't even need to log in, you just open that up and you are at a root console in the GUI (not a safe practice generally, but on a read-only live CD it doesn't matter). – goldilocks May 13 '16 at 11:26

score 8 · Answer 2 · answered Apr 27 '17 at 07:57

8

To set a root password:

Boot up and login normally.
Run:sudo passwd root
Type in the new password for root as prompted

Source: https://www.raspberrypi.org/forums/viewtopic.php?f=91&t=5056&start=25

answered Apr 27 '17 at 07:57

Excellence Ilesanmi

181
1
2

1

The problem is that I wasn't able to use sudo command because I did a mistake during modifying the sudoers file. The problem was solved by installing linux debian OS on my computer, inserting the sd card and changing the sudoers file back to it's original state... – Dani May 05 '17 at 07:34

Milliways · Answer 3 · 2016-05-11T00:58:56.967

4

Raspbian does NOT have a root password. It differs from Ubuntu in that respect. You can create a root password, but AFAIK that requires sudo.

The best bet is to edit the files by mounting the SD Card on a Linux machine.

This can be done on the Pi if 1. you have a SD Card reader 2. You use a good OS on another SD to boot the Pi.

edited May 11 '16 at 00:58

answered May 10 '16 at 12:55

Milliways

54,718
26
92
182

but why raspbian asked me for password? and why it didn't accept empty passwords? – Dani May 10 '16 at 12:57
The root account might have an "invalid" or "impossible" password - its a common trick to lock the root account in this way. – flakeshake May 13 '16 at 09:58

Miriam English · Answer 4 · 2018-06-29T15:47:58.480

If you download Puppy Linux for Raspberry Pi from http://puppylinux.org/main/Download%20Latest%20Release.htm#quirky and install it on a thumbdrive then you should be able to boot your computer from that, and because Puppy always runs as root with no password you can change anything on the computer you wish. Make your modifications, then reboot the computer without the Puppy boot media. Now the computer will boot into your altered system without Puppy.

I'm a bit new to Raspberry Pi, so I don't know how to boot it from a different device (thumbdrive), but there's probably a way. Perhaps the Noobs system by holding down shift while booting.

I'll add a simple alternative to booting from a another drive: The Raspberry Pi could instead be booted from the Puppy installation on an SD card (or microSD card) and the original installation media could be read and altered from a card reader plugged into the same Raspberry Pi.

I find downvoting distasteful, so I'll try to fill in for the anonymous downvoter. An answer that has "I don't know" is perhaps more appropriate as a comment. Unfortunately, that requires a reputation of 50. Please do continue with your efforts to help out. It is worth the effort. :D — OyaMist, Jun 29 '18 at 14:04

Raspbian root default password

4 Answers4

Linked