Gebruikershulpmiddelen

Site-hulpmiddelen

Spoor: openvpn_server spacewalk_channels clone_de_minimale_centos7_template ssh_tunnel apache 3_node_glusterfs_centos7_cluster recover_root_password
werkinstructies:recover_root_password

Root password recovery on console of CentOS7

There are times you may need to reset the root password which is unknown to you.

This procedure will work fast on systems that have SELinux enabled and large volumes with lots of files which you definitely do not want to relabel as it is timeconsuming resulting in long down time.

  • Get on to the console, reboot the server and interupt the bootproces by pressing the up arrow button and you get a list of boot profiles not unlike:
    CentOS Linux (3.10.0-327.10.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-327.3.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-229.20.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-229.14.1.el7.x86_64) 7 (Core)
CentOS Linux, with Linux 0-rescue-7b58aaa412256786e56d7f23a19c4d5
  • From the list of boot profiles chose the latest, which is at the top, and pres e to edit the boot profile.
  • Find the line that starts with linux16. In our case:
    linux16 /vmlinuz-3.10.1.0-327.10.1.el7.x86_64 root=/dev/mapper/centos-root 
ro rd.lvm.lv=centos/swap vconsole.font=tatarcyrheb-sun16 rd.lvm.lv=centos/root
craskkernel=auto  vconsole.keymap=us rhgb quiet LANG=en_US.utf8
  • Replace ro with rw and add to the end of that line: rd.break enforce=0
    linux16 /vmlinuz-3.10.1.0-327.10.1.el7.x86_64 root=/dev/mapper/centos-root 
rw rd.lvm.lv=centos/swap vconsole.font=tatarcyrheb-sun16 rd.lvm.lv=centos/root
craskkernel=auto  vconsole.keymap=us rhgb quiet LANG=en_US.utf8 rd.break enforce=0
  • Now press Ctrl x
you could remove rhgb quiet to get more info on the boot proces in case of trouble.

The system boots and presents you with a prompt: switch_root:/# _. We need to chroot to the filesystem on which the /etc/shadow file is present.

  • Do so by: chroot /sysroot your prompt changes to sh-4.2# _
  • Change the root password passwd root and enter your new password.

Now we need to continue the boot proces.

  • Do so by exiting the chroot shell exit and then the rescue shell exit.

The boot process continues and you are presented by the regular login prompt.
However, we forced the system to boot in SELinux permissive mode because we needed to alter the shadow password file. We need to correct this:

  • Log in (with your new password)
  • Restore the SELinux context of the shadow password file: restorecon /etc/shadow
  • Set SELinux to enforcing again : setenforce 1

Done.

werkinstructies/recover_root_password.txt · Laatst gewijzigd: 2018/08/30 08:59 door abel

Paginahulpmiddelen

Tenzij anders vermeld valt de inhoud van deze wiki onder de volgende licentie: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki