Reset Forgotten Root Password - What changed in RHEL/CentOS 7.0

One of the many changes in Red Hat Enterprise Linux 7 / CentOS 7 is that it uses GRUB 2 and resetting the password is no longer performed in single-user mode as it was in GRUB included in the previous versions, because the root password is now required to operate in single-user mode as well as in emergency mode.

The new procedure to reset the root password in case you forget it is performed as follows:

Edit GRUB 2 boot options

First of all start your system and when you get to GRUB boot screen shown in the image bellow press the "e" key on your keyboard to enter the edit mode.

grub2 screen

In the next screen go down to the "linux16" or "linuxefi" line using the arrow keys and remove the "rhgb" and "quiet" parameters, this is needed in order to enable system messages. You can see the parameters in the red rectangle in the image bellow:

grub2 edit

Next go to the end of the line and add the "init=/bin/sh" option (shown in the blue rectangle in the image below). This will boot your system in the sh shell rather than running the system init daemon.

grub2 edit add init

Now press Ctrl + X to boot in the sh shell.

Changing the root password

Once the sh shell is available you can proceed with the reset of the root password. The first thing that you need to do is to mount the root filesystem as read-write, since in the boot process it is mounted as read-only. You can do this with the following command:

# mount -o remount, rw /

Next you can use the passwd command to change the root password:

# passwd

You will need to enter the root password twice and the change will be saved.

Finally to make sure that SELinux context of the files that were modified is restored properly after boot you will need to run the following command:

# touch /.autorelabel

All the commands are illustrated in the image bellow:

reset root password

Now that the root password was reset you can either resume the boot process with the following command:

# exec /sbin/init

Or if you wish to reboot the system you can use this command:

# exec /sbin/reboot

As you can see the procedure is straightforward and shouldn't take more than a few minutes of your time.

Alternative Method

An alternative method of resetting the root password is to use “rd.break enforcing=0” instead of “init=/bin/sh” in GRUB 2 boot options above. You will have to follow mostly the same steps as above.

# mount –o remount,rw /sysroot
# chroot /sysroot
# passwd
# exit

6 Comments... add one

  1. The steps are

    1 rd.break at end of linux line, then ctrl-x
    2 mount -o remount,rw /
    3 chmod 640 /etc/passwd
    4 passwd reset
    5 touch /.autorelabel
    6 exec /sbin/reboot or force off the machine

    you need a relabel

  2. exec /sbin/reboot fails for me with a kernel panic that does not sync/flush my changes to disk. I had to exec /sbin/init, wait for the relabel, reboot again, then I could login. I might try the enforcing=0 next time.


Leave a Comment