10

I want to erase the root password I had set on my laptop, so that I can sell it. I currently have Ubuntu 16.04.

I've tried following some instruction videos on YouTube but they didn't work.

How can I erase the root password on my system?

Thomas Ward
  • 74,764
Mafe
  • 111
  • 11
    On Ubuntu root usually doesn't have a password. Your root has? Or do you mean the password you enter when you do sudo something? That's your password then, not root's. To be honest: I'd wipe the disk before selling the laptop. The buyer can always boot in emergency mode and then see your HDDs content, even if he doesn't know the pwd. – PerlDuck Jan 04 '18 at 20:12
  • 24
    Anyway, for selling the laptop I would recommend wiping the whole disk. Your Ubuntu account password is probably the least important secret on that device (unless you use that same password for other things too). – Byte Commander Jan 04 '18 at 20:13
  • 6
    I agree with the previous advice to wipe the drive. If the buyer wants Ubuntu, you can make a fresh installation afterwards. – sudodus Jan 04 '18 at 20:25
  • 3
    I don't agree with the above 2 users: if the content of the harddisk is important always sell a system without the harddisk. If you do not care about the content ... wipe the disk and be done with it. – Rinzwind Jan 04 '18 at 21:11
  • 2
    @Rinzwind Why? Do you think data can be recovered from a wiped drive? Or are you saying the OP should keep the drive so he still has access to the data? – marcelm Jan 05 '18 at 22:19
  • 1
    Why would you erase the root password? Unless the purchaser intends to do a new OS install, s/he'll need it to do ordinary administrative tasks. Why not simply reset it to something generic? If the user does want a new install, you're better off wiping the disk, as others have suggested. – jamesqf Jan 06 '18 at 00:15
  • @jamesqf Well, on Ubuntu you don't need the root password to do ordinary administrative tasks, all you need is a "sudo-enabled" account. But I am also curious about why Mafe wanted to erase the root password. – David Z Jan 06 '18 at 01:13
  • 1
    Thank you all for your responses. I am not really familiar with ubuntu. And i thought the admin account password is the root. :) – Mafe Jan 06 '18 at 05:34
  • @marcelm https://help.ubuntu.com/community/DataRecovery – Rinzwind Jan 06 '18 at 06:47
  • 1
    @Rinzwind Nothing in that link talks about recovering data from a wiped disk, only from disks with partial failures, or after a quick format (which is nothing like a full wipe). – marcelm Jan 06 '18 at 09:07
  • @David Z: How do you create or modify a "sudo enabled" account without at some point invoking root? And why would you want to, when for most purposes it's easier to just become root? – jamesqf Jan 07 '18 at 03:12
  • @jamesqf You could create it by e.g. running the Ubuntu installer. And you would want to do so precisely because when you're using Ubuntu, it's not easier to become root (by other methods not involving sudo). What I mean is, it sounds like you're commenting under the assumption that the user can log in as root but cannot use sudo, whereas most neither of those things hold true for a typical Ubuntu installation. – David Z Jan 07 '18 at 07:55
  • @Mafe Yes, the root account is the admin account and the root password is the administrator password. But by default, the root account in Ubuntu has password login disabled, and the system is set up so that you don't actually need to enable it. (Plus, even if you changed that, someone with physical access to the hard drive can easily get around the requirement for the root password.) It's not clear to me, at least, what you expected to gain by erasing the root password when it's not needed in the first place. That's what I was curious about. – David Z Jan 07 '18 at 08:01
  • @David Z: I'll grant that my Ubuntu-specific knowledge is limited - if I wanted something that looked and acted like Windoze, I'd just use Windoze. But having to continually type "sudo" in front of every command that you need root access for seems excessive. while silently invoking sudo seems dangerous, except in a few cases (such as my system shutdown command). – jamesqf Jan 08 '18 at 04:49
  • @jamesqf You can always sudo -i to get an interactive root shell that is similar to su -. – PerlDuck Jan 08 '18 at 12:26
  • @PerlDuck: Sure, I could, but why complicate my life? – jamesqf Jan 09 '18 at 19:35

3 Answers3

61

If you are selling the laptop it is a much better idea to wipe the hard disk completely, so that nobody can see your private information.

