Loading...
X

Error “Cannot open access to console, the root account is locked” (SOLVED)

After a sudden power outage, unsuccessful update or adding a new disk to /etc/fstab, you may face the problem that your system does not boot, or rather, boots into the console or into a black screen. Sometimes the problem is compounded by the fact that the system administrator cannot even get into the emergency console. Let's see how to solve the following error:

You are in emergency mode. After logging in, type 'journalctl -xb' to view system logs, 'systemctl reboot'
'systemctl default' or "exit" to boot into default mode.

Cannot open access to console, the root account is locked.

See sulogin(8) man page for more details.

Press Enter to continue.

Reloading system manager configuration

After pressing Enter, everything can be repeated.

This message states that the system booted in emergency mode. In fact, this is not so bad – sometimes a system administrator can deliberately boot into emergency mode to restore the OS.

The real problem is that the root account is locked (this is indicated by the message “Cannot open access to console, the root account is locked”) and you cannot get into the console to start solving problems.

The situation becomes stalemate – the system will not let you go anywhere except in the root console, and it will not let you in the root console either, since this user is locked…

How to unlock the root user in emergency mode

Nevertheless, there is a way out of this situation. Start by booting into single user mode – this is the same mode used to reset the Linux password. Below is a generalized instruction, if something does not work out for you, then separate instructions for different distributions for booting into single-user mode can be found here.

Stop the booting by holding down the SHIFT key while starting the computer, you will see:

Press the “e” key and you will proceed to editing the boot settings:

Find the line starting with “linux”.

Go to the end of this line, insert a space, and add:

single init=/bin/bash

It should look something like this (the kernel number may differ):

When everything is ready, press Ctrl+x or F10 to continue the booting with the set options.

You will see a shell prompt, also note that we are logged in as root i.e. we have elevated privileges, including the use of the passwd command:

Command

passwd

will set the password for the root user.

If the passwd command fails:

passwd: Authentication token manipulation error
passwd: password unchanged

the filesystem is most likely mounted read-only. To verify this, enter the command:

mount

The “ro” indicate that the filesystem is mounted read-only and therefore the changes made cannot be saved. Remount the file system:

mount -rw -o remount /

After that, the password change should be successful.

Remove the password lock for the root user:

passwd -u root

If the root user is locked, then this may not be enough. Check which shell is set for root:

less /etc/passwd

If “/usr/sbin/nologin” is specified as the shell for root, run one of the following commands.

  • To assign a Bash shell to the root user:
sudo usermod -s /usr/bin/bash root
  • To assign a ZSH shell to the root user:
sudo usermod -s /usr/bin/zsh root

See also: How to change the login shell in Linux. chsh instruction

To exit, type:

sync
umount /

To turn off your computer run:

poweroff -f

Or restart your computer with the command:

reboot -f

If after the reboot you see “Give root password for maintenance”, then this means that the first stage of recovery was successful – we activated the root user and can now start restoring the system.

How to recover a computer in emergency mode

Now we have the opportunity to restore the system. If you have no idea what exactly caused the error, then run the command

journalctl -xb

and try to find the cause of the problem there.

Checking disks for errors

If you think the error is caused by hard disk problems, then use the following commands to check the partitions:

umount /dev/sda2
fsck -y /dev/sda2

Partition number and disk name may differ from “sda2”, to find out the exact name, use the command

fdisk -l

or

mount

Failed update

If the system does not boot due to an interrupted update, then try the following commands:

apt install -f -y
dpkg --configure -a

If you think that the problem was caused by an unsuccessful update of a specific package, then use a command like this:

dpkg-reconfigure PACKAGE

This command will reconfigure an already installed package.

For example, the following command will re-configure the Linux kernel:

dpkg-reconfigure linux-image-`uname -r`

System does not boot due to incorrect entry in /etc/fstab

In the event of an unsuccessful mount (this can happen if you made an incorrect entry in the /etc/fstab file, the system will not be able to boot, it will go into emergency mode and the following message will be displayed:

You are in emergency mode. After logging in, type "journalctl -xb" to view system logs, "systemctl reboot" to reboot, "systemctl default" or "exit" to boot into default mode.
Give root password for maintenance
(or press Control-D to continue):

To fix the problem, enter the root password and open the /etc/fstab file for editing:

nano /etc/fstab

Comment out or delete the problematic line. Save the file (Ctrl+o), close it (Ctrl+x) and reboot:

reboot

5 observations on “Error “Cannot open access to console, the root account is locked” (SOLVED)
  1. David

    Thank you so much for this!  Every other solution I found that addressed this problem involved booting a Linux rescue CD/USB in order to manipulate the corrupted host, which I could not do because I don't have access to the host directly.  Yours was the only one that gave the "single init=/bin/bash" flags that allowed me to finally boot into my corrupted host, and you even gave the solution to my second problem with the "Authentication token manipulation error" message.  I'm very glad you posted this.

     
    Reply
  2. Manuel

    Hi, I have a problem.

    This happened to me when I was upgrading (I ran out of space). (Fedora 37)

    After passwd -u root (I have to do it with --force) and I get error:
    passwd: Libuser error at line: 171 - error opening temporary file for '/etc/passwd.lock': No space left on device.

    passwd: Error (password not set?)

    Thank you.

     
    Reply
    1. Alex

      Greetings. The reason for the problem is that there is not enough disk space to even create the tiny /etc/passwd.lock file. You need to free up at least some disk space, the article “What files can be deleted when there is not enough disk space in Linux” can help you with this.

      If you cannot execute any command because you cannot set or change the password, then I see 2 options:

      1. Forcibly reboot the server, as a result of this action, the /tmp directory will be automatically cleared, perhaps this will be enough for you

      2. Boot into Live Linux using an ISO image, mount a full file system and delete some files from it. This option is suitable for both if you have physical access to the server (for example, in your home), and for virtual private servers. Usually hosting providers already have some ISO images, or you can give them a link and they will upload your ISO.

       
      Reply
      1. Manuel

        Hi, thanks for your response.

        That's weird because the PC has almost 12 GB space. This is the timeline:

        I was upgrading and then stop on some selinux package.

        I stopped and retry. I got the "not enough space" error.

        I deleted a lot of files from my Downloads folder

        Reboot

        I can execute a lot of commands and the root user is allow to login (it doesn't have /usr/sbin/nologin but /bin/bash) and /tmp directory is empty.

        I don't know if it's some related to cache.

        Thanks.

         
        Reply

Leave Your Observation

Your email address will not be published. Required fields are marked *