Reset forgotten Red Hat Enterprise Linux (RHEL) 8 root password

5 min readAug 9, 2022

DISCLAIMER
This site in any way does not promotes or supports hacking / cracking. The content on this site is strictly for informational and educational purposes only. Neither medium.com nor the author will be held responsible for any illegal / unethical use of this information.

So, you’re probably here because you lost your root password and now you can’t enjoy your root privileges. Well no need to freak out. Just sit back and chill while we go through few simplified steps to bring your superpowers back.

Step 1: Reboot OS & open GRUB Boot Loader

If you’ve already logged in via another user account then reboot your OS through the GUI or use the command below:

cmd$ reboot

When boot loader menu appears, quickly press ‘e’ on your keyboard.

This will take you to the screen as shown below;

Step 2: Modify boot sequence

Now, modify the boot sequence by adding keywords at the end of the second last line as shown below:

Add at the end of the second last line: rd.break enforcing=0

Explanation: ‘rd’ means ram disk and ‘rd.break’ will land us to the ram disk. And ‘enforcing=0’ will disable the SELinux. The changes made here by appending these keywords are temporary and won’t be effective in the next boot cycles.

After you’ve done editing press ‘Ctrl+x’. This would land you another screen with a shell labeled ‘switch_root:/#’, similar to as shown in the image below;

Step 3: Remount /sysroot with read & write privileges

We need to remount /sysroot with read & write privileges via the following command:

switch_root:/# mount -o remount,rw /sysroot

Explanation: The ‘/dev/mapper/rhel-root’ is initially mounted on ‘/sysroot’ and is then mounted on ‘/’ only after reading the fstab file. Since we’ve interrupted the boot process, so the fstab file has not yet run and the /dev/mapper/rhel-root is currently mounted on /sysroot. The problem is that it’s mounted with ‘ro’ (read-only) privileges. And to change the password we need ‘rw’ (read-write) privileges. So, we remount the /sysroot with rw privileges.

Step 4: Change apparent root directory to /sysroot

Now, we’ll changing the apparent root directory to /sysroot via the following command:

switch_root# chroot /sysroot/

Explanation: The apparent root directory is set to ‘/’ by default and since currently the ‘/dev/mapper/rhel-root’ is mounted on the ‘/sysroot’, we need to also change the apparent root directory to /sysroot.

It’ll land us to the shell labeled ‘sh-4.4#’.

Step 5: Reset root password

Now, we can reset the root password via the following command:

sh-4.4# passwd root

Provide the new root password and retype it to confirm as shown below;

Step 6: Exit & Login

Now, type ‘exit’ and hit ‘Enter’ to exit from the ‘sh-4.4#’ shell.

sh-4.4# exit

Again type ‘exit’ and hit ‘Enter’ to exit from the ‘switch_root:/#’ shell. Doing so will resume the boot sequence and take you to the GUI login screen.

switch_root:/# exit

Now, login with your non-root user account and then switch to root account via terminal with the newly set root password.

cmd$ su -

Note: It’s recommended to login with your non-root user account and then switch to root user from shell opened in a terminal. But in case you don’t have access to any non-root user then you may login as root user directly.

Step 7: Reset /etc/shadow file’s SELinux label

Lastly, we need to restore the SELinux label for the /etc/shadow file via the following command:

cmd# restorecon /etc/shadow

Explanation: The SELinux attaches labels to every process and file. As we know that the user passwords are stored in the /etc/shadow file. Now, when we changed the root password the /etc/shadow file was edited by the passwd command. This modification in the /etc/shadow file also led to change in the SELinux label associated with it. Remember, we’ve temporarily disabled the SELinux for this boot cycle. But on the next reboot, when the SELinux becomes active it’ll read the label associated with /etc/shadow and immediately know of the modification, thus locking us out of the system as a part of it’s defense mechanism. So, to avoid this we need to restore the default label value for /etc/shadow file.