Linux MintUbuntu Based

How To Change Root Password on Linux Mint 22

r00t
8 minutes read

Change Root Password on Linux Mint 22

You open a terminal, type su -, enter what you think is the root password, and get hit with Authentication failure. No warning. No hint. Just a flat rejection. If you’ve just installed Linux Mint 22, this is expected behavior — and it trips up a lot of people who come from other distros or from older Mint versions.

Linux Mint 22, like Ubuntu and Debian before it, ships with the root account locked by default. There is no root password set out of the box. Your regular user account gets added to the sudo group during installation, and that’s how you run administrative commands — using your own login password, not a separate root password.

This design is intentional. It reduces the attack surface. But there are real scenarios where you actually need to set or change the root password: scripted automation, certain server setups, legacy applications that demand direct root login, or simply recovering from a situation where your sudo user got kicked out of the sudo group. This guide walks you through every method, from the simplest one-liner to the recovery process when you’re fully locked out.

Why Root Has No Default Password

The decision to lock the root account on fresh Mint 22 installations follows a deliberate security philosophy. When root has no password, an attacker cannot brute-force it because there is literally nothing to guess against. The sudo model forces every admin action through your personal account, which means there’s an audit trail and a human in the loop.

This also means su - will always fail on a fresh install unless you’ve previously set a root password. Typing sudo -i works because it authenticates as you, then opens a root shell. These two commands look similar but behave very differently at the authentication layer.

Understanding this distinction matters. When you set a root password, you’re not “unlocking a feature” — you’re making a deliberate security trade-off. Make sure you need it before you do it.

Method 1: Change Root Password With sudo (Normal Session)

This is the method you’ll use 95% of the time. You’re logged in, your account has sudo privileges, and you just want to set or update the root password. Open a terminal and run:

sudo passwd root

Here’s exactly what happens:

  1. The system prompts you for your own user password to authorize the sudo request
  2. After successful authentication, it asks you to enter the new root password
  3. It asks you to confirm the new password by typing it again
  4. You get passwd: password updated successfully

No characters appear on screen as you type. That’s not a bug — it’s standard Unix behavior to prevent shoulder surfing.

A realistic terminal session looks like this:

youruser@mint:~$ sudo passwd root
[sudo] password for youruser:
New password:
Retype new password:
passwd: password updated successfully

After this, su - will work with the password you just set. You can verify immediately:

su -
Password: [type your new root password]
root@mint:~#

That’s the whole process. The change takes effect immediately — no reboot required.

Method 2: Use sudo -i First, Then Change Password

If you prefer to already be inside a root shell before running passwd, you can use sudo -i to open a root session first:

sudo -i

Once you’re inside the root shell (your prompt changes to root@yourhostname:~#), run:

passwd

Without specifying a username, passwd changes the password for the currently active user, which at this point is root. Enter and confirm the new password, then exit the root shell:

exit

This method produces the same result as Method 1. The difference is mostly style — some sysadmins prefer to be in an elevated shell before making changes, others prefer the minimal-elevation approach of sudo passwd root. Both are correct.

Method 3: Change Root Password via Recovery Mode

Use this method if you can still boot the machine but your sudo isn’t working — for example, your user account was removed from the sudo group accidentally.

Step 1: Access the GRUB Menu

Restart your machine. As the system powers on, press and hold the Shift key (on BIOS systems) or the Escape key (on UEFI systems) to bring up the GRUB boot menu. You need to catch it early, so start pressing as soon as the screen appears.

Step 2: Select Advanced Options

In the GRUB menu, select “Advanced options for Linux Mint 22” and press Enter. You’ll see a list of kernel versions and recovery options.

Step 3: Boot into Recovery Mode

Select the entry labeled something like Linux Mint 22, with Linux 6.x.x-generic (recovery mode) and press Enter. The system boots into a minimal environment and presents the recovery menu.

Step 4: Drop to Root Shell

From the recovery menu, select “Drop to root shell prompt” and press Enter. You now have a root shell, but the filesystem may be mounted as read-only at this point.

Step 5: Remount the Filesystem as Read-Write

Before you can change any passwords, you need write access:

mount -o remount,rw /

Step 6: Change the Root Password

Now run:

passwd root

Enter and confirm your new password. Then reboot:

reboot

Method 4: Reset Root Password via GRUB Edit (Full Lockout)

This method is for the worst-case scenario: you can’t log in at all, your normal user can’t sudo, and recovery mode either isn’t showing or isn’t working. You edit the GRUB boot parameters directly to bypass the normal init process and land in a shell as root.

Step 1: Get to the GRUB Menu

Same process as Method 3 above — press Shift or Escape during boot.

Step 2: Edit the Boot Entry

Highlight the default boot entry (your Linux Mint 22 option), but do not press Enter. Instead, press e to edit.

Step 3: Modify the Kernel Line

A text editor opens showing the boot configuration. Use the arrow keys to find the line starting with linux. On that line, find ro quiet splash and:

  • Remove ro quiet splash
  • Add rw init=/bin/bash in its place

Step 4: Boot With the Modified Parameters

Press F10 or Ctrl+X to boot with these temporary changes. The system skips the normal startup process and drops you directly into a bash shell as root — no password needed.

Step 5: Remount and Change the Password

If the filesystem isn’t already writable, remount it:

mount -o remount,rw /

Then reset the root password:

passwd root

Enter your new password, confirm it, and restart the init process properly:

exec /sbin/init

Your new root password is now active.

