Locked Out of Your RHEL 9 System? Here's How to Reset Your Root Password and Regain Access in Minutes

Locked Out of Your RHEL 9 System? Here's How to Reset Your Root Password and Regain Access in Minutes

The root password is an essential aspect of any Linux system. It provides administrative privileges to the user, allowing them to modify system files, install software, and perform other critical operations. As such, it is essential to keep the root password secure and to remember it at all times. However, in some cases, users may forget their root password, or the password may be changed without their knowledge, leading to a locked-out system.

Fortunately, RHEL 9 provides a method for resetting the root password, even if you do not have the original password.

In this, we will be looking at the procedure to reset the password for the root user in a hands-on manner, with all the illustrations and explanations for the same. We will also look at how it differs from RHEL 8.

We'll cover the following

● Preface

● How to reset it?

● The procedure

● Explanation

● Conclusion

Preface

Let's take a look at an overview of the most important phases that are taking place in the Boot Procedure right now. That brings us to firmware, the first step in the process. The software that runs on your computer is called firmware. Additionally, the firmware will be the source from which the boot device is allotted. The hardware that allows your computer to start up is called the hard drive. And on the device that boots, you will find something called a boot sector, and then immediately after that, you will find the GRUB program, which is the most essential component. The bootloader that is being used is called GRUB. Additionally, the GRUB boot loader is responsible for loading the Linux kernel into memory. In addition, the Linux kernel is always accompanied by a companion program known as the initramfs or the initrd. Both of these terms may be found in the terminology; as they refer to the same thing, you can choose whichever one you like. It is at this point that everything will begin to take place, and here is where systemd will come into play. Everything is managed by Systemd. Nothing else matters. You will also discover an early stage in systemd; for the sake of simplicity, we will refer to this step as the early stage. After the early stage, you will arrive at your services. And after these services have been loaded, or even better, while they are being loaded, a shell will be dropped, and you will be able to log in to that shell once it has been dropped. Why is it necessary for you to be aware of this information in order to do problem-solving tasks?

How to reset it?

This comes in handy in the event that you need to access a server for which you do not know the root password. I am going to walk you through the process now.

The procedure

So how exactly does that function? So, let's go over the steps, shall we?

  1. Enter the Grub menu while booting

  2. Find the line that loads the Linux kernel and add init=/bin/bash to the end of the line

  3. mount -o remount,rw /

  4. passwd root

  5. touch /.autorelabel

  6. exec /usr/lib/systemd/systemd

Explanation

You will need to visit the Grub boot menu while the operating system is booting up in order to troubleshoot the forgotten root password.

Now that we've reached this point, let's have a look at the Grub boot menu. Simply pressing the letter “e” will bring about the desired modification.

After that, scroll down until you reach the end of the line, where it says Linux. This line is spread over three lines, and you need to be right here, just after the "lv=rhel/swap" part of the line. Next, you will enter "init=/bin/bash" which will really ensure that you start with bash as the init process rather than systemd. This will be done by preventing systemd from running when the command is executed.

Please take note that there has been a modification to the method. If you were using REHL 8, you would use rd.break at the end of the line, but doing so will prompt you for the root password. Therefore, there is no use in doing it. init=/bin/bash is the command that you should be using. That will provide access to the system, despite the fact that the root file system is read-only.

Then press the Control key and the X key simultaneously, to begin with this particular choice; you will then be placed in an empty shell.

The result of it, as you can see, is that you are dropped into a root shell. Let's see whether you're able to put pen to paper now. I can already tell you that you won't be able to do it. This is due to the fact that the root filesystem is only accessible in read-only mode during this very early stage of the booting process. That being the case, we need to ensure that it can be read and written.

We can make that read-writeable by using the command,

  # mount -o remount, rw /

Now to reset the root password you can just use the command,

  # passwd root

Ignore any messages that say there was a problem with the fields or the dictionary check. What you do need to see is that all authentication tokens are updated successfully.

The next thing that we have to do is make sure that SELinux is working properly. This is a very crucial step to perform since it will ensure that SELinux is aware of all that you have accomplished up to this point. As a result of SELinux, the next thing that you do is execute the touch command in order to produce an empty file with the name autorelabel. This is going to ensure that all of the security labels in SELinux are going to be successfully restored.

# touch /.autorelabel

After that, you will need to make use of the exec command, "exec /usr/lib/systemd/systemd". It is clear that numerous processes associated with systemd are already running, and the file /usr/lib/systemd/systemd is the one you require. And in case you are wondering, can't I just exit? Well, the thing is no. This is the only method to get you into a running system because, if you leave from /bin/bash, your system will crash since it doesn't grasp that it doesn't have an interface anymore. Because of this, exiting from /bin/bash is the only way to get into a running system. The systemd process is going to take the place of the one that is now running as a result of this change.

To proceed with the standard boot routine, you need to start the systemd service. Normally, whenever you write something into the shell, it will split off into its own process. This indicates that the new process will begin its life as a child process of the environment in which it is currently running. However, systemd has made it clear that it does not wish to be anyone's kid in any way. Systemd has to act as the parent process for all of the other processes. Because of this, systemd must be started in a rather unconventional manner by using the exec command: exec. " # exec/usr/lib/systemd/systemd". This will cause your currently running process to be discarded, and systemd will be installed in its stead in order to ensure that the boot sequence may proceed correctly.

Right now, the program selinux-autorelabel should be visible in the exact centre of the screen. That constitutes a significant portion. Now, selinux-autolabel is going to require a little bit of time. It shouldn't take more than a couple of minutes to finish up.

If the process is taking too long, you may just restart your virtual machine. Let's give it some time. As you can see, nothing went wrong, and everything turned out nicely. Well, did it? The system is now starting up, and although it may take a minute or two before it is fully operational again, a login prompt will be on the screen in a very short amount of time.

Just now, we have successfully changed the root password. It goes without saying that we still need to conduct tests. The non-root user is unaffected by the root password in any way. Additionally, the non-root user has sudo rights because they are a user with administrative access. Because "su -" prompts the user for the root password, we will not be using sudo this time in order to test; rather, we will be using su. This is due to the fact that sudo prompts for the password. In addition to that, I have access at the root level.

So mission accomplished. This is how we can change the root password.

Conclusion

In conclusion, forgetting or losing the root password in RHEL 9 can be a frustrating experience, but it doesn't have to be a catastrophic one. By following the steps outlined in this article, you can reset your forgotten root password and regain access to your system in just a few minutes. Remember to keep your root password secure and choose a strong and unique password to prevent any future access issues. With this comprehensive guide at your disposal, you can be certain that you'll be able to master RHEL 9 root password reset and maintain the security of your system.

Did you find this article valuable?

Support Gursimar Singh by becoming a sponsor. Any amount is appreciated!