Change Root Password in RHEL

by · Published · Updated

Changing the root password on a Red Hat Enterprise Linux server is a critical task that should only be done when absolutely necessary. In this article, we will walk you through the process of changing the root password on a Red Hat Enterprise Linux server. (This process will work on Debian, CentOS, and Rocky flavors of Linux)

The process of changing the root password on a Red Hat Enterprise Linux server is relatively simple. If you are not sure why you need to change the root password or what steps you need to take to change it, please consult with your system administrator before proceeding.

In order to change the root password on a Red Hat Enterprise Linux server, you will need access to the root user credentials.

There are 3 ways to break the boot process on Linux. The first 2 ways are manually entering break commands added to the boot.cfg file. The final way is to use a boot disk and rescue mode.

  1. Rd.break – enters emergency mode with no system disk loaded
  2. emergency  – similar to rd.break but mounts system disk
  3. Rescue – like single user mode, disk mounted, and services started

To change the root password, you must use rdbreak because this process does not mount the system disk; mounting a system disk implements the file system permissions, meaning you cannot change the root password – instead, you will be asked for the root password.

Step 1- Reboot the Server and Break the Linux boot process

To change the Linux root passwd, first, ensure you start with your Linux Server powered off.

  • Power on your server and watch the boot process on the screen or via a terminal connection
  • At the GRUB2 boot screen, press e to edit boot.cfg
  • Add the command rd.break after the boot image .img as per the picture above
  • Choose to continue the startup process.
  • the rd.break command will break the boot process and you will be dropped back to a shell prompt

Step 2 – Mount the Sysroot volume

What is sysroot? sysroot is the root directory for Red Hat Enterprise Linux systems. This is where you find the system’s configuration files, binaries, and libraries.

Sysroot is a system root directory that contains the files and directories that are necessary for the system to function. Changing your root password is a good way to secure your system

  • Mount the system root using the command
Bash
 mount -o rw,remount /sysroot/

Step 3 – Access Sysroot Shell

  • Access the shell by typing
Bash
chroot sysroot

Step 3 – Now change the root password

Type passwd to change root password

Bash
passwd

When prompted, enter a new password

Step 4 – Auto-relabel the Sysroot volume

Important: now you have changed the root password, you must relabel the file system so that the files and folders are aware of the new password hashes. Simply type:

Bash
touch ./autorelabel

Step 5 – Remount the disks as Read-Only

Now mount disks as read-only

Bash
mount -o ro,remount /sysroot

Step 6 – Reboot and monitor the boot progress

Now reboot the server

Bash
reboot
Example of the reboot process

Once the server reboots, you will be able to log in with your newly changed root password. It’s a little daunting when doing this for the first time, but after a while, it will become second nature.

Post Views: 2,409
Elsewhere On TurboGeek:  Understanding Red Hat Permissions

Richard.Bailey

Richard Bailey, a seasoned tech enthusiast, combines a passion for innovation with a knack for simplifying complex concepts. With over a decade in the industry, he's pioneered transformative solutions, blending creativity with technical prowess. An avid writer, Richard's articles resonate with readers, offering insightful perspectives that bridge the gap between technology and everyday life. His commitment to excellence and tireless pursuit of knowledge continues to inspire and shape the tech landscape.

You may also like...

1 Response

  1. RHCSA: How to configure local storage - TurboGeek
    19/01/2023

    […] Part 4 – How to change the root password on Red Hat […]

Leave a Reply

Your email address will not be published. Required fields are marked *