  1. Boot from an Ubuntu live CD or USB.
  2. Launch Disk and delete all partitions on the laptop's hard drive.
  3. To go Format and where it says erase, select "Overwrite existing data with zeroes (slow).
  4. Wait up to a few hours.

There are even more secure ways to erase the hard drive but overwriting with zeroes is the minimum that you should do.

thomasrutter
  • 36,774
  • 7
    Couldn't agree with this more. Wipe the drive. If it is an ssd use the manufacturer's low level command. If the buyer has any computer sense, s/he would wipe it anyway once received. – Mark Jan 05 '18 at 00:47
  • 2
    While I agree that this is the real answer to the question when it comes to selling a laptop... It doesn't really answer how to change the password. I'm curious what the true method of changing the password is. Sometimes you it's easier to change the password then reinstall everything it took to make Ubuntu work in the first place especially if there were compatibility issues – LateralTerminal Jan 05 '18 at 17:48
  • Note that there won't be any OS left on the laptop afterwards - so the buyer will have to install one themselves. – Jonas Czech Jan 06 '18 at 07:21
  • Yes, or the seller could then proceed to put a fresh install of Ubuntu on there (as stated in a suggested edit by @Caleb which would have been better as a comment) – thomasrutter Jan 07 '18 at 23:40
10

To lock / erase the root pw

sudo passwd -l root
Panther
  • 102,067
  • 4
    I found this doesn't erase the root password. A quick edit of /etc/shadow puts it back. – Joshua Jan 05 '18 at 17:42
  • 1
    @Joshua Well, yes, editing /etc/shadow can restore the password, but someone who can edit /etc/shadow could just as well change the password to anything they want and effectively gain full root access that way. So I think you have to assume that, if your "adversary" has access to edit /etc/shadow, all hope is lost. Given that, this seems reasonably effective for the cases where you want to protect from someone who doesn't have such access. – David Z Jan 07 '18 at 08:04
  • @DavidZ: My understanding is he wants to destroy the password to prevent the buyer from learning it. – Joshua Jan 07 '18 at 19:41
  • 1
    @Joshua /etc/shadow only stores password hashes though. It's practically impossible to recover the real password from the hash in there. – Byte Commander Jan 07 '18 at 19:56
  • The hashing scheme used for any individual password in /etc/shadow could be one of a number of schemes supported by crypt and if it was set more than a couple of years ago (eg you've upgraded through a few LTS releases) it may still be DES or MD5, both easy-to-bruteforce. The newer default is a SHA-2 based scheme using many iterations which mitigates this. – thomasrutter Jan 07 '18 at 22:52
6

As already pointed out in both comments as well as thomasrutter's answer, the below probably isn't what you actually want to do. You're probably better off clearing the hard disk (by overwriting it in its entirety), or removing it and selling the laptop without the hard disk. However, to answer the question that you did ask...

To erase the password for a user account, including root, the correct (and portable; this should work on any Linux system with sudo configured and a GNU userland, which covers most modern desktop and server Linux distributions) way is to start a terminal and then

sudo passwd --delete root

Alternatively, use -d in place of --delete (they are synonymous).

This will set the password for the named account (in this case, root) as empty, effectively erasing it, but will keep the user account and its files intact. Note that this allows logging in with the root account, trivially allowing full access to all files on the system.

Never delete the root account or files owned by it, unless you know for a fact that it's safe to delete such files. The root account is not used by humans on modern versions of Ubuntu (I don't know if ancient ones did use it), but it's required for the system to function properly.

user
  • 740
  • 6
    Might it be appropriate to move the last paragraph (containing "the above probably isn't what you actually want to do") to the beginning, so that it has the most chance of being heeded? – LSpice Jan 05 '18 at 21:29
  • 1
    Thanks a lot. Yes, I think it is not the password I should be worried about :) i’d rather clear the hard disk :) – Mafe Jan 06 '18 at 05:38
  • 1
    @LSpice Good idea. Done. – user Jan 06 '18 at 13:37
  • As far as I remember you may have to use -d and -l, else on some systems running su grants access without a password! See also: https://help.ubuntu.com/community/RootSudo – Wilf Jan 06 '18 at 22:02