Prerequisites
You need to have console access to the node via a hypervisor if it’s a VM or physical access if it’s bare metal.
Step 1: Reboot the node
We need to access the grub bootloader so we need to reboot or stop/start the node and open the node console to interact with it.
Step 2: Edit grub bootloader
When you see kernel options like the screenshot below, press E on the selected kernel to edit the grub bootloader script.
This prompt is timed so If you miss it, you will need to reboot again. You can hit up or down arrow keys to stop the timer so you don’t have to worry about missing the prompt.
Find the kernel line starting with linux16 for CentOS 7 or linux on CentOS 8.
Change ro (readonly) to rw (read/write) and add init=/sysroot/bin/sh after it. See the highlighted text in the screenshot below and compare it with the screenshot above.
After you made the changes press CTRL + X to boot in single user mode
Step 3: Change root dir to /sysroot
After the server is booted, run chroot to change apparent root dir to /sysroot and make it the path for executing commands
chroot /sysrootStep 4: Change the root user password
Run passwd:
passwdIt will prompt you for the new password, enter a new password for the root user.
Step 5: Relabel the filesystem for SELinux
touch /.autorelabelThis will tell SELinux that the filesystem has changed so that SELinux load the new changes on the next reboot
Step 6: Exit the chroot environment
exitStep 7: Reboot
rebootYou should be able to login with the new root password after the system boots.
Conclusion
We can easily recover the root password for CentOS 7 / RHEL 7 and CentOS 8 / RHEL 8. All we need to have is console access to the node. In this tutorial we covered how to reset the root password for CentOS / RHEL nodes.
