LFCS – How to Recover ROOT Password

Jarret B

Active Member
Staff member
There are many reasons why a Root password may be lost or forgotten. In business settings it may be as simple as the administrator no longer works for the company.

The LFCS exam deals with the CentOS 7 Operating System but I will also cover changing the Root password on an 18.04 Ubuntu System as well.

NOTE: Keep in mind that the LFCS material is also good for the Red Hat Certified Systems Administrator (RHCSA) exam. The RHCSA is nearly the same as the LFCS if you choose Red Hat as your OS of choice. For the LFCS exam you can choose Ubuntu instead.

CentOS 7

Let’s look at recovering the Root password for a CentOS 7 machine.

Once the GRUB Boot Menu is displayed then highlight the OS you want to load. The default choice is usually the best choice. Once highlighted press the letter ‘e’ on the keyboard to edit the entry.

NOTE: If the GRUB Boot Menu is not displayed then you need to hold down the ‘SHIFT’ key during boot so the menu does appear.

When editing the GRUB Menu Entry you will see quite a few lines of code. Arrow down to the line which starts with ‘linux’.

At the end of the line you need to remove ‘quiet’ and ‘rghb’ if they exist. Replace these with ‘rd.break’ and ‘enforcing=0’.

Once these changes have been made you can press ‘CTRL+X’ to start the Menu Entry with the changes you made.

NOTE: The changes are not permanent and only affect the current session. The ‘rd.break’ parameter causes the system to stop loading before the system is mounted. The parameter ‘enforcing=0’ will disable Security Enhanced Linux (SELinux) which is the security settings enabled by default.

The system will start to load as normal but you will be left at a ‘switch_root’ prompt.

You can now enter in commands as from a Terminal. Enter the following commands:

Code:
mount -o remount,rw /sysroot
chroot /sysroot
These commands will mount the root system with read/write ability. To change the password of the Root user you only need to enter the following:

Code:
passwd
You should be prompted to enter the new password and then to enter it again to verify it.

A message should appear that ‘All authentication tokens updated successfully’. If this message does not appear then retry the above commands. There may be a need to reboot and try all over if you keep having issues.

If successful then you can type ‘exit’ to leave chroot. Now you need to remount the system as it was before you started, so perform the following:

Code:
mount -o remount,ro /sysroot
exit
The system will now boot almost normally. Be sure you logon as the Root user or a user with root (wheel) privileges. If you do logon as Root then use the new password you just used when resetting it. You should now be at a regular run-level and you have two more commands to execute to complete the password reset in a Terminal:

Code:
restorecon /etc/shadow
setenforce 1
NOTE: You may get a SeLinux system error after you logon to the system but it will be taken care of with the ‘setenforce 1’ command. Be sure that if you do not logon as Root that use ‘sudo’ when executing the last two commands.

The first line restores the context of the password file ‘/etc/shadow’ while the second will enable the SELinux setting (which was disabled in GRUB).

NOTE: The process of changing the password will work on Fedora as well.

UBUNTU

These instructions are for changing the password on a Ubuntu 18.04 system. Some versions are different than others but these are the basics.

Start the system and wait until the GRUB Boot Menu appears. Press ‘e’ on the default entry.

NOTE: if the GRUB Boot Menu does not appear then you need to hold down the ‘SHIFT’ key while the system boots to force the menu to be displayed.

A line towards the end of the commands will start with ‘linux’. At the end of the line should be ‘ro quiet splash $vt_handoff’. These parameters should be removed and replaced with ‘rw init=/bin/bash’.

Once the parameters are replaced you can press ‘CTRL+X’ to boot with the edits.

NOTE: The changes you made are not permanent. The edits are only for the current session.

The system should boot and leave you at a prompt.

The following command can be run to make sure your storage is mounted for read/write privileges:

Code:
mount -o remount,rw /
You can enter the following command to change the Root password:

Code:
passwd root
NOTE: You can at this point change the password for any account by changing ‘root’ with the username. To get a listing of usernames use the command ‘ls /home’.

Once the new password has been entered and verified you should receive the message containing ‘passwd: password updated successfully’.

All you need to do now is to reboot the system with the command ‘exec /sbin/init’.

NOTE: Do not type ‘exit’ as was done with CentOS. It most likely will lock up the system. The Ubuntu procedure for changing a password should work on any Ubuntu based Linux system.

The password should now be changed now for the Root user on your Ubuntu system.
 


blackneos940

Active Member
There are many reasons why a Root password may be lost or forgotten. In business settings it may be as simple as the administrator no longer works for the company.

The LFCS exam deals with the CentOS 7 Operating System but I will also cover changing the Root password on an 18.04 Ubuntu System as well.

NOTE: Keep in mind that the LFCS material is also good for the Red Hat Certified Systems Administrator (RHCSA) exam. The RHCSA is nearly the same as the LFCS if you choose Red Hat as your OS of choice. For the LFCS exam you can choose Ubuntu instead.

