1 00:00:00,000 --> 00:00:11,840 In this video, you'll learn how to reset a lost root user password. 2 00:00:11,840 --> 00:00:15,640 So on Red Hat, you do the following. 3 00:00:15,640 --> 00:00:20,959 Most startup states prompt for a password, and that is why you cannot use systemd unit 4 00:00:20,959 --> 00:00:26,180 is emergency.target or systemd unit is rescue.target. 5 00:00:26,180 --> 00:00:32,619 You can use two options, either you use init is bin bash or you use rd.break as a kernel 6 00:00:32,619 --> 00:00:35,700 boot argument from the grub prompt. 7 00:00:35,700 --> 00:00:40,299 Now is bin bash is more generic of these two, and that is why I'm going to show you init 8 00:00:40,299 --> 00:00:41,299 is bin bash. 9 00:00:41,299 --> 00:00:49,220 rd.break is interesting, but it will boot into your init ramfs, and it's Red Hat specific, 10 00:00:49,220 --> 00:00:53,020 and I rather teach you something that works on all distributions. 11 00:00:53,020 --> 00:00:58,020 After getting into your troubleshooting mode using init is bin bash, you have the root 12 00:00:58,020 --> 00:01:02,139 file system, but the root file system is in read-only state. 13 00:01:02,139 --> 00:01:06,820 So the next command is mount-o remount,rw on slash. 14 00:01:06,820 --> 00:01:10,139 That will make it read-writable, and from there, it's very easy. 15 00:01:10,139 --> 00:01:14,339 You can just reset the password using passwd. 16 00:01:14,339 --> 00:01:18,620 But there is one thing that you cannot forget about, and that is selinux. 17 00:01:18,620 --> 00:01:24,220 Red Hat is protected by using selinux, and in order to make sure that selinux is handled 18 00:01:24,220 --> 00:01:31,820 correctly, you use the command touch slash.auto-relabel to properly apply selinux context labels while 19 00:01:31,820 --> 00:01:32,820 you are rebooting. 20 00:01:32,820 --> 00:01:37,019 Otherwise, your system will be inaccessible. 21 00:01:37,019 --> 00:01:39,180 On Ubuntu, it's a little bit easier. 22 00:01:39,180 --> 00:01:45,339 You can even use systemd.unit is emergency.target, but alternatively, you can also use init is 23 00:01:45,339 --> 00:01:46,339 bin bash. 24 00:01:46,339 --> 00:01:47,339 It both works. 25 00:01:48,059 --> 00:01:54,660 Next, you need to remount the root file system in read-write mount using mount-o remount-rw 26 00:01:54,660 --> 00:02:01,660 slash, and then you simply use passwd to change the password, and you reboot, and that's all. 27 00:02:01,660 --> 00:02:05,620 Let me show you, and I'm going to show you on Red Hat for the simple reason that this 28 00:02:05,620 --> 00:02:08,899 is the more complex situation. 29 00:02:08,899 --> 00:02:12,740 So here I'm back on my CentOS machine, and I'm going to reboot it. 30 00:02:12,740 --> 00:02:16,539 Oops, and I was a little bit too eager. 31 00:02:16,740 --> 00:02:20,460 I'm in my boot manager now, so what do I want in my boot manager? 32 00:02:20,460 --> 00:02:25,580 Well, I want to go to CentOS Linux, and then I need my GRUB boot prompt. 33 00:02:25,580 --> 00:02:27,580 Oh, no, I failed it. 34 00:02:27,580 --> 00:02:33,500 Now, the trick is if you want access to the GRUB boot prompt and it doesn't work out well, 35 00:02:33,500 --> 00:02:35,860 reboot your machine while it is booting. 36 00:02:35,860 --> 00:02:39,899 On the next time it boots, it will detect that the last time it didn't complete booting 37 00:02:39,899 --> 00:02:44,100 successfully, and you automatically get access to the GRUB boot prompt. 38 00:02:44,259 --> 00:02:50,940 Then I'm pressing E for edit on my default line, and there I'm removing RHDB and QUIET, 39 00:02:50,940 --> 00:02:55,460 and I'm adding in it is slashbin slash bash. 40 00:02:55,460 --> 00:03:00,059 Control X to start with this option, and there it goes. 41 00:03:00,059 --> 00:03:05,580 So as you can see, I'm on a root prompt, and I haven't entered any password at all. 42 00:03:05,580 --> 00:03:10,300 Also, when you type mount on the top line, you can see that the root file system is mounted, 43 00:03:10,300 --> 00:03:12,460 but it is RO, read only. 44 00:03:12,460 --> 00:03:18,339 And that's why I need mount minus O remount comma RW on slash. 45 00:03:18,339 --> 00:03:24,699 Now I can use passwd and set my new password once and twice. 46 00:03:24,699 --> 00:03:30,580 But as this is a CentOS system, and CentOS, like every Red Hat family distribution, has 47 00:03:30,580 --> 00:03:37,259 SELinux by default, I do need touch slash dot auto relabel. 48 00:03:37,259 --> 00:03:41,899 That will make sure that SELinux context labels are going to be fixed. 49 00:03:42,100 --> 00:03:43,779 Next, we need to restart. 50 00:03:43,779 --> 00:03:48,179 Now I started in init is bin bash, and how do you restart from here? 51 00:03:48,179 --> 00:03:49,419 Well, two options. 52 00:03:49,419 --> 00:03:52,139 Either you are just going to reset your virtual machine. 53 00:03:52,139 --> 00:03:53,059 That works. 54 00:03:53,059 --> 00:03:59,300 What also works is if you use exec slash user lib systemd systemd. 55 00:03:59,300 --> 00:04:06,660 That's kind of a funny way to start systemd, but that is because right now PID1 is the bash shell, 56 00:04:06,660 --> 00:04:10,179 and systemd cannot be a child of the bash shell. 57 00:04:10,220 --> 00:04:16,540 And that is why the normal fork procedure for running your processes is not valid here. 58 00:04:16,540 --> 00:04:24,859 We need to replace the current bash PID1 with systemd, and that is what exec is doing. 59 00:04:24,859 --> 00:04:29,179 At this moment, you can see the SELinux context labeling is happening. 60 00:04:29,179 --> 00:04:31,179 You need to wait until that completes. 61 00:04:31,179 --> 00:04:33,459 Once complete, it will reboot again. 62 00:04:33,459 --> 00:04:36,739 That is expected behavior and nothing to worry about. 63 00:04:36,779 --> 00:04:38,299 So give it a moment. 64 00:04:38,299 --> 00:04:43,820 Normally on demo systems like this, it's done within a minute or so. 65 00:04:43,820 --> 00:04:48,459 Here goes the reboot, and now that it is rebooting again, 66 00:04:48,459 --> 00:04:52,540 well, once you have access to the prompt, you can log in as the root user.