Resetting the root password is typically an easy undertaking if you have root privileges and are already logged in. However, if you’ve forgotten the password and require a change, the process can be a bit more challenging. This is why I have outlined the process in 9 easy steps.
Ensure that you have access to the Linux system console as this is where the procedure will take place. As with any system maintenance task, it’s crucial to have a backup or snapshot of the system before proceeding.
9 easy steps
You will first need to reboot the system. If you do not have access to an account that is a sudor, you may need to trigger the reboot in another way. Below is an example of rebooting a VM within VMware vSphere.
At the boot menu you will need to press the ‘e’ key to edit the first boot entry.
Locate the line that begins with “linux16” from the grub options and navigate to its end. Append the term “rd.break” (without quotation marks) to the end of this line, as shown below.
To initiate the boot process with these modifications, press “Ctrl+x”. This will cause the system to boot into the initramfs prompt, where a root shell will be available.
At this juncture, the root file system is attached in a read-only mode to the /sysroot directory, and it needs to be remounted with read/write (rw) privileges so that any alterations can be made. To accomplish this, execute the command:
mount -o remount,rw /sysroot
After remounting the file system, navigate to a chroot jail to make /sysroot the root of the file system. This step is necessary to ensure that any subsequent commands we execute are based on /sysroot. To achieve this, execute the command:
You will see prompt change to “sh-4.2”.
From here the root password can be reset with the ‘passwd’ command.
If you are not using SELinux, a restart at this point would suffice, and the system would operate without any issues. However, CentOS/RHEL 7 typically utilizes SELinux in an enforcing mode by default. This would require that we correct the context of the /etc/shadow file. To confirm whether SELinux is enforced, execute the ‘getenforce’ command.
As ‘getenforce’ returned ‘Disabled’, we will need to create a file named ‘.autorelabel’ with the touch command:
When the ‘passwd’ command is executed, it generates a fresh /etc/shadow file without any SELinux contexts. Since SELinux is not operational in this mode, this can result in complications upon reboot.
By creating this file, all files on your system will be automatically relabeled during the next boot. However, please note that the process may take some time, especially if you have a large number of files on your file system.
To exit the chroot jail environment, enter the ‘exit’ command once. Then, to exit the initramfs root shell and reboot the system, enter the ‘exit’ command again.
After the system has completed the reboot process, you can use the root account with the password that you have recently set.
To reset the root password in Linux CentOS/RHEL 7, one can boot with the ‘rd.break’ option, remount the file system with read/write privileges, create a chroot jail, execute the passwd command, and fix the SELinux contexts. After exiting the chroot and initramfs root shell prompt, the file system will be relabelled, which could take a few minutes depending on the number of files. Once the system boots up, the new root password can be used.