One Platform. One Interface

There are three methods for 'root' password recovery:

  • - Change the password from another administrator account (easiest, but requires alternate admin account)
  • - Reset via 'rd.break' (easy, requires exact commands)
  • - Use the installation media to mount the system in rescue mode (easy, requires exact commands and installation media for ClearOS 7)

Reset Using Another Administrator

If you have enabled a user as a member of the 'wheel' group, you can simply change the password from command line at the console or through and ssh login.

sudo passwd root

If you did not set up named admins on the system or your directory is offline, you will need to use a different method.

Changing the Root Password Using rd.break

To change the root password using the rd.break method, you will need to be physically in front of the server with a monitor and a keyboard. You will also need to be able to take the server down with a couple of reboots.

With a monitor and keyboard attached, reboot the server. At the GRUB screen, interrupt the count down by pressing any key on the keyboard such as the spacebar.

With the countdown interrupted, select the kernel line corresponding to the environment you are running. Typically this is the default line. If it is not, use the arrow keys to navigate and press Enter.

Next, press the e key to edit the selected item.

The boot parameters for your server will appear. You can use the arrow keys to navigate down in this file. Locate the line that starts with 'linux16' (for most x86_64 system), 'linux' (for IBM Power Series), or 'linuxefi' (for systems which utilize UEFI.)

In this file, you need to remove some parameters and add some others (you can hop to the start of the line with Ctrl+a and the end of the line with Ctrl+e). Remove the parameters name 'rhgb' and 'quiet' by navigating to the end of the word and hitting backspace on your keyboard.

Next, add the following to the very end of the line by navigating to the end and adding a space. Add the parameters 'rd.break enforcing=0'

When the changes are made, you will need hold the control key and press x, then release ('Ctrl+x'. As indicated in the text at the bottom of your screen.)

The system will boot to a command prompt. If you have encrypted partitions, the system will need the password key to decrypt the file-system. You may not see the prompt for this unless you hit the backspace key to get back to the prompt.

switch-root:/#

At this prompt, you will need to enter several commands. The first changes your file system from the default read-only mode to read/write mode.

mount -o remount,rw /sysroot

Next, you will need to set this root as your running root partition:

chroot /sysroot

Your prompt will change to:

sh-4.2#

Change the root password by issuing the following command:

passwd
Changing password for user root
New password:
Make sure that you set a strong password - i.e. it should not be based solely on a dictionary word and should contain numbers or other valid non-alpha characters. Also, the system will not stop you from using a bad password. In addition we suggest passwords that do not have a percent sign '%' which is then followed by a hexidecimal capable set of numbers. This can be interpreted by some web forms (including Webconfig) as a special character.

If you have used a weak password (one based on a dictionary word) it may state:

BAD PASSWORD: it is based on a dictionary word

In this mode, it will take weak passwords in spite of the fact that they are weak.

  • You will then be asked to re-enter the password to confirm it and will subsequently receive a confirmation that the root password has been reset.
Retype new password:

passwd: all authentication tokens updated successfully.

Next, we need to touch a file to indicate to a potentially enable SELinux that our changes are valid. Skipping this step is not advised.

touch /.autorelabel

Next, remount the existing filesystem back to the default rd.break mode of read-only:

mount -o remount,ro /

Next, type 'exit' and 'Enter' the change root environment:

exit

This will change your prompt back to:

switch-root:/#

Type 'exit' and 'Enter' again to reboot.

exit

Changing the Root Password from Install Media

Boot the server from the installation media. You will need to use the same mechanisms that you used to install the system. In most cases this is straight forward. With systems that required disk drivers in order to see partitions, you will need to use those same methods to mount the disks to modify the 'root' password.

Install media start screen

At the start screen, navigate with the arrows to select 'Troubleshooting'

Press <ENTER>.

At the troubleshooting screen, select 'Rescue a ClearOS System' and press <ENTER>.

After a while a blue screen will come up.

Use the arrow or tab keys to select 'Continue'. Press <ENTER>.

The system will attempt to find your ClearOS partition. If this step was not successful, you may need to load special drivers or contact support for assistance. If it finds your partition, it will notify you that the partition was found and mounted under '/mnt/sysimage'. Press <ENTER>.

For extra measure, we will notify you that your partition is mounted under '/mnt/sysimage'. Press <ENTER>.

You will be dropped to a command prompt. Your prompt will look similar to the following:

sh-4.2#
  • Type the command chroot /mnt/sysimage and press Enter. You will see the following:
bash-4.2#
  • Type the command passwd and press Enter. You will see the following:
bash-4.2# passwd

Changing password for user root
New UNIX password:
Make sure that you set a strong password - i.e. it should not be based solely on a dictionary word and should contain numbers or other valid non-alpha/numeric characters. Also, the system will not give any signal that it is typing but it is. This is done to prevent someone from seeing how many characters are in your password through the screen. As a side note, avoid using the '%' sign if you have 2 or more hexi-decimal numbers/characters after the percent sign.

If you have used a weak password (one based on a dictionary word) it may state:

BAD PASSWORD: it is based on a dictionary word

In this mode, it will take weak passwords in spite of the fact that they are weak.

  • You will then be asked to re-enter the password to confirm it and will subsequently receive a confirmation that the root password has been reset.
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
  • Type the command exit and press Enter. You will see the following:
sh-4.2#
  • Type the command exit and press Enter. The system will be rebooted.
Don't forget to remove your installation media on reboot

Once the operating system has loaded you will be at a prompt similar to the following:

sh-3.2#
  • Type the command passwd and press Enter. You will see the following:
sh-3.2# passwdChanging password for user rootNew UNIX password:
Make sure that you set a strong password - i.e. it should not be based solely on a dictionary word and should contain numbers or other valid non-alpha characters. Also, the system will not give

If you have used a weak password (one based on a dictionary word) it will state:

BAD PASSWORD: it is based on a dictionary word

In this mode, it will take weak passwords in spite of the fact that they are weak.

  • You will then be asked to re-enter the password to confirm it and will subsequently receive a confirmation that the root password has been reset.
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
  • Now type in the command reboot and press Enter to restart your ClearOS system.
sh-3.2# reboot