How to reset root password in almalinux

What you will read?

1 Method 1: Using Single User Mode
2 Method 2: Using Rescue Mode
3 Importance of Root Access
4 Post-Reset Steps

Resetting the root password in AlmaLinux is a crucial task for system administrators who have lost access to the root account. AlmaLinux, as a community-driven enterprise operating system, shares many similarities with other RHEL-based distributions, making the password reset process familiar to those with Linux experience. The procedure typically involves booting into single-user mode or using a rescue environment to change the root password without knowing the current one.

Method 1: Using Single User Mode

Resetting the root password using single-user mode in AlmaLinux is straightforward. This method involves interrupting the normal boot process to gain root access without needing the current password.

Editing GRUB Boot Parameters

Restart the System: Reboot your AlmaLinux system. If you’re using a physical machine, ensure you have access to the keyboard and monitor. For virtual machines or remote servers, use the appropriate console access.
Access the GRUB Menu: As the system boots, the GRUB menu should appear. If it doesn’t show up automatically, press the Esc or Shift key during boot to display the GRUB menu.
Edit the Default Boot Entry: Use the arrow keys to highlight the default boot option and press the e key to edit it.
Modify Kernel Parameters: In the editor, locate the line that starts with linux or linux16. At the end of this line, add the following:
```
rd.break enforcing=0
```
This command tells the system to break before switching from the initial ramdisk to the real root filesystem and sets SELinux to permissive mode.
Boot with Modified Parameters: Press Ctrl + X or F10 to boot the system with the new parameters.

Changing the Root Password

Remount the Filesystem: At the prompt, remount the root filesystem in read-write mode:
```
mount -o remount,rw /sysroot
```
Switch to the Real Root: Use the chroot command to switch to the real root filesystem:
```
chroot /sysroot
```
Set a New Root Password: Enter the following command to change the root password:
```
passwd root
```
You will be prompted to enter a new password and confirm it.
Relabel SELinux Contexts: Create an empty file to ensure SELinux relabels the filesystem on reboot:
```
touch /.autorelabel
```

Rebooting the System

Exit and Unmount
Exit the chroot environment:
```
exit
```
Reboot the System
The system will restart, and SELinux will relabel the filesystem, which may take several minutes.
```
reboot
```
Log In with New Credentials
After the reboot, log in as root using the new password you set.

Method 2: Using Rescue Mode

Booting into Rescue Mode

If the single-user mode method doesn’t work or isn’t suitable for your situation, you can use the AlmaLinux installation media to boot into rescue mode. This method is helpful when you don’t have access to the GRUB menu or when the system is not booting correctly.

Obtain AlmaLinux Installation Media :Get the AlmaLinux DVD or USB installation media that matches your installed version.

Boot from the Installation Media :Insert the DVD or USB drive and reboot the system. You may need to adjust the BIOS/UEFI settings to boot from the installation media.

Access Rescue Mode :When the AlmaLinux installation screen appears, choose the Troubleshooting option at the bottom.

Select Rescue a AlmaLinux System :From the troubleshooting options, select Rescue a AlmaLinux system. This will load the rescue environment.

Mounting the Filesystem

Choose a Mount Option
After the rescue environment loads, you’ll be prompted to choose a mount option:
- 1) Continue: Mount the system under /mnt/sysimage.
- 2) Read-Only Mount: Mount the system in read-only mode.
- 3) Skip to Shell: Do not mount the filesystem.
Select option 1 to mount the filesystem in read-write mode.
Access the Mounted Filesystem: Once the system is mounted, access it by changing the root directory:
```
chroot /mnt/sysimage
```

Updating the Password

Change the Root Password: Use the passwd command to set a new root password:
```
passwd root
```
Enter the new password when prompted and confirm it.
Update SELinux Contexts (If Necessary): If SELinux is enabled, ensure that the security contexts are updated:
```
touch /.autorelabel
```

Exiting and Rebooting

Exit the Chroot Environment: Leave the chroot shell:
```
exit
```
Reboot the System: Remove the installation media and reboot the system:
```
reboot
```
The system should now boot normally.
Log In with the New Root Password: After the reboot, log in as root using the new password to verify that the reset was successful.

Importance of Root Access

Root access grants complete control over the AlmaLinux system, allowing administrators to perform critical tasks such as installing software, configuring system settings, and managing user accounts. Without root privileges, maintaining and troubleshooting the system becomes challenging. Therefore, knowing how to regain root access by resetting the password is essential for effective system management and ensuring the security and functionality of the server.

Post-Reset Steps

Verifying Root Access

After resetting the root password and rebooting the system, it’s important to verify that you can log in as the root user. To do this, try logging into the system using the new root password you set. Open a terminal or use SSH if remote access is enabled, and enter:

su -

When prompted, enter your new root password. If the login is successful, you’ve regained root access to your AlmaLinux system.

Updating Security Measures

Resetting the root password is a significant security event. To enhance your system’s security after such a change, consider the following steps:

Update All Packages: Ensure all system packages are up to date to patch any security vulnerabilities.
```
dnf update -y
```
Review User Accounts: Check for any unauthorized user accounts or changes to existing accounts.
```
cat /etc/passwd
```
Configure SSH Access: If you use SSH, consider disabling root login over SSH to prevent remote root access.Edit the /etc/ssh/sshd_config file and set:
```
PermitRootLogin no
```
Then restart the SSH service:
```
systemctl restart sshd
```
Set Up Firewall and SELinux: Ensure your firewall is properly configured and SELinux is in enforcing mode to protect against unauthorized access.
Change Other Passwords: If you suspect a security breach, change passwords for all other important user accounts.

This is one of the very basic task for any system admin to learn to reset root password in AlmaLinux. This can be very useful in some situations, e.g. after losing the root account credentials or handling a security breach. A root password is a very significant password in the Linux system, one that should be changed regularly, but when it does become necessary, two methods are suggested: both methods are easy as well as effective: single user mode and rescue mode.

And, very importantly, what to do after successfully resetting the root password! Ensure you logged in as ‘root’ and execute a system security update to protect the system from any unauthorized access. · Disabling root SSH login, maintaining updates on the system are some of other good preventative measures.

System admins should not have much difficulty with this, as the commands in this tutorial will allow you to always keep your system functional while securing root passwords in AlmaLinux.