How to change a forgotten or lost root password?

Solution Verified - Updated 17 Jun 2025

Environment

Red Hat Enterprise Linux (All version)

Issue

The root password was forgotten, and the system cannot be logged into it.
How to reset a root password?
Unable to gain root access to a system.
The root password changed.

Resolution

Red Hat Enterprise Linux 4, 5, 6

Change the root password from either single user mode or rescue mode. The method for booting into single user mode depends on the bootloader:

GRUB - No password protection

Booting into single user mode using GRUB is accomplished by editing the kernel line of the boot configuration. This assumes that either the GRUB boot menu is not password protected or user have access to the password if it is.

When the system boots up, the GRUB countdown begins, which is set to 5 seconds by default . Press Esc to intercept this countdown and go enter a GRUB menu. Then follow these steps:

Press 'e' to start editing.
Scroll down to the "kernel..." line. This line tells GRUB which kernel to boot.
Press 'e' again to edit this line.
Move to the end of the line. Add the number "1" to the end after the space.
Press Enter to accept the edit.
Press 'b' to boot using that kernel and boot into runlevel 1 (single user mode).

Change the root password when the \# prompt appears by using the passwd command.

Note: The switch to runlevel 1 is not persistent. At next boot, the system will start in the default runlevel as specified in the /etc/inittab file.

Rescue Mode (GRUB is protected, system is unbootable due to a Maintenance mode prompt, or other issues)

If the GRUB boot menu is password protected or the system is unbootable due to other issues and have no access to the password, then need to use a rescue disk to boot the system.

Follow the instructions given by the rescue disk boot process:

Boot the system from boot disc 1. Once the system has successfully booted from the ISO image and the Red Hat Enterprise Linux boot screen appears, type linux rescue without the quotes at the boot prompt and press the enter key.
```
[F1-Main] [F2-Options] [F3-General] [F4-Kernel] [F5-Rescue]

boot: linux rescue
```
When prompted for language and keyboard, provide the pertinent information for the system. When prompted to enable the network devices on the system, select No.
Select Continue when prompted to allow the rescue environment to mount the Red Hat Enterprise Linux installation under the /mnt/sysimage directory.
Run the command chroot /mnt/sysimage to change root to system image.
Use the command passwd to change the root password of the system.
If the command passwd is not found, need to mount /usr in order to access /usr/bin/passwd

LILO

When the system comes to the LILO prompt, type linux single. When the \# prompt appears, user will need to type passwd root. This will update the password to a newer one. At this point user need to type exit and the system should return to the boot sequence. Alternatively, user can reboot the system with the shutdown -r now or reboot commands. The system should boot up normally. Use the new root password to gain root access.

If LILO is configured to not wait at the boot menu (the timeout value in /etc/lilo.conf is set to zero) the user can still halt the boot process by pressing any key in the split second before LILO boots the kernel.

Red Hat Enterprise Linux 7, 8, 9

Starting with Red Hat Enterprise Linux 7, users have two means to change a forgotten root password:

With rescue media (recommended - least risky)
Without rescue media (risky)

Using Rescue Media (boot.iso)

Boot from boot.iso, choose Troubleshooting > Rescue a system
Mount the system normally (not read-only), i.e. default, OK
At shell prompt, chroot /mnt/sysimage
passwd root
reboot

Without using Rescue Media (boot.iso)

When the system boots up, the GRUB2 countdown begin, which is set to 5 seconds by default . Press Esc to intercept this countdown and go enter a GRUB2 menu. Then follow these steps:

Boot with rd.break argument
- Press 'e' to start editing.
- Scroll down to the "linux16..." or "linuxefi..." or "linux..." line. This line tells GRUB2 which kernel to boot.
- Move to the end of the line. Add the string rd.break to the end after the space.
- (Optional but recommended) If user wants to see as they type-in, user have to also remove the rhgb quiet part of that line.
- Press Ctrl-x to accept the edit, and to boot using that kernel
The switch_root prompt appears.
```
switch_root:/ #
```
The file system is mounted read-only on /sysroot/. The user will not be allowed to change the password if the file system is not writable. Remount the root filesystem in read-write mode:
```
# mount -o remount,rw /sysroot
```
The file system is remounted with write enabled. Change the file system’s root as follows:
```
# chroot /sysroot
```
Enter the passwd command and follow the instructions displayed on the command line to change the root password.
```
# passwd
```
Updating the password file results in a file with the incorrect SELinux security context. To relabel all files on next system boot, enter the following command:
```
# touch /.autorelabel
```
Exit the chroot environment:
```
exit
```
Exit the switch_root prompt:
```
exit
```
Wait until the SELinux relabeling process is finished. Note that relabeling a large disk might take a long time. The system reboots automatically when the process is complete.

Red Hat Enterprise Linux 10

Red Hat Enterprise Linux 10, users have only two means to change a forgotten root password:

With rescue media (recommended - least risky)
Without rescue media (risky)

Using Rescue Media (boot.iso)

Boot from boot.iso, choose Troubleshooting > Rescue a system
Mount the system normally (not read-only), i.e. default, OK
At shell prompt, chroot /mnt/sysroot
passwd root
reboot

Without using Rescue Media (boot.iso)

When the system boots up, the GRUB2 countdown begins, which is set to 5 seconds by default. Press Esc to intercept this countdown and go enter a GRUB2 menu. Then follow these steps:

Boot with init=/bin/bash argument
- Press 'e' to start editing.
- Scroll down to the linux line. This line tells GRUB2 which kernel to boot.
- Move to the end of the line. Add the string init=/bin/bash to the end after space.
- (Optional but recommended) If user wants to see as they type-in, user have to also remove the rhgb quiet part of that line.
- Press Ctrl-x to accept the edit, and to boot using that kernel
The file system is mounted read-only on /. User will not be allowed to change the password if the file system is not writable. Remount the root filesystem in read-write mode:
```
# mount -o remount,rw /
```
Enter the passwd command and follow the instructions displayed on the command line to change the root password.
```
# passwd
```
Updating the password file results in a file with the incorrect SELinux security context. To relabel all files on next system boot, enter the following command:
```
# touch /.autorelabel
```
Reboot
```
# exec /sbin/init
```
Wait until the SELinux relabeling process is finished. Note that relabeling a large disk might take a long time. The system reboots automatically when the process is complete.

Troubleshooting

If unable to type post booting to the shell then follow below steps:

Reboot the system
Edit the grub kernel line as described above, but also do the following:
- Remove all console and vconsole entries and their arguments
- Remove the rhgb option
- Remove the Lang= option and all arguments
Boot system with the modified kernel parameters.

References:

SBR

Product(s)

Red Hat Enterprise Linux

Components

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.