If you have forgotten what your CentOS/RHEL system's root password is, then you need to reset your machine's root password. Resetting the root password requires rebooting your CentOS 7 machine, and then edit the GRUB parameters during boot time.
During machine boot, you might think that you would need to edit the grub parameters just so to enter the rescue/emergency targets. However that approach doesn't work because you still need to enter the root password as part of entering the rescue/emergency targets.
That's why we take a different approach to reset the root password. When you machine is booting up:
- Press down then up arrow keys as soon as the kernel selection menu appears. This will pause the boot process
- press "e" in order to edit your grub parameter settings.
- Scroll down to the
linux16line, then press the "end" key to reach the end of that line.
rd.breakat the end of the "linux16" line.
The rd.break setting instructs the boot process to stop at a specific point during the initramfs process. This is a point where just the main core filesystem has been mounted, but none of the other filesystems have been mounted.
Tip: also good idea to remove the "rhgb quiet" flags from the grub parameter list so that you can monitor what is happening.
Then do "ctrl+x" (as prompted on the screen), to resume the boot process with the modified grub parameter input.
After that you'll see:
At this stage, we've managed to access a terminal before the system fully booted up. Also at this very early stage of the boot process we have the following situation:
- The root directory isn't '/' as you would normally expect, instead it's '/sysroot'
- The '/sysroot' directory is sitting on a filesystem that is readonly
So first we need to make the root filesystem writable:
switch_root:/# mount -o remount,rw /sysroot
Next we need to tell our system to treat '/sysroot' as our root directory:
switch_root:/# chroot /sysroot
This has the affect of changing the command prompt to:
Now we can set the new password by running the following command:
sh-4.2# echo NewPassword | passwd --stdin root
Here my new root password will become "NewPassword"
Note: rather than running the above command. You can instead use the passwd command in the normal way.
These commands we've ran so far may have made changes to the machine (e.g. created/deleted files behind the scenes) without SELinux knowing about them, so we need tell SELinux to do a restorecon of the entire machine during the next boot, we do this by creating the following file:
sh-4.2# touch /.autorelabel
Now we exit out of chroot:
You should now see something like this:
Then exit again:
This will end up rebooting the system. The reboot may take about 2 minutes, which is normal. That is why you should remove the "rhgb quiet" as suggested so that you can monitor the boot process. Now the machine should reboot and you should then be able to login using your root user's new password.
Wait until the grub menu appears and then hit either up/down arrow, in order to disable the timeout.
Scroll down to the line begining with "linux16"
Hit the "end" key
optional: delete the "rhgb quiet" in order to enable the verbose mode.
then press "ctrl+x"
$ mount -o remount,rw /sysroot
$ chroot /sysroot
$ echo NewPassword | passwd --stdin root
$ touch /.autorelabel
# run exit twice
Wait for about 2 minutes
The machine will have restarted, now you can try logging in as root with the new password.