How To Reset A Forgotten Password in CentOS

Sometimes we tend to forget the root password to our system. This is something that most of us cannot afford to lose as these systems are running critical applications or storing sensitive data. Luckily for those who have this problem and are running RHEL/CentOS can reset any forgotten password with ease.

In order to do this, you will need to boot into CentOS and pause the countdown timer at the kernel selection screen.

At this point, select your primary kernel and press the E key.

You will then be taken to the boot configuration editor. From there, you can scroll down until you find the part beginning with “linux16”.

At the end, type in rd.break. In the end, it should look like this:

When you’re done, go ahead and press CTRL+X to start the boot process with the new changes. You will then boot into emergency mode.

Here, we are going to run the following commands:

mount -o remount,rw /sysroot

This command allows us to mount the root filesystem for CentOS, we need this to change our password later on. Next we are going to chroot our filesystem:

chroot /sysroot

We won’t be able to change our root password without chroot. This is because there is no other way to do so without root access. Now we are ready to reset our password:

passwd root

Enter the desired password. Once finished, we will need to run the touch command and create the autorelabel file in our root directory(unless you changed directories since starting, you should already be there.):

touch /.autorelabel

This is especially important, because upon boot SELinux will restore all file context within the system that may have been affected.

Hit CTRL+D, and CTRL+D again to exit the shell and emergency mode. The boot process will continue as normal. Login and make sure to run the following if you are using SELinux:

setenforce 1

You are now able to get back into your system without any trouble. If you are having problems logging in then SELinux is keeping you from doing so. You will need to restart and repeat the steps above, but append the following at the end of linux16: “rd.break enforcing=0”. You will then need to run:

touch /.autorelabel && touch /etc/shadow

Proceed to boot and you should be all set!