This tutorial explains how to reset the root password in Linux step by step with examples. Forget or lost root password in Linux, there is no need to buy any expensive tool or software to reset the root password. We can easily reset the root password in Linux through the inbuilt recovery options.
Recovery options are the part of boot package in Linux. These options are available at the first screen of boot process. These options allow us to access the Linux file system in emergency situation. In this tutorial we will learn how to use these tools to reset the lost or forgotten root password.
Resetting root password from recovery options
Restart the system and on boot screen select the second line and press e key
Recovery options include several tools and features which if used incorrectly, can crash the entire system. For this reason, usually administrators keep these options protected with password.
If these options are protected with username and password, in next screen we have to authenticate the access with assigned user name and password.
If you have also lost the username and password which are required to access the recovery options or simply want to learn process of setting and removing recovery options password, see this tutorial
It explains how to set, unset, configure, recover or remove GRUB password in Linux step by step.
Authenticate the access with username and password (if configured)
If authentication is successful (or if authentication is not configured), we will get recovery options in next screen.
Now find the line which starts with linux16 /vmlinuz……….
In this line, change configuration value ro to rw init=/sysroot/bin/sh and press Ctrl+x keys combination to start the system with updated configuration
This change forces Linux to start in emergency mode. Emergency mode mounts installed Linux in /sysroot directory and provides a recovery prompt for troubleshooting.
Now run following commands
#chroot /sysroot #passwd New password: Retype new password: #touch /.autorelabel #reboot –f
First command changes recovery prompt in fully functional shell prompt. After this command, whatever command we will execute, will be executed as it is executed from installed Linux.
Second command without any argument changes root user’s password. Type the new password when it prompts for password and re-type the same password again to verify the new password.
Third command re-labels all SELinux security contexts.
Fourth command restarts the system.
Following figure illustrates above process steps by steps
Since SELinux re-labels all security contexts, booting process will take a little bit extra time. Once relabeling is finished, system will restart again.
After restart, use the password which we set in above steps to login from root
A successful login confirms that root password has been changed.
This way we can easily reset the forgotten or lost root password through recovery options without any third party tool or software.
Troubleshooting
You may face two issues in this process
- Linux does not start in emergency mode
- Linux does not boot after this process
Linux does not start in emergency mode
If configuration value is changed incorrectly, Linux will ignore the incorrect value and will start normally. For example following figure shows an incorrect change in configuration value
To solve this issue, restart the system and change configuration value properly.
Change made in configuration values affect only running session. Once system is restarted, all configuration values are set to their default values.
Linux does not boot after this process
If necessary command for SELinux context relabeling is skipped, system will not boot after this process. For example, following figure shows skipped command for SELinux
SELinux actively monitors and protects Linux file system from any unauthorized access and modification. SELinux checks entire file system at boot time to verify that file system is exactly in same state as it was when last time system was shut down. If SELinux detects any change in file system, it will halt the booting process and block the affected process.
To learn how SELinux works in Linux, see this tutorial
SELinux Explained with examples
It explains basic concepts of SELinux and how to configure and manage SELinux effectively in Linux with practical examples.
In this example, we updated the root password. Linux stores password in /etc/passwd. When we updated root password, this file changed from its previous state. Since we made this change without notifying SELinux about this change, SELinux halts the boot process at next time and blocks the login process.
If system is booting in GUI, it will display only black screen without any error or warning.
If system is booting in CLI, it may display login prompt. But login process will not work. Since SELinux block process is based on file and the same file (/etc/passwd) which was changed while we updated the root password is used to store the passwords of all users, login process will not work for all users.
Tips
If you see blank screen after the restart, press CTRL+ALT+F2 and login with any regular user. If system lets you login, black screen issue is not related with SELinux. But if, system does not let you login even with correct username and password, this issue is definitely related with SELinux.
To solve this issue, access recovery prompt by following the same process again and run following commands to fix the issue.
Once SELinux issue is fixed, GUI login screen will be available again with working login process and functionality.
If you still face any issue or unable to reset the root password, just drop me a mail. I will help you in resetting the root password. If you are able to reset the root password with this method, let the other know by sharing it through your favorite social network.