How to Reset the Root Password in RHEL9 : A Beginner's Guide

Published On: 08 January 2025

Objective

For Linux administrators, mastering the reset of the root password in Red Hat Enterprise Linux (RHEL9) is important, as it provides full system control. This guide walks you through the process with a hands-on lab exercise, emphasizing its importance for certification exams, where recovering access to locked systems is often tested. The root account in RHEL9 grants unrestricted access to critical system files and commands, and losing the password can disrupt administrative tasks. This tutorial simplifies the reset process, ensuring you regain control quickly. Mastering this skill is vital for Linux professionals, particularly when facing real-world challenges or exam scenarios.

RHCSAGURU offers a practical lab exercise that will give you some insights on how to reset the root password in RHEL9. Below, you will find step-by-step instructions regarding how to address the lab problem and access the exercise. It will practically enhance your understanding of resetting the root password and prepare you for real-world scenarios or certification exams.

Lab Exercise: Reset RHEL9 Password

Link:  Reset RHEL9 Password

Follow these steps to reset the root password in RHEL9 :

Step 1: Open the Lab Environment

  • Click on the ‘Access Lab’ button to load the environment.

  • Once loaded, search for VirtualBox in the applications menu and open it.

VirtualBox

Step 2: Start the RHEL9 Virtual Machine

  • Locate the pre-configured RHEL9 VM in VirtualBox.

  • Start the VM.

StartRHEL

Step 3: Access the GRUB Boot Menu

  • As the VM begins to boot, you will see the GRUB Boot Menu.

  • Press e to enter edit mode.

    • If the VM starts booting normally, restart it and try again.

Grub-BootMenu

Step 4: Modify Boot Parameters

  • In the edit mode, locate the line that begins with linux.

  • At the end of this line, add the following parameter:

    init=/bin/sh

Boot Parameters

  • This modification initiates a shell as the initial process, bypassing the standard boot sequence.

Step 5: Boot the System

  • Press Ctrl + x to boot the system with the modified parameters.

  • You will be presented with a shell prompt.

Shell Prompt

Step 6: Verify Root Access

  • Confirm your current user status by running:

    Whoami

whoami

  • The output should display root, indicating administrative privileges.

Step 7: Load SELinux Policies

  • Execute the following command to load SELinux policies and ensure the system operates in permissive mode:

    /usr/sbin/load_policy -i

Load SELinux Policies

Step 8: Remount the Filesystem with Write Permissions

  • Remount the root filesystem with write permissions using:

    mount -o remount,rw /

Remount

  • This step is critical, as recovery mode often mounts filesystems as read-only by default.

Step 9: Reset the Root Password

  • Reset the root password by running:

    passwd

ResetRootPassword

  • Enter and confirm the new password when prompted.

Step 10: Reboot the System

  • Reboot the system with the following command:

    /sbin/reboot -f

RebootSystem

Step 11: Confirm the New Password

  • After the reboot, log in with the new root password to confirm the reset was successful.

Login

How This Process Plays a Vital Role in Certification Exams

Virtual machines (VMs) are used in certification exams such as the Red Hat Certified System Administrator (RHCSA) to simulate real-world problem-solving tasks. These activities usually include troubleshooting configurations, resetting credentials, or gaining access to a locked machine.

For example, you might find yourself in a situation where the root password must be reset in order to gain access to a machine and move on with solving the exam questions. This task demonstrates your capability in dealing with system recovery in real-life scenarios, which is an important skill set for Linux administrators.

Why Password Resets Can Be Both a Solution and a Security Threat

While resetting the root password is straightforward, it poses a security risk. Unauthorized users with physical or virtual access to the system can exploit this method to gain administrative control.

How to Prevent Unauthorized Password Resets

  • Set a GRUB Password

    • Set a password for the GRUB bootloader to safeguard your system's integrity and stop unauthorized users from changing boot options. 

    • This step makes sure that without the right credentials, users cannot alter kernel parameters or access the GRUB menu. 

    • You can set the GRUB password by running the following command:

        • grub2-setpassword

    • Follow the prompts to securely set your password. Once set, only users who know the password will be able to modify boot settings or enter edit mode during system startup. 

    • This adds an additional layer of security to prevent unauthorized boot-time changes or booting into single-user mode.

  • Enable Secure Boot

    • A security standard called Secure Boot makes sure that only trustworthy and signed applications can operate during the boot process. 

    • By confirming that the bootloader, kernel, and other crucial system files are digitally signed and unaltered, it is intended to defend your system against rootkits and bootkits. 

    • To enable Secure Boot, you must configure it in the system’s BIOS or UEFI settings. 

    • Once enabled, only trusted operating systems or bootloaders signed with a valid certificate will load. 

    • This helps maintain the integrity of the system’s boot process, reducing the risk of malicious software being introduced during system startup.

  • Limit Physical Access

    • Although it is frequently disregarded, physical security is an essential component of overall system protection. 

    • Make sure that servers or other vital systems are physically accessible only to authorized persons.  

    • To stop unauthorized people from interfering with servers, this can involve putting up secured server rooms, employing keycards, biometric security, or other types of access control. 

    • An attacker may be able to install malicious devices, change system configurations, or reset passwords with unrestricted physical access, all of which could jeopardize the security of the system. 

    • You may significantly lower the danger of insider threats and physical manipulation by limiting physical access.

  • Audit System Access

    • Auditing system access on a regular basis is essential for preserving security and spotting possible weaknesses. 

    • By consistently monitoring system logs, you can detect unusual or unauthorized activity that may indicate a breach or attempted attack. 

    • Log information regarding login attempts, command usage, and system modifications can be captured with the aid of tools like auditd and syslog. 

    • Set up alerts to inform administrators of any questionable activity, including unsuccessful login attempts or unauthorized access to private data. 

    • Frequent access audits make it possible to identify possible security breaches early and take swift action to reduce risks.

Conclusion

The root password reset in RHEL9 is an important administrative task, whether it be for troubleshooting, system recovery, or certification exams. Although the process itself is quite straightforward, it highlights the need to protect systems from unauthorized access.

One can achieve operational functionality while keeping the system secure through the use of technical expertise and implementation of proactive security measures such as GRUB passwords and access limitations.

Gaining proficiency in root password recovery becomes effortless with this tutorial, equipping you for both exam situations and professional obstacles. Be safe and be ready!