This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7.
Basically, we will add a “rd.break” to the end of the line with kernel parameters in Grub to stop the start-up process before the regular root filesystem is mounted, hence the necessity to chroot into sysroot.
This will allow you to break into your Linux system and reset the root password back to your own.
Please note that in below steps, you will use “rd.break” instead of alternative method “init=/bin/sh” to recover your lost root password.
Steps to Reset Forgotten Root Password on Linux RHEL 7/CentOS 7
1. Reboot your system and interrupt the countdown in the boot loader menu.
In order to interrupt the countdown, you need to press any key when the boot loader menu appears.
2. Edit the default boot loader entry to abort the boot process just after all file systems have been mounted, but before control is handed over to systemd, then boot.
Use the cursor keys to highlight the default boot loader entry. On the GRUB 2 boot screen, press e to edit the current entry.
3. Using the cursor keys, navigate to the line that starts with linux16 if you are using on x86-64 BIOS-based systems and navigate to the line that starts with Linux line on 64-Bit IBM Power Series.
Press End to move the cursor to the end of the line.
4. Append “rd.break” or “rd.break enforcing=0” to the end of the line. Both gives the same result.
# rd.break enforcing=0
Use option “rd.break”
Use option “rd.break enforcing=0”
Note: Adding enforcing=0 puts the system into SELinux Permissive mode. This option enables omitting the time-consuming SELinux relabeling process and allows you to complete the boot process despite having mislabeled files.
5. Press Ctrl+x to boot using the modified config.
6. The file system is mounted read-only on /sysroot/. You will not be allowed to change the password if the file system is not writable. Run the following command to remount the root filesystem in read-write mode:
# mount -oremount,rw /sysroot
7. Then use chroot to go into a chroot jail at /sysroot. Change the file system’s root as follows:
# chroot /sysroot
8. Change the root password to your own password.
# passwd root
9. Configure the system to automatically perform a full SELinux relabel after boot. This is necessary since the passwd tool re-created the /etc/shadow file without an SELinux context.
# touch / .autorelabel
10. Type exit twice to continue booting your system as normal. The system will run an SELinux relabel, then reboot again by itself.
I hope this article gives you some ideas and essential guidance on how to reset forgotten root passwords on Linux RHEL 7 and CentOS 7.