RHEL: Forgotten ’root’ password / using single-user to gain access

RHEL: Forgotten 'root' password / using single-user to gain access

# Tested on RHEL 6 & 7


# RHEL 6 -----------------------------------------------------------------------------------

# Booting into single user mode is the easiest way to gain access to a RHEL server (only
# feasible if you have access to the physical console).

# To enter single-user mode, reboot your computer. If you use the default boot loader, GRUB,
# you can enter single user mode by performing the following:

# Method A:

# 1.- At the boot loader menu, use the arrow keys to highlight the installation you want
#     to edit and type 'a' to enter into append mode.

# 2.- You are presented with a prompt that looks similar to the following:

grub append> ro root=LABEL=/

# 3.- Press the Spacebar once to add a blank space, then add the word 'single' to tell
#     GRUB to boot into single-user Linux mode. The result should look like the following:

ro root=LABEL=/ single

# 4.- Press [Enter] and GRUB will boot single-user Linux mode. After it finishes loading,
#     you will be presented with a shell prompt.

# 5.- You are now in single user mode, and be auto logged in as root. You can now change
#     the root password by typing:

passwd root

# *** Note: For Red Hat Enterprise Linux 6.0 there is a bug that will prevent you from
# changing your root password in single user mode. This is a result of SELinux. For this
# situation you would want to temporarily disable SELinux:

setenforce 0

# Now you should be allowed to change your root password.



# Method B:
# ------------------------------------------------------------------------------------------

# 1.-  At the beginning of the boot process you should see the grub menu pop up with a
#    countdown and some kernel options (or perhaps just one option). It should be counting
#    down at this point and says: "Press any key to enter the menu". In this case you would
#    hit any key.

# 2.- At the bottom of the screen there is an explanation of the few options that are
#     available to use on this page. One of these options is 'e' for edit. Hit 'e' to edit
#     the boot kernel options.

# 3.- You would now edit the main kernel options, adding 'single' at the end.

# 4.- Once you have completed that hit enter, then 'b' for boot.

# 5.- You are now in single user mode, and be auto logged in as root. You can now change
#     the root password by typing:

passwd root
 
# *** Note: For Red Hat Enterprise Linux 6.0 there is a bug that will prevent you from
# changing your root password in single user mode. This is a result of SELinux. For this
# situation you would want to temporarily disable SELinux:

setenforce 0

# Now you should be allowed to change your root password.



# Method C:
# ------------------------------------------------------------------------------------------

# If, for whatever reason (hardened server,... ), methods A and B don't work, we can proceed
# as shown here below.
 
# Use either method A or B to edit kernel options and append

   init=/bin/sh

# This process passes the init=/bin/sh option to the kernel and tells it to run /bin/sh
# as init instead of the normal /sbin/init. By doing this, the normal init process is
# bypassed.

# To reset root password:

# Mount the /proc filesystem

mount /proc

# Remount the root filesystem in read/write mode

mount -n -o remount,rw /

# Mount the /usr partition (if it is a separate partition)

mount /usr

# Reset root password

/usr/bin/passwd

# and, finally, power cycle the system manually (none of the reboot commands is meant to
# work at this point)




# RHEL 7 -----------------------------------------------------------------------------------

# Reboot server. At the boot loader menu, user the arrow keys to highlight the installation
# you want to edit and press "e" to modify the parameters to boot the kernel

# Scroll down until you find the kernel line. It looks like this one, beginning with
# "linux16":

linux16 /vmlinuz-0-rescue-ccddb0f617bc493baa4e9f7d7b8e4612 root=/dev/mapper/rootvg-lv_root \
   ro crashkernel=256M rd.lvm.lv=rootvg/lv_root \
   rd.lvm.lv=rootvg/lv_swap rd.lvm.lv=rootvg/lv_usr net.ifnames=0 rhgb quiet

# You need to change "ro" to "rw" and start into a bash shell. Your new line should look
# like this one:

linux16 /vmlinuz-0-rescue-ccddb0f617bc493baa4e9f7d7b8e4612 root=/dev/mapper/rootvg-lv_root \
   rw init=/sysroot/bin/bash crashkernel=256M rd.lvm.lv=rootvg/lv_root \
   rd.lvm.lv=rootvg/lv_swap rd.lvm.lv=rootvg/lv_usr net.ifnames=0 rhgb quiet

# Then, you're ready to boot the server by simply pressing "Crtl + x"

# Once the server is up you should be able to change change root's password by
running
# following commands:

chroot /sysroot

passwd root


# Reboot your server to start it up in multi-user mode.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Linux An introduction to swap space on Linux systems
Viewed 2512 times since Thu, Jan 23, 2020
python learning
Viewed 1968 times since Wed, Dec 18, 2019
How to create a Systemd service in Linux
Viewed 3024 times since Mon, Dec 7, 2020
Manage Linux Password Expiration and Aging Using chage
Viewed 4721 times since Tue, Sep 11, 2018
Top 20 OpenSSH Server Best Security Practices ssh linux aix
Viewed 6067 times since Fri, May 15, 2020
Linux - How to get IP and MAC address of ethernet adapter in Linux
Viewed 2803 times since Fri, Jun 8, 2018
6 easy steps to setup offline two factor authentication in Linux
Viewed 13221 times since Mon, Apr 6, 2020
debian Install a newer kernel in Debian 9 (stretch) stable
Viewed 1856 times since Sun, Sep 23, 2018
Transform XML to CSV Format | Unix String Pattern Manipulation The Ugly Way
Viewed 5735 times since Sun, Jan 9, 2022
linux ssh Remotely Initiated Reverse SSH Tunnel
Viewed 3253 times since Wed, Apr 22, 2020