How To Reset Root User Password In CentOS/RHEL 7

Normally resetting the root password is a simple task if you’re logged in already with root privileges, however if you forget the password and need to change it things become a little more difficult.

The process has changed from CentOS/RHEL (Red Hat Enterprise Linux) version 6 to 7, as previously you would boot into single user mode and then change the password as root. From version 7 the equivalent modes are the rescue or emergency targets, however these require the root password before you can do anything which doesn’t help us here, so we’ll take you through the new process to change the lost root password.

This is also a task that you will need to know how to perform for the RHCSA exam.

This procedure will be completed in the console of the Linux system, so be sure that you have access to this prior to beginning. As with all system maintenance tasks, be sure you have a system backup/snapshot prior to proceeding.

  1. If your Linux system is currently running, reboot it. If it is not yet running, start it up. At the boot menu, press the ‘e’ key to edit the first boot entry.

    Linux Reset Root Password Boot Options

  2. From the grub options, find the line that starts with “linux16” and go to the end of it. Enter ‘rd.break’ without quotes at the end of this line, as shown below.

    Linux Reset Root Password Grub Options

  3. Press “Ctrl+x” to boot with these options. This will boot to the initramfs prompt with a root shell.

    Linux Reset Root Password Control+X To Start

  4. At this stage, the root file system is mounted in read only mode to /sysroot and must be remounted with read/write (rw) permissions in order for us to actually make any changes. This is done with the ‘mount -o remount,rw /sysroot’ command.

    Linux Reset Root Password Remount read/write

  5. Once the file system has been remounted, change into a chroot jail so that /sysroot is used as the root of the file system. This is required so that any further commands we run will be in regards to /sysroot. This is done by running ‘chroot /sysroot’.

    Linux Reset Root Password Chroot Environment

  6. From here the root password can be reset with the ‘passwd’ command.

    Linux Reset Root Password passwd command

  7. If you’re not using SELinux, you could reboot at this point and everything would be fine, however by default CentOS/RHEL 7 use SELinux in enforcing mode, so we need to fix the context of the /etc/shadow file. This is because when the ‘passwd’ command is run, it creates a new /etc/shadow file. As SELinux is not running in this mode the file is created with no SELinux contexts, which can cause problems when we reboot. Create the /.autorelabel command using ‘touch’.

    Linux Reset Root Password SELinux Autorelabel File System

    Creating this file will automatically perform a relabel of all files on next boot. Note that this may take some time depending on the amount of files you have on the file system. For a plain vanilla CentOS 7 server, it takes me about 2 minutes to complete.

  8. Enter the ‘exit’ command twice, the first one will exit the chroot jail environment while the second will exit the initramfs root shell and reboot the system.

    Linux Reset Root Password Exit Chroot And Initramfs

Once the reboot has completed you will be able to use the root account with your newly set password.


Summary

As shown we can reset the root password in Linux CentOS/RHEL 7 by booting with the ‘rd.break’ option, remounting the file system with read/write privileges, creating a chroot jail, executing the passwd command and then finally fixing up SELinux contexts.

After exiting the chroot and the initramfs root shell prompt the file system will be relabelled which may take a few minutes or more depending on the number of files you have. When your system has booted back up you’ll be able to use the new root password.

Leave a comment ?

36 Comments.

  1. Thanks a lot… it works for me

  2. great tutorial…….

    thanks man……..

  3. Hello, I tried this method, but I face a problem.
    After I pressed ctrl+d 2 times post changing the paddword, the screen gets stuck, probably it is due to the mass relabelling as mentioned in the explanation above.
    Now it is so stuck that I am unable to recover my VM.

    On every restart it is on the same screen.

  4. thank you ..
    It is really helpfull

  5. Thank you
    It is really helpfull
    I have solved my problem

  6. How to break secure root password in Linux 7.0 versions

  7. i followed the steps but not only does the new root password not work but now my regular user password isnt’t working either. So now i cannot log into the system.

  8. when i have reset the root password in rhel 7 then i got a error msg like “Failed to load selinux policy” freezing..,,, how to resolve this error msg??

    • Hi, maybe it will help another guy, on the kernel load line after “rd.break” wich spawn the bash in initramfs, add enforcing=0 in order to change SELinux policy without disable it.

      U’re welcome.

  9. After resetting my root password on CentOS7 successfully, I couldn’t use the newly set password, but the old password still works. I tried with different servers and still encounter same issue

  10. It’s good dude

  11. I didn’t know procedure changed in rhel7 and almost failed exam because of it. Fortunately I found another option how to jump into single mode. Just write init=1 which will do same job as rd.break :-)

  12. I didn’t know procedure changed in rhel7 and almost failed exam because of it. Fortunately I found another option how to jump into single mode. Just write init=1 which will do same job as rd.break :-)

  13. I didn’t know procedure changed in rhel7 and almost failed exam because of it. Fortunately I found another option how to jump into single mode. Just write init=1 which will do same job as rd.break :-)

  14. Hi. Thanks. For me, it works with this: rd.break console=tty0

  15. Thanks a lot… it works for me

  16. Sagubar Sathik Haja Najimudeen

    Perfect Steps. Clean and Crisp. Worked perfectly for RHEL-7 server installed as VM.

  17. Hi, this works on my system, thank a lot man. Keep a good work !!!

  18. its not working in my centos 7

  19. This topics really works. Thank you very much.

  20. Thanks a lot!! Works like a charm

  21. How can the client change the password by themself on GUI of centOS7?
    Because In my company all the user are in the domain system so when their username expire the password the can’t change as windows 10?

  22. Is Root password can be cracked by any one? if yes, how to avoid it.

    • If the hash becomes accessible, yes. By default it should only be available to the root user, so keep users with root privileges secure and set strong passwords so that if the hash is discovered it becomes infeasible to attack.

  23. i can not give touch /.autorelabel in the last line .
    so the os can not boot and comes blank screen. How i solve this problem??

  24. thanks buddy you save my day

  25. Gunaseelan Selvam

    Thank you very much.

  26. when I am pressing e its showing username prompt instead of grub options

  27. JONATHAN JOHNSON

    @lyke

    You should check to make sure that your password file is restored to the correct context with selinux enabled if you did not change your user password and it stopped working then the bad context is more than likely the issue. You can do this be getting into the system the same way. skip the password reset portion and once you are inside the file structure use

    #restorecon /etc/shadow

    command this should solve your issue.

  28. Perfect!!! One question though… how can I return to automatically selecting ‘normal’ mode? Now, the grub stops & displays options for selecting, for like 3 seconds before selecting first option (which is the correct option).

    Thanks again!

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>