Alternative method to restore root access on a RHEL 7.x system with a large RAID or SAN
Environment
- Red Hat Enterprise Linux 7.
Issue
- SUMMARY/EXAMPLE: If you have a huge RAID or SAN - it might not be good to do an entire relabel of your entire system using the traditional method of
touch /.autorelabel
when recovering a root password. This method is intended to provide an alternate method to avoid that. Example, I have a system with a 500TB raid, it's best not to relabel the entire system when all I did was recover root password and change /etc/shadow - The traditional method of restoring root access works, but does a relabel of the entire Linux file system. It might be good to avoid a total filesystem relabel particularly if you have a system with large amount of storage attached. That method works fine if you do not have a large amount of storage, here is the link in the RHEL 7 documentation.
- This method may be for you if you have a large RAID or SAN attached and wish to avert a total system relabel. This method only relabels
/etc/shadow
- This is not a Red Hat solution. This is a post in the Red Hat discussion forum.
Resolution
- At the beginning of the boot process, at the GRUB 2 menu (Kernel list), type the
e
key to edit the kernel. (Be prepared with the grub password if required, or use the DVD restore method). - Move down to the kernel line (the line starting with linux16)
- NOTE EFI SYSTEMS will show
linuxefi
instead oflinux16
Thank you Christian Labisch - Remove rhgb quiet using the backspace key.
- You can change "ro" to "rw" in this grub line to avoid having to do a remount (shown below).
- IMPORTANT Add to the kernel line:
rd.break enforcing=0
NOTE: you might have to make "console=tty0" above as well depending if it's virtual or not. - Press Ctrl x to resume the boot process.
NOTE: If you did not change "ro" to "rw" above, make sure to remount the/sysroot
partition as shown below. # mount –o remount,rw /sysroot
# chroot /sysroot
# passwd root
- Type the password correctly two times in a row.
- Type exit twice to continue the boot process
- Log in, open a terminal and enter the root account.
# restorecon -v /etc/shadow
# setenforce 1 ; getenforce
References:
Red Hat Enterprise Linux 7 Installation Guide - Basic System Recovery.
Additional Credits...
- This is not a Red Hat solution. This is a post in the Red Hat discussion forum.
- I did not originally create this method. A Red-Hatter created this, the original link is no longer available.
Please post in the comments if you have questions or have recommendations, or if I can clarify it further.
RJ