Note: This is a critical RHCSA 7 exam objective (if you can’t take control of a VM through a reboot at the beginning of the exam, you will fail it entirely).

Presentation

In RHEL 7, the procedure to get access to a system during the boot process and modify the root password has changed because of the adoption of Systemd.

There were several procedures floating around to recover the root password. Some were working with physical servers but not with virtual machines, some the other way around.

The following procedure works all the time.

Procedure

At the beginning of the boot process, at the GRUB 2 menu, type the e key to edit.

Then, go to the kernel line (the line starting with linux16) and add the following statements at the end:

rd.break enforcing=0

Caution: The keys to press are those of a US keyboard (querty).

Note: rd.break asks for a break at an early stage of the boot process. enforcing=0 puts the system into SELinux Permissive mode. Don’t confuse with selinux=0 that completely disables SELinux.

Press Ctrl x to resume the boot process.

Then, mount the /sysroot partition as read/write:

switch_root:/# mount –o remount,rw /sysroot

Execute the chroot command on the /sysroot partition:

switch_root:/# chroot /sysroot

Change the root password:

sh-4.2# passwd root Changing password for user root. New passwd: mypassword Retype new password: mypassword passwd: all authentication token updated successfully. sh-4.2# exit exit switch_root:/# exit logout

Connect to your server at the console (don’t reboot now!) with the root user and the new password:

... [ OK ] Started Network Manager Script Dispatcher Service. [ OK ] Started Crash recovery kernel arming. [ OK ] Reached target Multi-User System. CentOS Linux 7 (Core) Kernel 3.10.0-229.14.1.el7.x86_64 on an x86_64 vm login: root Password: mypassword

Then type:

# restorecon /etc/shadow # reboot

If you strictly follow this procedure, you don’t need to force a SELinux relabel (# touch /.autorelabel or # fixfiles onboot) or load the SELinux policy (# /usr/sbin/load_policy -i).

You don’t even need to reboot at the end! In this case, type # setenforce enforcing

For the RHCSA exam, you need to intensely practice this procedure.

Thanks to salvador and hunter86_bg for their precious comments.

Note: When dealing with boot problems, the following options can be added to the kernel command line, bringing additional information:

rd.debug rd.udev.debug systems.log_level=debug

Additional Resources

Ralph Nyberg‘s video about recovering root access (15min/2015) explains the procedure very well.

Fedora Documentation‘s got a page about Resetting the root password.

There is also a documentation available for the Anaconda Boot Options.

As there is more than one way to do it, a page describes several ways to reset the root password.

Also, there is a Serverfault question discussing SELinux problems that may happen when resetting the root password.

Use all available tips and paper writer contact our team of professional academic writers to get help.