In this tutorial, we will learn how to reset root password in RHEL 8 operating system which you may have forgotten.
What if we forgot root user password? Is it possible to reset a forgotten root user password in RHEL 8 / CentOS 8 Linux? If this is your question, then the answer is YES. It is easy to reset your root password if you have an active user account with sudo privileges. But if you don’t have access to a local user with sudo privileges and can’t recover root password via other means. This leaves you with the manual password recovery on your RHEL 8 server from the Grub boot menu.
Table of Contents
Steps Involved to reset root password in RHEL 8:
If you don’t have access to a local user with sudo privileges and can’t recover root password via other means, you will have to do the following:
- Interrupt the boot process
- Edit the boot parameters
- Reboot the system again
- Re-mount the file system as writable
- Reset the root password
- Relabel SELinux
Step 1: Interrupt the boot process
a. Reboot the system and, on the GRUB 2 boot screen interrupt the boot loader sequence by pressing any key. Move the cursor to the entry that needs to be booted.
b. Press the e key to edit the selected boot entry.
You will get the kernel boot parameters screen similar to below-
Step 2: Edit the boot parameters
a. Go to the end of the line that starts with linux. It looks like the below output:
b. Press Ctrl+e to jump to the end of the line.
c. Append rd.break options at the end of the kernel command line. This will break just before control is handed from the initramfs to the actual system.
d. Press “Ctrl+x” and reboot the system. At this point, a root shell will be presented, with the root file system for the actual system mounted read-only on /sysroot.
Step 3: Re-mount the file system
At this point, the root file system for the actual system mounted read-only on /sysroot. Remounting the file system as writable allows you to change the password.
a. Therefore, we will re-mount the file system as writable. To do so run below command
switch_root# mount -o remount,rw /sysrootb. Verify if the root filesystem is mounted as read-write:
switch_root:/# mount | grep -i sysroot
Step 4: Reset the root password
a. Switch into a chroot jail, where /sysroot is treated as the root of the file system tree:
switch_root# chroot /sysrootThe sh-4.4# prompt appears.
b. Set a new root password
sh-4.2# passwd root
You will get the message: all authentication tokens updated successfully.
Step 5: Relabel SELinux
SELinux is not yet enabled at this point, so any new files being created will not have an SELinux context assigned to them. Keep in mind that some tools (such as passwd) first create a new file, then move it in place of the file they are intended to edit, effectively creating a new file without an SELinux context.
a. To make sure that all unlabeled files (including /etc/shadow at this point) get relabeled on the next system boot. Enter below command
sh-4.2# touch /.autorelabelb. Exit the chroot environment:
sh-4.2# exitc. Exit the switch_root prompt:
switch_root# exit
Congratulations! You have successfully reset the root user password in RHEL 8. Now you will be able to login with root user with the password you set.
FAQs:-
1. What is GRUB 2?
GRUB2 is the latest version of GNU GRUB, the GRand Unified Bootloader. A bootloader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel.
2. What is Kernel?
The kernel is a computer program at the core of a computer’s operating system and generally has complete control over everything in the system. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components.
3. What is chroot?
Chroot jail is used to create a limited sandbox for a process to run in. This means a process cannot maliciously change data outside the prescribed directory tree.
4. What is sysroot in Linux?
A sysroot is a scaled down version of your target’s filesystem, it need only contain the libraries and headers which you will compile/link against. The sysroot directory works as a root for headers and libraries.
5. What is switch_root?
The switch_root is a utility used to switch from one root file system to another file system as the root of the mount tree. It is primarily used for initramfs/initrd cases.
6. What is SELinux?
SELinux stands for Security Enhanced Linux, which is an access control system that is built into the Linux kernel. It is used to enforce the resource policies that define what level of access users, programs, and services have on a system.
Reference Links:-
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/changing-and-resetting-the-root-password-from-the-command-line_configuring-basic-system-settings
- https://www.thegeekdiary.com/how-to-reset-root-password-in-centos-rhel-8/
