Reset Forgotten Root Password - What changed in RHEL/CentOS 7.0

September 4, 2014 | By
| 6 Replies More

One of the many changes in Red Hat Enterprise Linux 7 / CentOS 7 is that it uses GRUB 2 and resetting the password is no longer performed in single-user mode as it was in GRUB included in the previous versions, because the root password is now required to operate in single-user mode as well as in emergency mode.

The new procedure to reset the root password in case you forget it is performed as follows:

Edit GRUB 2 boot options

First of all start your system and when you get to GRUB boot screen shown in the image bellow press the "e" key on your keyboard to enter the edit mode.

grub2 screen

In the next screen go down to the "linux16" or "linuxefi" line using the arrow keys and remove the "rhgb" and "quiet" parameters, this is needed in order to enable system messages. You can see the parameters in the red rectangle in the image bellow:

grub2 edit

Next go to the end of the line and add the "init=/bin/sh" option (shown in the blue rectangle in the image below). This will boot your system in the sh shell rather than running the system init daemon.

grub2 edit add init

Now press Ctrl + X to boot in the sh shell.

Changing the root password

Once the sh shell is available you can proceed with the reset of the root password. The first thing that you need to do is to mount the root filesystem as read-write, since in the boot process it is mounted as read-only. You can do this with the following command:

# mount -o remount, rw /

Next you can use the passwd command to change the root password:

# passwd

You will need to enter the root password twice and the change will be saved.

Finally to make sure that SELinux context of the files that were modified is restored properly after boot you will need to run the following command:

# touch /.autorelabel

All the commands are illustrated in the image bellow:

reset root password

Now that the root password was reset you can either resume the boot process with the following command:

# exec /sbin/init

Or if you wish to reboot the system you can use this command:

# exec /sbin/reboot

As you can see the procedure is straightforward and shouldn't take more than a few minutes of your time.

Alternative Method

An alternative method of resetting the root password is to use “rd.break enforcing=0” instead of “init=/bin/sh” in GRUB 2 boot options above. You will have to follow mostly the same steps as above.

# mount –o remount,rw /sysroot
# chroot /sysroot
# passwd
# exit

alternative-root-reset

Filed Under : LINUX HOWTO

Free Linux Ebook to Download

Comments (6)

Trackback URL | Comments RSS Feed

  1. Triggering an auto-relabel to fix one file (/etc/shadow) is overkill and has the danger of taking a looooooong time and causing other problems (in the case of poor label management).

    I would recommend sticking to /sbin/load_policy -i as mentioned in the RHEL7 Installation Guide @ http://red.ht/1vHVatu.

  2. Jim Nicholls says:

    The RedHat RHCSA Rapid Track Student Workbook for RHEL 7 gives the instruction to append rd.break, not to append init=/bin/sh.

  3. stephen ikwue says:

    The steps are

    1 rd.break at end of linux line, then ctrl-x
    2 mount -o remount,rw /
    3 chmod 640 /etc/passwd
    4 passwd reset
    5 touch /.autorelabel
    6 exec /sbin/reboot or force off the machine

    you need a relabel

  4. stephen ikwue says:

    3. correction line 3 is chmod 640 /etc/shadow

  5. Adrian Dinu says:

    Hello,

    This article is based on the official Red Hat Enterprise Linux 7 System Administrator's Guide you can check here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Terminal_Menu_Editing_During_Boot.html#sec-Recovering_Root_Password

    It was also carefully tested on CentOS 7 and works without any problem.

  6. chas says:

    exec /sbin/reboot fails for me with a kernel panic that does not sync/flush my changes to disk. I had to exec /sbin/init, wait for the relabel, reboot again, then I could login. I might try the enforcing=0 next time.

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.