How to Change Root Password in VICIdial — A Complete Technical Guide
Introduction:
If you need to know how to change root password in VICIdial, this step-by-step technical guide gives system administrators and telecom engineers clear, tested methods for Vicibox/VICIdial servers — covering Linux root, MySQL/MariaDB root, cluster config updates, and security hardening.
This article assumes you are an IT admin with SSH access (or console access) to the server and that you have appropriate authorization to make these changes. Always back up critical data before performing password recoveries or resets.
When and Why to Change the Root Password
Change the root password when:
- Default installation passwords (e.g., vicidial) remain unchanged.
A root credential compromise is suspected. - Staff turnover or role change requires credential rotation.
- Compliance or internal policy mandates credential updates.
Risks of not changing:
- Unauthorized server access, full system takeover.
- Database exposure (customer PII, call logs).
- Lateral movement across cluster nodes.
Recommendation:
Rotate both OS root and MySQL/MariaDB root credentials together, then reconfigure VICIdial config files so services keep working.
Pre-Reset Checklist (Do this first)
- Authorization & change window — confirm permission and schedule downtime.
- Backups — back up /etc, /var/lib/mysql, /etc/astguiclient.conf, and custom configs.
- Export important MySQL tables:
mysqldump -u root -p asterisk vicidial > /root/vicidial_backup.sql - Ensure console or KVM access if SSH root is lost.
- Note current VARDB_user and VARDB_pass in /etc/astguiclient.conf.
- Notify managers or agents before restarting services.
Change the Linux Root Password (Normal Method)
If you can log in as root or via sudo:
ssh admin@vicibox-server
sudo su -
passwd
Enter the new password and retype to confirm.
Verify by opening a new SSH session as root.
Note: Use a strong password (length ≥14, mix of character types). Prefer SSH key authentication and disable root password login afterward.
Resetting Linux Root Password When Root Is Lost (Single-User / GRUB Method)
If you cannot authenticate as root:
- Reboot the server and interrupt GRUB.
- Edit the kernel entry:
- Highlight the default kernel, press “e”.
- Find the line starting with “linux” or “linux16”.
Append init=/bin/sh or rd.break.
- Boot the entry (Ctrl + X or F10).
- Remount filesystem:
mount -o remount,rw /
Run:
passwd root
If SELinux is enabled:
touch /.autorelabel
Reboot:
exec /sbin/init
Use console access (KVM/serial) if remote SSH is unavailable.
Resetting the MySQL / MariaDB Root Password (VICIdial Database)
If you lose the MySQL root password, VICIdial web and cron jobs may fail.
Method A — Using mysqld_safe (skip-grant-tables)
sudo systemctl stop mysqld
sudo mysqld_safe --skip-grant-tables &
mysql -u root
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewStrongPassw0rd!';
FLUSH PRIVILEGES;
exit;
sudo systemctl start mysqld
mysql -u root -p
Method B — Using init-file
Create a reset file:
nano /root/mysql-init-reset.sql
Content:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewStrongPassw0rd!';
Run:
sudo systemctl stop mysqld
sudo mysqld_safe --init-file=/root/mysql-init-reset.sql &
sudo systemctl start mysqld
Then remove the reset file and test login.
Update VICIdial Configuration After Password Changes
Update the following:
- /etc/astguiclient.conf (update VARDB_pass)
- On all cluster nodes (web/telephony servers)
If you changed cron DB user password:
UPDATE mysql.user SET authentication_string = PASSWORD('newcronpass') WHERE User='cron';
FLUSH PRIVILEGES;
Then update/etc/astguiclient.conf accordingly.
Reset VICIdial Web Admin Password (If Needed)
Login to MySQL:
mysql -u root -p asterisk
Change password:
UPDATE vicidial_users SET pass = MD5('NewAdminPass') WHERE user='admin';
If other users:
UPDATE vicidial_users SET pass = MD5('NewPass') WHERE user='someuser';
Post-Reset Validation & Service Checks
- Confirm OS root access.
- Confirm MySQL root login.
