RHEL: Forgotten ’root’ password / using single-user to gain access

RHEL: Forgotten 'root' password / using single-user to gain access

# Tested on RHEL 6 & 7


# RHEL 6 -----------------------------------------------------------------------------------

# Booting into single user mode is the easiest way to gain access to a RHEL server (only
# feasible if you have access to the physical console).

# To enter single-user mode, reboot your computer. If you use the default boot loader, GRUB,
# you can enter single user mode by performing the following:

# Method A:

# 1.- At the boot loader menu, use the arrow keys to highlight the installation you want
#     to edit and type 'a' to enter into append mode.

# 2.- You are presented with a prompt that looks similar to the following:

grub append> ro root=LABEL=/

# 3.- Press the Spacebar once to add a blank space, then add the word 'single' to tell
#     GRUB to boot into single-user Linux mode. The result should look like the following:

ro root=LABEL=/ single

# 4.- Press [Enter] and GRUB will boot single-user Linux mode. After it finishes loading,
#     you will be presented with a shell prompt.

# 5.- You are now in single user mode, and be auto logged in as root. You can now change
#     the root password by typing:

passwd root

# *** Note: For Red Hat Enterprise Linux 6.0 there is a bug that will prevent you from
# changing your root password in single user mode. This is a result of SELinux. For this
# situation you would want to temporarily disable SELinux:

setenforce 0

# Now you should be allowed to change your root password.



# Method B:
# ------------------------------------------------------------------------------------------

# 1.-  At the beginning of the boot process you should see the grub menu pop up with a
#    countdown and some kernel options (or perhaps just one option). It should be counting
#    down at this point and says: "Press any key to enter the menu". In this case you would
#    hit any key.

# 2.- At the bottom of the screen there is an explanation of the few options that are
#     available to use on this page. One of these options is 'e' for edit. Hit 'e' to edit
#     the boot kernel options.

# 3.- You would now edit the main kernel options, adding 'single' at the end.

# 4.- Once you have completed that hit enter, then 'b' for boot.

# 5.- You are now in single user mode, and be auto logged in as root. You can now change
#     the root password by typing:

passwd root
 
# *** Note: For Red Hat Enterprise Linux 6.0 there is a bug that will prevent you from
# changing your root password in single user mode. This is a result of SELinux. For this
# situation you would want to temporarily disable SELinux:

setenforce 0

# Now you should be allowed to change your root password.



# Method C:
# ------------------------------------------------------------------------------------------

# If, for whatever reason (hardened server,... ), methods A and B don't work, we can proceed
# as shown here below.
 
# Use either method A or B to edit kernel options and append

   init=/bin/sh

# This process passes the init=/bin/sh option to the kernel and tells it to run /bin/sh
# as init instead of the normal /sbin/init. By doing this, the normal init process is
# bypassed.

# To reset root password:

# Mount the /proc filesystem

mount /proc

# Remount the root filesystem in read/write mode

mount -n -o remount,rw /

# Mount the /usr partition (if it is a separate partition)

mount /usr

# Reset root password

/usr/bin/passwd

# and, finally, power cycle the system manually (none of the reboot commands is meant to
# work at this point)




# RHEL 7 -----------------------------------------------------------------------------------

# Reboot server. At the boot loader menu, user the arrow keys to highlight the installation
# you want to edit and press "e" to modify the parameters to boot the kernel

# Scroll down until you find the kernel line. It looks like this one, beginning with
# "linux16":

linux16 /vmlinuz-0-rescue-ccddb0f617bc493baa4e9f7d7b8e4612 root=/dev/mapper/rootvg-lv_root \
   ro crashkernel=256M rd.lvm.lv=rootvg/lv_root \
   rd.lvm.lv=rootvg/lv_swap rd.lvm.lv=rootvg/lv_usr net.ifnames=0 rhgb quiet

# You need to change "ro" to "rw" and start into a bash shell. Your new line should look
# like this one:

linux16 /vmlinuz-0-rescue-ccddb0f617bc493baa4e9f7d7b8e4612 root=/dev/mapper/rootvg-lv_root \
   rw init=/sysroot/bin/bash crashkernel=256M rd.lvm.lv=rootvg/lv_root \
   rd.lvm.lv=rootvg/lv_swap rd.lvm.lv=rootvg/lv_usr net.ifnames=0 rhgb quiet

# Then, you're ready to boot the server by simply pressing "Crtl + x"

# Once the server is up you should be able to change change root's password by
running
# following commands:

chroot /sysroot

passwd root


# Reboot your server to start it up in multi-user mode.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Jak wygenerować silne hasła jednorazowe w Linuksie?
Viewed 1269 times since Thu, May 24, 2018
OpenSSL – sprawdzanie czy klucz pasuje do certyfikatu
Viewed 1516 times since Thu, May 24, 2018
Odpalenie polecenia tylko na jedną godzinę
Viewed 1497 times since Thu, May 24, 2018
Linux Proxy Server Settings – Set Proxy For Command Line
Viewed 1219 times since Mon, Feb 18, 2019
Setting up encrypted tunnel using stunnel
Viewed 1103 times since Fri, Sep 28, 2018
RHEL: Building a custom kernel on RHEL 6
Viewed 1522 times since Sat, Jun 2, 2018
RHEL: Crash kernel dumps configuration and analysis on RHEL 7
Viewed 5677 times since Sat, Jun 2, 2018
Linux - How to shutdown or reboot
Viewed 887 times since Fri, Jun 8, 2018
Linux – How to check the exit status of several piped commands
Viewed 1891 times since Wed, Jul 25, 2018
debian Debian/Ubuntu Linux: Find If Installed APT Package Includes a Fix/Patch Via CVE Number
Viewed 7133 times since Sun, Sep 23, 2018