As a sysadmin, you’ll occasionally work on a system or inherit one with a root password that’s a mystery. Of course these situations always seem to occur at the worst possible moment, when you need immediate access.
Thankfully, recovering a root password is not a complicated task. It can be accomplished in a few steps by accessing the kernel parameters from the GRUB bootloader.
In this guide, we’ll demonstrate how to change or reset a forgotten root password in RHEL 9.
To successfully reset or change a forgotten root password in RHEL 9, you need physical access to the RHEL 9 system using a monitor and keyboard. This will help you to view and interact with the GRUB bootloader.
Step 1: Edit the Kernel Parameters
The first step is to boot into RHEL 9. Once the GRUB menu comes into view, press ‘e’ on the first boot entry to interrupt the boot process.
Then you will be granted access to the kernel boot parameters. From here, you need to access “rescue mode.”
To achieve this, locate the line that starts with “
linux” and navigate to the end. Next, include a space and append the following directive:
This directive is used for system maintenance and allows a user to recover the system from corrupted initialization files or change a root password.
rw option mounts the root filesystem in “read-and-write” mode so that you can make the necessary changes to repair the system or reset a password.
Ctrl + x to enter rescue mode.
Step 2: Reset the Root Password
Once you have accessed rescue mode, change the root password by running the command:
You will be prompted to provide the root password twice. So, provide your preferred new root password and confirm it.
Next, be sure to enable the SELinux relabeling process on the next system boot. Be careful and ensure you type the following command correctly:
# touch /.autorelabel
Finally, reboot your system using either of the following commands (note, the shutdown command will capture a log of the action taken here):
# /sbin/reboot -f
# shutdown -r now ‘reset root password’
The system will restart and the SELinux autorelabeling process will commence as shown in the image below. This will take some time.
Once the autorelabeling process is complete, the system will reboot once more, and this time around, let it boot uninterrupted.
On the login prompt, provide your new root password in order to login. You can confirm that you are logged in as the root user as shown.
We have demonstrated how you can reset a forgotten root password on RHEL 9 using simple steps.
As a precaution, you should always secure and limit physical access to your Linux system in order to prevent unauthorized users from changing the root password. Alternatively, you can encrypt your drive to add an additional layer of protection.