How to reset a forgotten root password RHEL / CentOS 7

netfilter

Ever wondered how to reset your root password on a system if you are completely forgotten it? Up until recently, you could simply change the GRUB kernel options to boot into single user mode, or tell init to spawn a shell with /bin/bash or similar. With Red Hat Enterprise Linux 7 or CentOS 7, the game has changed a few more steps, the below guide shows you how to get it done!

Please note: If the filesystem is encrypted, these instructions will not work!

The steps differ depending upon whether your machine is a virtual guest using a virtualised environment such as  KVM or VirtualBox using a USB keyboard or if you are on a standard RHEL/CentOS machine. The first instructions are for a standard machine, scroll down this article if you are using a virtual guest.

Resetting the password on a standard RHEL/CentOS machine

1) Boot your system and wait until the GRUB2 menu appears.
2) In the boot menu, highlight any entry and press e.
3) Find the line beginning with linux. At the end of this line, append the following:

init=/bin/sh

Note: if you find yourself suffering from a kernel panic, instead of “ro” change to “rw” to sysroot as example below:

rw init=/sysroot/bin/sh

4) Press F10 or Ctrl+X to boot the system using the options you just edited.
Once the system boots, you will be presented with a shell prompt without having to enter any user name or password:

sh-4.2#

5) Load the installed SELinux policy:

sh-4.2# /usr/sbin/load_policy -i

6) Execute the following command to remount your root partition:

sh4.2# mount -o remount,rw /

7) Reset the root password:

sh4.2# passwd root

When prompted to, enter your new root password and confirm by pressing the Enter key. Enter the password for the second time to make sure you typed it correctly and confirm with Enter again. If both passwords match, a message informing you of a successful root password change will appear.
8) Remount the root partition again, this time as read-only:

sh4.2# mount -o remount,ro /

9) Reboot the system. From now on, you will be able to log in as the root user using the new password set up during this procedure. To reboot the system enter exit and exit again to leave the environment and reboot the system.

Instructions for using a USB keyboard or if the system is a virtual guest

Note that the above mentioned steps may drop you to a prompt without access to a USB keyboard and do not work in a VM like KVM or VirtualBox. To reset the root password in these environments:

1) add rd.break instead of init=/bin/sh to the end of the line that starts with linux in Grub2:
2) when the system boots, run the following command to remount the root filesystem in read-write mode:

mount -o remount,rw /sysroot

3) then run:

chroot /sysroot

4) run:

passwd

5) instruct SELinux to relabel all files upon reboot (because the /etc/shadow file was changed outside of its regular SELinux context) — run:

touch /.autorelabel

Note that this may take some time during the next boot.

6) type exit to leave the chroot environment.
7) type exit to log out, note this will also reboot the system.

The system will reboot, re-apply all SELinux labels, and present you with a regular login prompt.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.