Legend has it that from time to time we forget our root passwords. The worst part about this is that we don’t know how to get back into the system. I have a solution that requires you to restart your server. If in any case you need to keep the server, this isn’t the tutorial for you.
- The Grub Menu
- Interacting with GRUB to get into single user mode.
- Identify the permissions for /sysroot and remount with proper rights.
- Change root directory to /sysroot using chroot.
- Change password.
- Set the system to multi-user mode.
- Identify SELinux security context and restore it back default.
When a system starts up, its initial step is loading up the boot loader. The boot loader is responsible for loading and transmitting control to the operating system kernel software. The kernel then fills the rest of the operating system. Grub is a powerful boot loader that can load a wide variety of operating system and the most used.
Let's interact with grub to get into single user mode by pressing e. Once we are inside the GRUB configuration file, we need to edit the linux16 line and add `rd.break enforcing=0`. rd.break will break the regular boot process while "enforcing=0" will disable SELinux for the time being. Now press ctrl + x to run this configuration.
Let's identify the permissions for /sysroot to see if we can write to the filesystem. Run `mount` to know if we have the right permissions to edit the filesystem. If you look at the last line before the prompt you can see it has ro for Read-only.
Being it doesn't have the permissions to write to the filesystem; let's remount the /sysroot directory to fix the write: run `mount -o remount,rw /sysroot`.
Let's first check the permission for /sysroot, `mount`. We are now going to change the apparent root directory to /sysroot to enable the environment to work when we use `passwd root`. We are going to change it using, `chroot /sysroot`.
We can now substitute the old password with a new one: passwd root. Next, set the system back to normal by just exiting twice; the first is to remove the jailed environment and the second is to get into normal mode. `exit, exit`
Login using the newly added password.
The most essential key to this process is restoring the SELinux security content of /etc/shadow. Without this step, everything we have just done would become worthless after the system restarts. Let's recognize how this looks: ls -ldZ /etc/shadow. Restore the SELinux security content to its defaults :restorecon /etc/shadow. Now we can see the changes: `ls -ldZ`.
Finally, restart your system and check to see if your new password is working. </li>
QOTD : “If something is important enough you should try, even if the outcome is failure” - Elon Musk