RHEL8 exam root password break issue

Latest response

I had an RHCSA exam few days ago. On the node2, when I was trying to set the root password and was on grub menu, I hit e and entered rd.break at the end of the linux line and hit control x. I was on the switch_root/: line and then I was trying to enter command mount -o remount,rw /sysroot. Everytime I was trying to enter this command, the system would throw error and not let me finish. Then I would restart and try again and it would throw error again. I talked to the proctor and he said I have to resolve this by myself.

Note: rhgb quit was also missing in the line where we enter rd.break, but I tried that on personal computer at home and it worked fine.

Does anyone else have faced this issue and do you know how to resolve it?

Responses

Hi Prabhjeet,

That could be due to SELinux, you could set"enforcing=0" along with rd.break parameter that could help you to reset root password. Don't forget to run "touch /.autorelabel" before exit from the shell.

Please refer this link for more details https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-Working_with_the_GRUB_2_Boot_Loader#proc-Resetting_the_Root_Password_Using_rd_break

All the best!

Prabhjeet Gill

Please also join learn.redhat.com where their discussion forums are geared specifically for those learning Red Hat technologies. There are discussion threads specifically addressing that topic on resetting root including a method for large SAN/RAID connected systems and also this solution, see comments from July 8th.

Regards,
RJ

Mounting command is before any SELinux, so it should not be the issue here. If you ever see anything like this - check what is currently mounted. Was /sysroot already mounted (readonly) or not at all? Maybe you were trying to run: mount -o rw /sysroot (without remount) Or maybe mount -remount,rw (without -o) ?
Could happen if you are during exam. I recommend to do in such case: man mount; and then search for 'readonly' - this will show an example.

Hello All,

Am not able to break root password.

i followed all the steps " rd.break ----cntrl+x-----mount -o rw,remount /sysroot -------chroot /sysroot ----- passwd ---- i entered new password ----- i re-entered new passwd ------ touch /.autorelable ----- exit --- exit ---logout

automatically rebooted.

and then i tried to login with root and entered my new passwd, its saying incorrect login. and i tried to login with other user which i have created and same error am getting incorrect login.

When i replaced grub.conf with a new grub.conf file. and later i rebooted and then i entered new password then its working.

Again i did tried to break root passwd and i tried to login with new root passwd then getting same error incorrect login.

Why so?

Can someone please help me?

Ashish Gupta,

This is explained in detail at the link I mentioned previously. Please log into the Red Hat learning community for a lengthy discussion with steps at learn.redhat.com with your same Red Hat login (or register when you get there).

If you haven't already done so, make retrace your steps with this procedure with special attention to the steps regarding SELinux.

Regards,
RJ

Hi according to what i have notice following the link mention in the first answer i suggest you follow these steps: " rd.break enforcing=0 console=tty0----cntrl+x-----mount -o rw,remount /sysroot -------chroot /sysroot ----- passwd ---- i entered new password ----- i re-entered new passwd ------ mount -o remount,ro / ----- exit --- exit ---logout ---- afterreboot--- restorecon /etc/shadow en set enforcing=1 Thanks

This specific issue is addressed in detail at learn.redhat.com

Regards,
RJ

Hello RJ and Eric,

Thanks for your response.

Can you please let me know why we have used?

  1. " rd.break enforcing=0 " -----> why we have used enforcing=0 ?

  2. restorecon /etc/shadow en set enforcing=1 ----> please advise me about the meaning for restorecon /etc/shadow and enforcing =1 will set by setenforce = 1 , right?

Hi, Ashish 1- enforcing=0 is to set selinux to permissive mode (Remember the role of selinux is to firstly protect the user data) so setting selinux to permissive mode will avoid the machine to reboot when you are changing the password

2- so after the reboot the file /etc/shadow where as you know password are kept does not have the right context type you can confirme with ls -lZ /etc/shadow who is unlabeled_t, that is why we use restorecon /etc/shadow the give back the right content type who is shadow_t and finally setenforce 1 to enable selinux to enforcing mode meaning to protect the system, Hope i try to be clear Thanks

Below are the simple steps should work

1. GRUB->e-> Line with linux -> rd.break ->CTRL+X
2. mount -o remount,rw /sysroot
3. chroot /sysroot
4. passwd
# here you will enter your new password 
5. touch /.autorelabel
6. exit
7. exit