CentOS 7

Let’s look at recovering the Root password for a CentOS 7 machine.

Once the GRUB Boot Menu is displayed then highlight the OS you want to load. The default choice is usually the best choice. Once highlighted press the letter ‘e’ on the keyboard to edit the entry.

NOTE: If the GRUB Boot Menu is not displayed then you need to hold down the ‘SHIFT’ key during boot so the menu does appear.

When editing the GRUB Menu Entry you will see quite a few lines of code. Arrow down to the line which starts with ‘linux’.

At the end of the line you need to remove ‘quiet’ and ‘rghb’ if they exist. Replace these with ‘rd.break’ and ‘enforcing=0’.

Once these changes have been made you can press ‘CTRL+X’ to start the Menu Entry with the changes you made.

NOTE: The changes are not permanent and only affect the current session. The ‘rd.break’ parameter causes the system to stop loading before the system is mounted. The parameter ‘enforcing=0’ will disable Security Enhanced Linux (SELinux) which is the security settings enabled by default.

The system will start to load as normal but you will be left at a ‘switch_root’ prompt.

You can now enter in commands as from a Terminal. Enter the following commands:

Code:
mount -o remount,rw /sysroot
chroot /sysroot
These commands will mount the root system with read/write ability. To change the password of the Root user you only need to enter the following:

Code:
passwd
You should be prompted to enter the new password and then to enter it again to verify it.

A message should appear that ‘All authentication tokens updated successfully’. If this message does not appear then retry the above commands. There may be a need to reboot and try all over if you keep having issues.

If successful then you can type ‘exit’ to leave chroot. Now you need to remount the system as it was before you started, so perform the following:

Code:
mount -o remount,ro /sysroot
exit
The system will now boot almost normally. Be sure you logon as the Root user or a user with root (wheel) privileges. If you do logon as Root then use the new password you just used when resetting it. You should now be at a regular run-level and you have two more commands to execute to complete the password reset in a Terminal:

Code:
restorecon /etc/shadow
setenforce 1
NOTE: You may get a SeLinux system error after you logon to the system but it will be taken care of with the ‘setenforce 1’ command. Be sure that if you do not logon as Root that use ‘sudo’ when executing the last two commands.

The first line restores the context of the password file ‘/etc/shadow’ while the second will enable the SELinux setting (which was disabled in GRUB).

NOTE: The process of changing the password will work on Fedora as well.

UBUNTU

These instructions are for changing the password on a Ubuntu 18.04 system. Some versions are different than others but these are the basics.

Start the system and wait until the GRUB Boot Menu appears. Press ‘e’ on the default entry.

NOTE: if the GRUB Boot Menu does not appear then you need to hold down the ‘SHIFT’ key while the system boots to force the menu to be displayed.

A line towards the end of the commands will start with ‘linux’. At the end of the line should be ‘ro quiet splash $vt_handoff’. These parameters should be removed and replaced with ‘rw init=/bin/bash’.

Once the parameters are replaced you can press ‘CTRL+X’ to boot with the edits.

NOTE: The changes you made are not permanent. The edits are only for the current session.

The system should boot and leave you at a prompt.

The following command can be run to make sure your storage is mounted for read/write privileges:

Code:
mount -o remount,rw /
You can enter the following command to change the Root password:

Code:
passwd root
NOTE: You can at this point change the password for any account by changing ‘root’ with the username. To get a listing of usernames use the command ‘ls /home’.

Once the new password has been entered and verified you should receive the message containing ‘passwd: password updated successfully’.

All you need to do now is to reboot the system with the command ‘exec /sbin/init’.

NOTE: Do not type ‘exit’ as was done with CentOS. It most likely will lock up the system. The Ubuntu procedure for changing a password should work on any Ubuntu based Linux system.

The password should now be changed now for the Root user on your Ubuntu system.
This is neat. :) Thanks for sharing! :3 It gave me some confidence in myself to find out that I knew a part of this information. :3
 

ccady

New Member
I'm being annoyingly pedantic, but... This is a post about recovering root access, not root password.
 

atanere

Well-Known Member
I'm being annoyingly pedantic, but...
Hi @ccady, and welcome! I think I can play the pedantic game! :D Merriam-Webster gives one definition of recover as, "to bring back to normal position or condition." This definition does not demand that the recovery must bring back the same preexisting position or condition, but just the normal position or condition. So, as I see it, the recovery may include bringing back to normal a known and usable password for root, versus the existing one that is unknown and unusable in @Jarret B' example. Yes? :D

Cheers
 

wizardfromoz

Super Moderator
Staff member
Gold Supporter
Just Wizard being a little pedantic

NOTE: If the GRUB Boot Menu is not displayed then you need to hold down the ‘SHIFT’ key during boot so the menu does appear.
... is OK for BIOS computers, for UEFI-based computers, use the ESC key.

Cheers

Wiz
 

Members online


Top