{"id":494,"date":"2024-09-26T16:08:47","date_gmt":"2024-09-26T10:38:47","guid":{"rendered":"https:\/\/swstech.sws-international.com\/?p=494"},"modified":"2024-09-26T16:08:47","modified_gmt":"2024-09-26T10:38:47","slug":"effective-root-password-recovery-in-rhel-9-comparing-init-bin-bash-and-rd-break-methods","status":"publish","type":"post","link":"https:\/\/swstech.sws-international.com\/?p=494","title":{"rendered":"Effective Root Password Recovery in RHEL 9: Comparing init=\/bin\/bash and rd.break Methods"},"content":{"rendered":"\n<p>In RHEL based systems, in situations where someone has forgotten \/ lost root password, administrator can gain access to system by getting control of  boot process and changing the password. <\/p>\n\n\n\n<p>There have been some improvements suggested in traditional way of gaining access by rd.break specification in grub command editing. This articles gives flow of newer recommended way and brief comparison with older way.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"heading-updated-rhel-9-password-reset-process-due-to-changes-in-dracut\">Updated RHEL 9 Password Reset Process (due to changes in&nbsp;<code>dracut<\/code>):<\/h4>\n\n\n\n<ol class=\"wp-block-list\"><li><strong>Press<\/strong>&nbsp;<code>e<\/code>&nbsp;to edit the GRUB boot options: <ul><li>This step allows you to modify the boot options temporarily. <\/li><\/ul><\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.hashnode.com\/res\/hashnode\/image\/upload\/v1727037663464\/7e995683-4adf-4af7-a199-2319e4be8eec.png?auto=compress,format&amp;format=webp\" alt=\"\"\/><\/figure>\n\n\n\n<p>2. In the&nbsp;<code>linux<\/code>&nbsp;line, change&nbsp;<code>ro<\/code>&nbsp;to&nbsp;<code>rw<\/code>&nbsp;(this is just before&nbsp;<code>crashkernel<\/code>):<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The root filesystem is mounted as read-only (<code>ro<\/code>) by default. Changing it to&nbsp;<code>rw<\/code>&nbsp;ensures that the root filesystem is mounted as read-write, allowing you to make changes such as modifying the root password.<\/li><li>Find the line starting with&nbsp;<code>linux<\/code>&nbsp;or&nbsp;<code>linuxefi<\/code>, then modify&nbsp;<code>ro<\/code>&nbsp;to&nbsp;<code>rw<\/code>.<\/li><li><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.hashnode.com\/res\/hashnode\/image\/upload\/v1727037715768\/c68dbe68-c34a-4971-b229-87b31e94fdcd.png?auto=compress,format&amp;format=webp\" alt=\"\"\/><figcaption><br><\/figcaption><\/figure>\n\n\n\n<p>3. Press&nbsp;<code>Ctrl + e<\/code>&nbsp;to go to the end of the&nbsp;<code>linux<\/code>&nbsp;line and add&nbsp;<code>\/init=\/bin\/bash<\/code>:<\/p>\n\n\n\n<p>This bypasses the default system initialization process and brings you directly into a Bash shell in the root environment, allowing you to troubleshoot or reset the password.<\/p>\n\n\n\n<p>This method is a substitute for the traditional&nbsp;<code>rd.break<\/code>&nbsp;approach.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/cdn.hashnode.com\/res\/hashnode\/image\/upload\/v1727037868017\/ba042f62-097e-4e09-b5d3-e24e6f173983.png?auto=compress,format&amp;format=webp\"><img decoding=\"async\" src=\"https:\/\/cdn.hashnode.com\/res\/hashnode\/image\/upload\/v1727037868017\/ba042f62-097e-4e09-b5d3-e24e6f173983.png?auto=compress,format&amp;format=webp\" alt=\"\"\/><\/a><figcaption><br><\/figcaption><\/figure>\n\n\n\n<p>4. Press&nbsp;<code>Ctrl + x<\/code>&nbsp;to boot:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>This boots the system with the modified GRUB configuration<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.hashnode.com\/res\/hashnode\/image\/upload\/v1727037999773\/f04ccd30-2e5c-436e-891a-9e84d848c9a6.png?auto=compress,format&amp;format=webp\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>5. Run<\/strong>&nbsp;<code>passwd<\/code>&nbsp;to change the root password:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>After booting into the Bash shell, you can now change the root password by running the&nbsp;<code>passwd<\/code>&nbsp;command. Be sure to enter the new password twice as prompted.<\/li><\/ul>\n\n\n\n<p><strong>Run<\/strong>&nbsp;<code>touch \/.autorelabel<\/code>:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>This command ensures that the SELinux contexts are properly relabeled upon the next boot, preventing issues with SELinux that might arise due to modified files like&nbsp;<code>\/etc\/shadow<\/code>.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Without this step, SELinux might block processes because of incorrect contexts, especially in enforcing mode.<\/li><\/ul>\n\n\n\n<p><strong>Run<\/strong>&nbsp;<code>exec \/sbin\/init<\/code>:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>This command will replace the current Bash shell with the system\u2019s initialization process (<code>\/sbin\/init<\/code>), resuming the normal boot process.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>The system will continue to boot normally, and on the next boot, SELinux will perform the relabeling as indicated by the&nbsp;<code>.autorelabel<\/code>&nbsp;file.