cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
TudorRaduta
Community Manager
Community Manager
‎11-10-2025 05:57 AM
  • 528 Views

"Oh no..." moment: Let's reset the root password

Monday Challenge: You're Locked Out!

Welcome back, everyone! Let's kick off the week with a hands-on challenge that every sysadmin should know: how to recover access when you're completely locked out of a system.

This is part of our "Mission & Map" series, focusing on a critical admin skill: interrupting the boot process to regain control of a system.

It may feel like a “break-in,” but it’s actually a recovery essential for any Linux administrator.

The Mission

Learn the exact, step-by-step procedure to reset the root password on a system when locked out safely, without breaking SELinux. You’ll use GRUB, remount, and recovery techniques used in real-world sysadmin scenarios.

The Map:

This isn’t something you’ll find in a man page. The most reliable guide is the official Red Hat documentation — it’s exactly what you’d review before performing this in production.

Resource: RHEL 9 Docs: Changing and resetting the root password

Your Challenge:

Scenario: You arrive on-site to find that no one remembers the root password for a critical RHEL 9 system. You have physical access but no credentials. Your job: regain control safely. Post the commands and steps you’d take below!

  1. Step 1: When rebooting, what key do you press at the GRUB menu to edit the boot parameters?
  2. Step 2: While editing the linux line, what argument do you add to interrupt the boot process and get a root shell?
  3. Step 3: The system boots to a shell, but the root filesystem is read-only. What’s the first command to remount it as read-write?
  4. Step 4: What command do you run to access the system’s actual root directory (not the temporary one)?
  5. Step 5: Now that you’re in, what command changes the root password?
  6. Step 6: The critical one! What full command must you run before rebooting so SELinux relabels the /etc/shadow file correctly?
  • Bonus Question: What happens if you forget Step 6? Why won’t the system boot properly afterward?

Let’s see your recovery steps! The best answers will help others master one of th essential Linux admin skills!

Labels (1)
Labels
Join the discussion
3 Replies
BhawyyaMittal
Flight Engineer Flight Engineer
Flight Engineer
Tuesday
  • 91 Views

  • At the GRUB screen, press e to edit the boot entry.
  • On the linux line, append rd.break and continue to boot.
  • Remount the root filesystem as read-write using mount -o remount,rw /sysroot.
  • Access the actual system root with chroot /sysroot.
  • Reset the password by running passwd command.
  • Create the SELinux relabel flag with touch /.autorelabel and then reboot.

    Bonus : If the relabel step is missed, the system will boot, but login will fail due to incorrect SELinux context.
0 Kudos
Sunnykumar1
Mission Specialist
Mission Specialist
yesterday
  • 61 Views

  1. At the GRUB (bootloader) menu, we press "e" to edit the boot parameters of the highlighted boot entry.
  2. We add "rd.break" to stop at initramfs and allow maintenance tasks (e.g. root password reset) before full system init.
  3. mount -o remount,rw /sysroot
  4. chroot /sysroot
  5. passwd root
  6. touch /.autorelabel

    Bonus : We may not be able to log in as root (or other users), because SELinux will deny access to incorrectly labeled files.

    @TudorRaduta 

 

Architect_005
Mission Specialist
Mission Specialist
yesterday
  • 42 Views

Hi
To unlock yourself.

Step 1: When rebooting, what key do you press at the GRUB menu to edit the boot parameters?
e - This lets you edit the boot parameters.
Step 2: While editing the linux line, what argument do you add to interrupt the boot process and get a root shell?
- On the line starting with linux (or linux16), append:
rd.break
Step 3: The system boots to a shell, but the root filesystem is read-only. What’s the first command to remount it as read-write?
mount -o remount,rw /sysroot
Step 4: What command do you run to access the system’s actual root directory (not the temporary one)?
chroot /sysroot
Step 5: Now that you’re in, what command changes the root password?
passwd root
Step 6: The critical one! What full command must you run before rebooting so SELinux relabels the /etc/shadow file correctly?
touch /.autorelabel

Bonus Question: What happens if you forget Step 6? Why won’t the system boot properly afterward?
- SELinux contexts on /etc/shadow won’t be updated.
- As a result the system may deny logins or fail to boot cleanly because the password file has the wrong security labels.
- You would be stuck in a loop of authentication failures until you boot back into rescue mode and fix the SELinux labels

0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright @ 2025 Red Hat Privacy statement Terms of service Community Guidelines