Reset a lost root password in under 5 minutes

Here's how to quickly and easily reset a root password on Fedora, CentOS, and similar Linux distros.
377 readers like this
377 readers like this
Lock

JanBaby, via Pixabay CC0.

A system administrator can easily reset passwords for users who have forgotten theirs. But what happens if the system administrator forgets the root password, or leaves the company? This guide will show you how to reset a lost or forgotten root password on a Red Hat-compatible system, including Fedora and CentOS, in less than 5 minutes.

Please note, if the entire system hard disk has been encrypted with LUKS, you would need to provide the LUKS password when prompted. Also, this procedure is applicable to systems running systemd which has been the default init system since Fedora 15, CentOS 7.14.04, and Red Hat Enterprise Linux 7.0.

First, you need to interrupt the boot process, so you'll need to turn the system on or restart it if it’s already powered on. The first step is tricky because the GRUB menu tends to flash very quickly on the screen. You may need to try this a few times until you are able to do it.

Press e on your keyboard when you see this screen:

Grub menu

If you've done this correctly, you should see a screen similar to this one:

Grub screen 1

Use your arrow keys to move to the Linux16 line:

Grub screen 2

Using your del key or your backspace key, remove rhgb quiet and replace with the following:

rd.break enforcing=0

Grub screen 3

Setting enforcing=0 will allow you to avoid performing a complete system SELinux relabeling. Once the system is rebooted, you'll only have to restore the correct SELinux context for the /etc/shadow file. I'll show you how to do this too.

Press Ctrl-x to start.

The system will now be in emergency mode.

Remount the hard drive with read-write access:

# mount –o remount,rw /sysroot

Run chroot to access the system:

# chroot /sysroot

You can now change the root password:

# passwd

Type the new root password twice when prompted. If you are successful, you should see a message that reads "all authentication tokens updated successfully."

Type exit twice to reboot the system.

Log in as root and restore the SELinux label to the /etc/shadow file.

# restorecon -v /etc/shadow

Turn SELinux back to enforcing mode:

# setenforce 1

 

Curt Warfield is a Senior Technical Support Engineer in Raleigh, NC.

4 Comments

Thank you SO MUCH for this!....I have a CEntOS 7 server at home and I forgot the password for root about a MONTH ago!.....Now I know better than to make the password something even I CAN'T REMEMBER!...LoL! Ever Onward!...

You're welcome Edward. I'm glad I was able to help

I build several dozen units each year, for charity, for neighbors, for friends, and for strangers who want to switch to what Microsoft really runs! In fact, because Windows is useless for it, Ubuntu is the Cloud!

Curt, this is very helpful, though we already knew it. But, thank you for publishing it!

As sponsor of the free Linux Fest, monthly since 2002, in Winter Park, Florida, on the first Saturday from 9AM to 5PM, at Winter Park Christian Church, on Lakemont Avenue, this will be a handout.

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.