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.hashnode.com\/res\/hashnode\/image\/upload\/v1727038052923\/f25dc38d-02f7-4e6e-9b55-47fc40cf70c3.png?auto=compress,format&amp;format=webp\" alt=\"\"\/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Dracut Changes<\/strong>: RHEL 9 now uses&nbsp;<code>dracut<\/code>&nbsp;differently compared to previous versions, which no longer includes&nbsp;<code>sulogin<\/code>&nbsp;by default during the boot process when&nbsp;<code>rd.break<\/code>&nbsp;is used. Therefore, booting into a shell using&nbsp;<code>init=\/bin\/bash<\/code>&nbsp;is an alternative method.<\/li><li><strong>Importance of<\/strong>&nbsp;<code>.autorelabel<\/code>: The SELinux relabeling process ensures that after modifying the password or other system files, SELinux labels are corrected, avoiding potential boot failures or security issues caused by incorrect SELinux contexts.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"heading-additional-considerations-for-the-videoslides\">Additional Considerations for the Video\/Slides:<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Highlight SELinux Impact<\/strong>: Make sure to emphasize why the&nbsp;<code>touch \/.autorelabel<\/code>&nbsp;step is crucial, especially for viewers who might be unfamiliar with SELinux.<\/li><li><strong>Ensure clear explanation of<\/strong>&nbsp;<code>init=\/bin\/bash<\/code>: Explain that this method is a workaround for the changes in RHEL 9&#8217;s boot process due to the absence of&nbsp;<code>sulogin<\/code>&nbsp;in&nbsp;<code>dracut<\/code>.<\/li><\/ul>\n\n\n\n<p>This approach ensures compatibility with the updated boot mechanism in RHEL 9 and provides an effective way to reset the root password.<\/p>\n\n\n\n<p>Once got booted you are taken into your login interface.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.hashnode.com\/res\/hashnode\/image\/upload\/v1727038176294\/391e1614-c1d1-49d8-b632-826c3ced006e.png?auto=compress,format&amp;format=webp\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.hashnode.com\/res\/hashnode\/image\/upload\/v1727038241569\/a733bce6-eb92-4990-bcb1-64e4801b64c3.png?auto=compress,format&amp;format=webp\" alt=\"\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading-method-a-with-initbinbash-seems-to-be-the-more-straightforward-and-future-proof-solution-in-rhel-9\">Method A with&nbsp;<code>init=\/bin\/bash<\/code>&nbsp;seems to be the more straightforward and future-proof solution in RHEL 9<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>A method:<\/strong><\/h2>\n\n\n\n<ol class=\"wp-block-list\"><li>Grub &gt;&nbsp;e<\/li><li><code>init=\/bin\/bash<\/code>&nbsp;(Remove&nbsp;<code>rhgb<\/code>&nbsp;and&nbsp;<code>quiet<\/code>&nbsp;tags if necessary) &gt;&nbsp;Ctrl+x<\/li><li><code>\/usr\/sbin\/load_policy -i<\/code><\/li><li><code>mount -o remount,rw \/<\/code><\/li><li><code>passwd root<\/code>&nbsp;or&nbsp;<code>passwd<\/code><\/li><li><code>mount -o remount,ro \/<\/code><\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>B method:<\/strong><\/h2>\n\n\n\n<ol class=\"wp-block-list\"><li>Grub &gt;&nbsp;e<\/li><li><code>rd.break<\/code>&nbsp;&gt;&nbsp;Ctrl+x<\/li><li><code>mount -o remount,rw \/sysroot\/<\/code><\/li><li><code>chroot \/sysroot\/<\/code><\/li><li><code>passwd root<\/code>&nbsp;or&nbsp;<code>passwd<\/code><\/li><li><code>touch \/.autorelabel<\/code><\/li><\/ol>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><strong>Also refer Official Redhat docs:<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/docs.redhat.com\/en\/documentation\/red_hat_enterprise_linux\/8\/html\/managing_monitoring_and_updating_the_kernel\/assembly_making-temporary-changes-to-the-grub-menu_managing-monitoring-and-updating-the-kernel#proc_resetting-the-root-password-using-rd-break_assembly_making-temporary-changes-to-the-grub-menu\">https:\/\/docs.redhat.com\/en\/documentation\/red_hat_enterprise_linux\/8\/html\/managing_monitoring_and_updating_the_kernel\/assembly_making-temporary-changes-to-the-grub-menu_managing-monitoring-and-updating-the-kernel#proc_resetting-the-root-password-using-rd-break_assembly_making-temporary-changes-to-the-grub-menu<\/a><\/p>\n\n\n\n<p><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In RHEL based systems, in situations where someone has forgotten \/ lost root password, administrator can gain access to system [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[7],"tags":[17,18,22,24,25],"class_list":["post-494","post","type-post","status-publish","format-standard","hentry","category-linux","tag-grub","tag-init-bin-bash","tag-rd-break","tag-rhel9","tag-rootpasswd"],"_links":{"self":[{"href":"https:\/\/swstech.sws-international.com\/index.php?rest_route=\/wp\/v2\/posts\/494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swstech.sws-international.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/swstech.sws-international.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/swstech.sws-international.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/swstech.sws-international.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=494"}],"version-history":[{"count":0,"href":"https:\/\/swstech.sws-international.com\/index.php?rest_route=\/wp\/v2\/posts\/494\/revisions"}],"wp:attachment":[{"href":"https:\/\/swstech.sws-international.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/swstech.sws-international.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swstech.sws-international.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}