- 3 Restart services:
systemctl restart httpd
systemctl restart asterisk
systemctl restart mysqld
Check logs:
/var/log/asterisk/full
/var/log/httpd/
/var/log/mysqld.log
- Verify agent logins and campaign dialing.
Security Hardening Best Practices
- Use dedicated DB users (not root).
- Rotate credentials periodically.
- Use SSH keys; disable root login.
- Restrict SSH to admin IPs.
- Limit MySQL remote access.
- Enable auditing and centralized logs.
- Use two-factor authentication.
- Store passwords in a password manager.
Common Pitfalls & Troubleshooting
- MySQL fails to start → Check error logs, revert auth plugin if needed.
- SELinux issues → Temporarily set setenforce 0 for testing.
- VICIdial login fails → Ensure /etc/astguiclient.conf matches DB password.
Best Practice — Use App-Specific Database User
Create a limited-privilege user:
CREATE USER 'vicidial'@'localhost' IDENTIFIED BY 'VicidialAppPass!';
GRANT SELECT, INSERT, UPDATE, DELETE ON asterisk.* TO 'vicidial'@'localhost';
FLUSH PRIVILEGES;
Update /etc/astguiclient.conf:
VARDB_user=vicidial
VARDB_pass=VicidialAppPass!
Restart VICIdial services.
Automated Checklist for Admins
- Backup MySQL + configs.
- Change root password or use GRUB method.
- Reset MySQL root if required.
- Update config files across nodes.
- Rotate app DB users.
- Harden SSH and DB access.
- Test VICIdial workflow.
- Document all changes.
Legal, Compliance & Responsibility Notice
Perform password resets only if authorized. Unauthorized access or misuse can cause service disruption or data loss.
Disclaimer: This article is for technical guidance only. It is not legal, financial, or medical advice. Consult a qualified professional for compliance requirements.
Appendix — Example Command Snippets
Boot single-user mode:
rd.break
mount -o remount,rw /sysroot
chroot /sysroot
passwd root
touch /.autorelabel
exit
reboot
MySQL root reset (compact):
sudo systemctl stop mysqld
sudo mysqld_safe --skip-grant-tables &
mysql -u root
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewRootPass!23';
FLUSH PRIVILEGES;
exit
sudo systemctl start mysqld
mysql -u root -p
VICIdial admin password reset:
USE asterisk;
UPDATE vicidial_users SET pass = MD5('NewAdminPass1!') WHERE user='admin';
FAQs
- How do I change the root password in VICIdial without losing data?
To change the root password safely, first back up your MySQL database and configuration files like /etc/astguiclient.conf. Then use the passwd command (for Linux root) or ALTER USER in MySQL to update credentials. Finally, update all VICIdial config files with the new password before restarting services.
- What should I do if I forget the Linux root password on a VICIdial server?
If you’ve lost the root password, reboot the server and enter single-user mode using GRUB. Append init=/bin/sh or rd.break to the kernel line, then run passwd root to set a new password. Reboot, and your new root password will take effect.- How can I reset the MySQL root password for VICIdial?
Stop MySQL and start it in safe mode using mysqld_safe –skip-grant-tables. Then log in and run:
ALTER USER ‘root’@’localhost’ IDENTIFIED BY ‘NewPassword’;
After resetting, restart MySQL and update /etc/astguiclient.conf with the new password.- Will changing the MySQL root password affect my VICIdial campaigns?
Yes, if the VICIdial configuration still references the old database password, the dialer may fail to connect. Always update /etc/astguiclient.conf and cluster node configs with the new credentials, then restart asterisk, httpd, and mysqld to avoid downtime.- How can I make VICIdial more secure after changing the root password?
After resetting credentials, disable root SSH logins, use SSH keys instead of passwords, restrict MySQL access to localhost, and rotate all credentials regularly. It’s also recommended to create a dedicated database user (not root) for VICIdial operations.Final Recommendations
- Prefer SSH keys + sudo instead of root logins.
- Use password vaults for storage.
- Test restore and recovery procedures.
- Maintain a documented password-reset runbook.
- Limit admin access and use MFA.