Verifying the Password Change Worked

After any of the methods above, test the new root password before relying on it:

su -

Type your new root password. If you land at a root@yourhostname:~# prompt, it worked. If you get Authentication failure, repeat the password-setting process — you likely had a typo during confirmation.

You can also verify the root account has a password set (rather than being locked) by checking /etc/shadow:

sudo grep ^root /etc/shadow

The second field (between the first and second colons) should be a long hashed string. If it’s * or !, the account is locked and no password is set. Once you’ve successfully set a password, you’ll see the hash there.

What Makes a Strong Root Password

Setting a root password means that password is the single key to full system access. The strength requirements matter more here than anywhere else on the system. Security guidelines recommend a minimum of 12 characters, combining lowercase letters, uppercase letters, numbers, and special symbols.

Avoid anything that follows a predictable pattern — dictionary words, keyboard walks like qwerty123, or anything based on personal information. A passphrase made of four or more random words (like correct-horse-battery-staple) is long, memorable, and statistically hard to crack compared to a short but complex string.

Password managers work well here. Generate a random 20-character password and store it. Root password changes on servers shouldn’t happen frequently, and when they do, you want to be looking up a stored credential, not typing something you invented in the moment.

Security Considerations After Setting Root Password

Setting a root password introduces new risks you need to actively manage.

Disable remote root login via SSH. Once root has a password, it becomes a target for SSH brute-force attacks. Edit your SSH config:

sudo nano /etc/ssh/sshd_config

Find the line PermitRootLogin and set it to:

PermitRootLogin no

Restart SSH to apply:

sudo systemctl restart sshd

This forces all remote admin access to go through a named user account first, which is auditable and rate-limited.

Don’t log in as root for daily tasks. The root shell is efficient for tightly scoped admin work. Using it as a daily driver is dangerous — a mistyped rm with no sudo barrier can wipe critical system files instantly. Stay in your regular user account and escalate only when you need to.

Consider fail2ban for brute-force protection. Even with SSH root login disabled, it’s worth installing fail2ban to automatically block IPs that attempt repeated login failures:

sudo apt install fail2ban

The default configuration protects SSH out of the box once installed.

Audit the sudo group. After you set a root password, periodically check who has sudo access:

getent group sudo

Every user in that list can effectively become root. Remove accounts that no longer need administrative access.

Locking the Root Account Again

If you set a root password for a one-time task and want to go back to the secure default state where root has no usable password, you can lock it:

sudo passwd -dl root

The -l flag locks the account and the -d flag removes the password. After this, su - will fail again, and root can only be accessed through sudo -i using your user account credentials. This returns you to Mint’s default security posture.

This is useful if you temporarily needed direct root access for a script or recovery scenario and want to minimize your attack surface once you’re done.

Troubleshooting Common Issues

“sudo: command not found” after a fresh install
This shouldn’t happen on Linux Mint 22, but if it does, your PATH variable may be broken. Try the full path: /usr/bin/sudo passwd root.

“youruser is not in the sudoers file. This incident will be reported.”
Your account lost sudo group membership. Use Method 3 (Recovery Mode) or Method 4 (GRUB edit) to regain root access, then re-add your user:

usermod -aG sudo youruser

Log out and back in for the group change to take effect.

Password accepted but “Authentication failure” when using su –
This usually means you’re typing the password correctly but hitting a PAM configuration issue. Boot into recovery mode and run passwd root again, then try su - from a fresh terminal session. Rebooting after the password change sometimes helps if PAM cached something odd.

GRUB menu doesn’t appear on boot
On some UEFI systems with fast boot enabled, GRUB flies by too quickly to catch. Hold Shift from the very start of POST, before any OS branding appears. Alternatively, from a working terminal, run:

sudo nano /etc/default/grub

Set GRUB_TIMEOUT=10 and then run sudo update-grub. This gives you a 10-second window each boot.

Quick Reference: All Methods at a Glance

Scenario Method Key Command
Logged in, sudo works Method 1 sudo passwd root
Want a root shell first Method 2 sudo -i then passwd
User not in sudo group Method 3 Recovery Mode → root shell
Completely locked out Method 4 GRUB edit → rw init=/bin/bash
Lock root again Lock method sudo passwd -dl root

The first method covers the vast majority of real-world use cases. The others exist for the situations where things have already gone wrong.

One last thing: if you’re managing multiple Linux Mint machines, keep a note of which systems have root passwords set and which rely purely on sudo. Mixing the two models across a fleet without documentation is how you end up doing a 2 AM GRUB recovery because someone changed the sudo group configuration without logging it anywhere.

Congratulations! You have successfully changed root password. Thanks for using this tutorial to change root password on Linux Mint 22 system. For additional help or useful information, we recommend you check the Linux Mint website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
r00t
8 minutes read
Photo of r00t

r00t

r00t is a dedicated and highly skilled Linux Systems Administrator with over a decade of progressive experience in designing, deploying, and maintaining enterprise-grade Linux infrastructure. His professional journey began in the telecommunications industry, where early exposure to Unix-based operating systems ignited a deep and enduring passion for open-source technologies and server administration.​ Throughout his career, r00t has demonstrated exceptional proficiency in managing large-scale Linux environments, overseeing more than 300 servers across development, staging, and production platforms while consistently achieving 99.9% system uptime. He holds advanced competencies in Red Hat Enterprise Linux (RHEL), Debian, and Ubuntu distributions, complemented by hands-on expertise in automation tools such as Ansible, Terraform, Bash scripting, and Python.
Copyright © 2026 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button