You need to have console access to the node via a hypervisor if it’s a VM or physical access if it’s bare metal.
Step 1: Reboot the node
We need to access the grub bootloader so we need to reboot or stop/start the node and open the node console to interact with it.
Step 2: Edit grub bootloader
When you see kernel options like the screenshot below, press E on the selected kernel to edit the grub bootloader script.
This prompt is timed so If you miss it, you will need to reboot again. You can hit up or down arrow keys to stop the timer so you don’t have to worry about missing the prompt.
Find the kernel line starting with linux16 for CentOS 7 or linux on CentOS 8.
ro (readonly) to
rw (read/write) and add
init=/sysroot/bin/sh after it. See the highlighted text in the screenshot below and compare it with the screenshot above.
After you made the changes press
CTRL + X to boot in single user mode
Step 3: Change root dir to /sysroot
After the server is booted, run chroot to change apparent root dir to /sysroot and make it the path for executing commands
Step 4: Change the root user password
It will prompt you for the new password, enter a new password for the root user.
Step 5: Relabel the filesystem for SELinux
This will tell SELinux that the filesystem has changed so that SELinux load the new changes on the next reboot
Step 6: Exit the chroot environment
Step 7: Reboot
You should be able to login with the new root password after the system boots.
We can easily recover the root password for CentOS 7 / RHEL 7 and CentOS 8 / RHEL 8. All we need to have is console access to the node. In this tutorial we covered how to reset the root password for CentOS / RHEL nodes.