How to reset root password on CentOS/Rhel 7


If we forget the password for our root account, we will be locked out of our server . In a situation like this, to gain access to the server we need reset the root password for our root account.   This tutorial is to show how to reset root password on a CentOS/RHEL server. This task is also an important RHCSA exam objective. In fact if you cannot accomplish this task you will definitely fail the exam because you will not have access to the server to complete the other tasks. Red hat does not supply the password of the server in the exam.

For this process, we need to be able to physically access the server console, not any form of remote access.

First start the server. When the screen with available kernel (see the image below)versions appear, press ‘e’. This enables us to edit the boot parameter .

available kernel screenshot

Available kernel on a typical centos

 

 

In the following screen, Look for the line starting with ‘linux16’ . This line represents all the boot parameter for the current boot. press ‘ctrl e’ to get to the end of line.

Kernel Line to edit root password Here, add the following parameter rd.break enforcing=0. rd.break creates a break in the boot process and enforcing=0 puts the selinux into permissive mode.

Kernel edited line

Now press ‘ctrl+x’ to restart the boot process. When it boots into emergency mode, first thing we need to do is remount the sysroot volume into read and write mode. Changing root or any other account password means basically making the change in /etc/shadow file , that’s why we need the readwrite option to the file system. [ It is in readonly(ro) mode now. You can check it by using ‘ mount | grep /sysroot ‘ command. ]

Use the following command to do that .

mount -o rw,remount /sysroot

Then chroot the volume

chroot /sysroot

Now we can change the root password

sh-4.2# passwd root
Changing password for user root
New password: mynewpass

Now write ‘exit’ and then enter to come out of the emergency mode.

When the system is back into the login prompt, login with the new password.

once logged in, use the following command:

restorecon /etc/shadow

This last step is very critical. If forgotten, it will force a selinux relabel of the whole file system after the next boot. Depending on the size of the file system it could take a very long time, where system downtime is very crucial.

After that you can use the new password for login next time.

Leave a comment

Your email address will not be published. Required fields are marked *