DTT

Reset root password Centos 7

Published: January 19, 2018 (Updated: Jan 19, 2018)
#CentOS #RHEL #SELinux

Enjoying this content? Subscribe to the Channel!

Forgot Your Root Password? Resetting CentOS 7 & Red Hat 7 Made Easy!

Welcome back to Darren’s Tech Tutorials!

We’ve all been there: staring at the login prompt of your critical CentOS 7 server, racking your brain, realizing you’ve forgotten the all-important root password. It feels like a moment of panic, but don’t worry—getting locked out is a surprisingly common issue, and the fix is quick and painless.

In this comprehensive guide, we are going to walk through the exact steps to interrupt the normal boot cycle, jump into emergency mode, and reset the root password on CentOS 7. Best of all? This process works perfectly for Red Hat Enterprise Linux 7 (RHEL 7) as well!

Let’s dive in and take back control of your server.

Step 1: Interrupting the CentOS Boot Process

To reset the password, we first need to prevent the operating system from booting normally. This must be done immediately upon starting or rebooting the server.

  1. Reboot your CentOS server. If your server is running, issue a reboot command, or simply power it down and back up.
  2. As soon as the GRUB menu appears (you may see a countdown timer), press the e key. This stands for “edit” and allows you to modify the kernel parameters.

Step 2: Modifying Kernel Parameters for Emergency Mode

Once you are in the editor, you will see a lot of text listing the current boot configuration. We need to find the specific line that defines how the kernel loads and tell it to break the boot process and drop us into a shell.

  1. Scroll down until you locate the line that starts with either linux16 or linux. This line lists all the kernel boot arguments.

  2. Look for the argument ro (which means “read-only”). We need to replace or modify this setting.

  3. Navigate to the end of the linux16 line and add the following command:

    rd.break enforcing=0
    • rd.break tells the system to break before control is passed from the initial RAM disk (initramfs) to the actual system.
    • enforcing=0 temporarily disables SELinux enforcement (recommended for a smooth password reset, though we will fix the SELinux context later).

  4. Once the edit is complete, press Ctrl + x or F10 to initiate the modified boot process.

Your server will now boot directly into a root shell in the RAM disk environment.

Step 3: Mounting the Filesystem and Resetting the Password

When you land in the shell, the operating system’s main filesystem is not yet mounted for writing. We need to mount the root filesystem (/sysroot) and then use chroot to treat that filesystem as the system root.

  1. Remount the Filesystem in Read-Write Mode:

    mount -o remount,rw /sysroot

  2. Change the Root Environment: This step switches you into the main operating system’s environment, allowing you to run standard commands like passwd.

    chroot /sysroot

  3. Execute the Password Change: Now you can change the root password just as you would normally.

    passwd root

  4. You will be prompted to enter the new root password twice. Choose a strong, secure password that you won’t forget!

Step 4: Fixing SELinux Context for a Successful Boot

This is the most critical step to ensure your server boots correctly after the reset. Since we changed a core system file (/etc/shadow) while SELinux was temporarily disabled or in an incomplete state, the security context may be incorrect.

We need to create a flag file that tells SELinux to relabel the entire system on the next reboot.

  1. Create the Autorelabel Flag File:

    touch /.autorelabel

  2. Exit the chroot Environment:

    exit

  3. Exit the RAM Disk Shell:

    exit

Step 5: Final Reboot and Verification

The server will now automatically reboot. Because we created the /.autorelabel file, the first boot will take longer than usual. You will see SELinux processing files—do not interrupt this process!

  1. Wait for the server to fully reboot and present the login prompt.
  2. Log in as the user root using your newly created password.

If you successfully log in, you have regained access to your server! Well done!

Pro Tip: For a quick reference guide containing all the specific commands used in this tutorial, be sure to check out the accompanying resource page: https://darrenoneill.eu/?p=410

Conclusion

Losing a password can be terrifying, but as you’ve seen, the process of resetting the root password on CentOS 7 or Red Hat 7 is straightforward once you know the exact steps. By carefully interrupting the boot process and managing the SELinux context, you can get back to work quickly and securely.

If this guide helped you recover your server access, please give this post a share! And if you enjoy clear, accessible tech tutorials like this one, make sure you head over to Darren’s Tech Tutorials on YouTube and hit that subscribe button! We’ve got plenty more server administration tips and guides waiting for you.

Happy administering!