RHEL: Forgotten ’root’ password / using single-user to gain access

RHEL: Forgotten 'root' password / using single-user to gain access

# Tested on RHEL 6 & 7


# RHEL 6 -----------------------------------------------------------------------------------

# Booting into single user mode is the easiest way to gain access to a RHEL server (only
# feasible if you have access to the physical console).

# To enter single-user mode, reboot your computer. If you use the default boot loader, GRUB,
# you can enter single user mode by performing the following:

# Method A:

# 1.- At the boot loader menu, use the arrow keys to highlight the installation you want
#     to edit and type 'a' to enter into append mode.

# 2.- You are presented with a prompt that looks similar to the following:

grub append> ro root=LABEL=/

# 3.- Press the Spacebar once to add a blank space, then add the word 'single' to tell
#     GRUB to boot into single-user Linux mode. The result should look like the following:

ro root=LABEL=/ single

# 4.- Press [Enter] and GRUB will boot single-user Linux mode. After it finishes loading,
#     you will be presented with a shell prompt.

# 5.- You are now in single user mode, and be auto logged in as root. You can now change
#     the root password by typing:

passwd root

# *** Note: For Red Hat Enterprise Linux 6.0 there is a bug that will prevent you from
# changing your root password in single user mode. This is a result of SELinux. For this
# situation you would want to temporarily disable SELinux:

setenforce 0

# Now you should be allowed to change your root password.



# Method B:
# ------------------------------------------------------------------------------------------

# 1.-  At the beginning of the boot process you should see the grub menu pop up with a
#    countdown and some kernel options (or perhaps just one option). It should be counting
#    down at this point and says: "Press any key to enter the menu". In this case you would
#    hit any key.

# 2.- At the bottom of the screen there is an explanation of the few options that are
#     available to use on this page. One of these options is 'e' for edit. Hit 'e' to edit
#     the boot kernel options.

# 3.- You would now edit the main kernel options, adding 'single' at the end.

# 4.- Once you have completed that hit enter, then 'b' for boot.

# 5.- You are now in single user mode, and be auto logged in as root. You can now change
#     the root password by typing:

passwd root
 
# *** Note: For Red Hat Enterprise Linux 6.0 there is a bug that will prevent you from
# changing your root password in single user mode. This is a result of SELinux. For this
# situation you would want to temporarily disable SELinux:

setenforce 0

# Now you should be allowed to change your root password.



# Method C:
# ------------------------------------------------------------------------------------------

# If, for whatever reason (hardened server,... ), methods A and B don't work, we can proceed
# as shown here below.
 
# Use either method A or B to edit kernel options and append

   init=/bin/sh

# This process passes the init=/bin/sh option to the kernel and tells it to run /bin/sh
# as init instead of the normal /sbin/init. By doing this, the normal init process is
# bypassed.

# To reset root password:

# Mount the /proc filesystem

mount /proc

# Remount the root filesystem in read/write mode

mount -n -o remount,rw /

# Mount the /usr partition (if it is a separate partition)

mount /usr

# Reset root password

/usr/bin/passwd

# and, finally, power cycle the system manually (none of the reboot commands is meant to
# work at this point)




# RHEL 7 -----------------------------------------------------------------------------------

# Reboot server. At the boot loader menu, user the arrow keys to highlight the installation
# you want to edit and press "e" to modify the parameters to boot the kernel

# Scroll down until you find the kernel line. It looks like this one, beginning with
# "linux16":

linux16 /vmlinuz-0-rescue-ccddb0f617bc493baa4e9f7d7b8e4612 root=/dev/mapper/rootvg-lv_root \
   ro crashkernel=256M rd.lvm.lv=rootvg/lv_root \
   rd.lvm.lv=rootvg/lv_swap rd.lvm.lv=rootvg/lv_usr net.ifnames=0 rhgb quiet

# You need to change "ro" to "rw" and start into a bash shell. Your new line should look
# like this one:

linux16 /vmlinuz-0-rescue-ccddb0f617bc493baa4e9f7d7b8e4612 root=/dev/mapper/rootvg-lv_root \
   rw init=/sysroot/bin/bash crashkernel=256M rd.lvm.lv=rootvg/lv_root \
   rd.lvm.lv=rootvg/lv_swap rd.lvm.lv=rootvg/lv_usr net.ifnames=0 rhgb quiet

# Then, you're ready to boot the server by simply pressing "Crtl + x"

# Once the server is up you should be able to change change root's password by
running
# following commands:

chroot /sysroot

passwd root


# Reboot your server to start it up in multi-user mode.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHCS6: Create a new Logical Volume / Global Filesystem 2 (GFS2)
Viewed 675 times since Sun, Jun 3, 2018
Linux - How to get network speed and statistic of ethernet adapter in Linux
Viewed 488 times since Fri, Jun 8, 2018
UUIDs and Linux: Everything you ever need to know [Update]
Viewed 483 times since Tue, Jul 17, 2018
Using IOzone for Linux disk performance analysis
Viewed 2407 times since Wed, Jul 25, 2018
ZPOOL: Add a mirror to a concat zpool
Viewed 827 times since Sun, Jun 3, 2018
How to do a Filesystem Resize (ext3/ext4) on Redhat running on VMware
Viewed 1181 times since Wed, Jul 25, 2018
Linux – Securing your important files with XFS extendend attributes
Viewed 477 times since Wed, Jul 25, 2018
Linux RAID Mdadm Cheat Sheet
Viewed 119 times since Fri, May 15, 2020
Open SSL Encrypt & Decrypt Files With Password Using OpenSSL
Viewed 695 times since Mon, Feb 18, 2019
Oracle Linux 7 – How to audit changes to a trusted file such as /etc/passwd or /etc/shadow
Viewed 1067 times since Wed, Jul 25, 2018