====== Root password recovery on console of CentOS7 ======

There are times you may need to reset the root password which is unknown to you.

This procedure will work fast on systems that have SELinux enabled and large volumes with lots of files which you definitely do not want to relabel as it is timeconsuming resulting in long down time.

  * Get on to the console, reboot the server and interupt the bootproces by pressing the up arrow button and you get a list of boot profiles not unlike:<code>
CentOS Linux (3.10.0-327.10.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-327.3.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-229.20.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-229.14.1.el7.x86_64) 7 (Core)
CentOS Linux, with Linux 0-rescue-7b58aaa412256786e56d7f23a19c4d5
</code>

  * From the list of boot profiles chose the latest, which is at the top, and pres ''e'' to edit the boot profile.

  * Find the line that starts with ''linux16''. In our case:<code>
linux16 /vmlinuz-3.10.1.0-327.10.1.el7.x86_64 root=/dev/mapper/centos-root 
ro rd.lvm.lv=centos/swap vconsole.font=tatarcyrheb-sun16 rd.lvm.lv=centos/root
craskkernel=auto  vconsole.keymap=us rhgb quiet LANG=en_US.utf8
</code>

  * Replace ''ro'' with ''rw'' and add to the end of that line: ''rd.break enforce=0''<code>
linux16 /vmlinuz-3.10.1.0-327.10.1.el7.x86_64 root=/dev/mapper/centos-root 
rw rd.lvm.lv=centos/swap vconsole.font=tatarcyrheb-sun16 rd.lvm.lv=centos/root
craskkernel=auto  vconsole.keymap=us rhgb quiet LANG=en_US.utf8 rd.break enforce=0
</code>
  * Now press ''Ctrl x''

<note tip> you could remove ''rhgb quiet'' to get more info on the boot proces in case of trouble.</note>
 

The system boots and presents you with a prompt: ''switch_root:/# _''. We need to chroot to the filesystem on which the ''/etc/shadow'' file is present. 

  * Do so by: ''chroot /sysroot'' your prompt changes to ''sh-4.2# _''

  * Change the root password ''passwd root'' and enter your new password.

Now we need to continue the boot proces.

  * Do so by exiting the chroot shell ''exit'' and then the rescue shell ''exit''.

The boot process continues and you are presented by the regular login prompt.\\
However, we forced the system to boot in SELinux permissive mode because we needed to alter the shadow password file. We need to correct this:

  * Log in (with your new password)

  * Restore the SELinux context of the shadow password file: ''restorecon /etc/shadow''

  * Set SELinux to enforcing again : ''setenforce 1''

Done.