G
Oh dear. Sorry, but you goofed. You made a technical mistake and a legal mistake. You may be in trouble. Act carefully.
The legal mistake is that just because you can take control of a machine, doesn't mean you're allowed to. Only the proper authority is allowed to decide who has the root password. From my understanding of what you wrote, you are not the administrator of these machines, merely someone who uses them for your job. By changing the root passwords, you've removed some people's access to these machines. These people may legitimately be angry.
Advising you how to fix this mistake is off-topic here (try Academia if you want advice over the Internet). One way or another, you should go and tell the person in charge of these machines what you did. The person in charge may be a system administrator who should know what they're doing, or they may someone in an administrative position (e.g. dean of studies) who doesn't know the technical aspects. Either way, they set the policies: they decide who is allowed to log in on the university computers, not you. You may of course suggest changes, especially if the person in charge is non-technical, but they get the final word.
You made a technical mistake with the computers where the weak password didn't work. You never checked whether they had a root password. Nothing in what you did implies that the root account doesn't have a password! When you reboot in recovery mode, you get a root shell, there's no need for a password. When you run the passwd command as root, you aren't prompted for the old password: you're root anyway, so it would be pointless. With the other computers, you can still restore the old password by running passwd again. But with the computers where you used recovery mode, it's too late: the only way to restore the old password is to find a backup, or someone who knows the old password. There's still a chance that /etc/shadow- contains the old password: it's a backup of /etc/shadow that the passwd command creates automatically. But that's only helpful if there's a machine where you only ran passwd once, not if you ran it repeatedly.
You had two complaints about the security of these machines. Both complaints may or may not be legitimate depending on what security properties are expected.
Some machines had a weak root password. That may or may not be a problem. Is it a problem that people can be root on machines that are only used for student labs? That would depend on how the machines are used. If the machines are connected to the outside and the students enter their own credentials, then yes, it's a problem and you should raise it. On the other hand, if the machines are isolated and are wiped before doing anything that's graded, then it doesn't matter. Everybody may as well be root.
Anyone can take control of the machines if they have physical access. That is unavoidable. If someone has physical access to a computer, it's their computer. There may be a good reason to make it more difficult, at least to require opening the case (meaning, recovery mode should be protected by a password and booting from USB should be disabled). But once again it depends what the computers are used for.
You need to discuss this with the people who use the machines. You can't just barge in there and lock them out. Do voice your security concerns, but also listen to the people who know what's going on, and don't go behind people's backs.
