there are times you may need to reset the root password which is unknown to you.

This procedure will work fast on systems that have SELinux enabled and large volumes with lots of files which you definitely do not want to relabel as it is timeconsuming meaning long down time.

So, get on to the console, reboot the server and interupt the bootproces by pressing the up arrow button, and you get a list of boot profiles not unlike:

CentOS Linux (3.10.0-327.10.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-327.3.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-229.20.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-229.14.1.el7.x86_64) 7 (Core)
CentOS Linux, with Linux 0-rescue-7b58aaa412256786e56d7f23a19c4d5

from the list of boot profiles chose the last and pres e to edit the boot profile.

find the line that starts with linux16 /vmlinuz-3.10……

replace ro with rw and aad to the end of that line: rd.break enforce=0

now press Ctrl x

the system boots and presents you with a prompt: switch_root:/# _

We need to chroot to the filesystem on which the /etc/shadow file is present, do so by: chroot /sysroot your prompt changes to sh-4.2# _

Change the root password passwd root and enter your new password.

now we need to continue the boot proces, do so by exiting the chroot shell exit and then the rescue shell exit .

The boot process continues and you are presented by the regular login prompt.

However, we forced the system to boot in SELinux permissive mode because we altered the shadow password file, we need to correct this.

• first restore the SELinux context of the shadow password file: restorecon /etc/shadow
• second set SELinux to enforcing again : setenforce 1