Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Recover Lost Root Password for ClearOS 7

If you no longer know the root password for your ClearOS system, you can use the following steps to reset it. For security reasons, this procedure cannot be carried out remotely; it must be done from the console (keyboard and monitor) while physically at the server.

These procedures are for ClearOS 7. For ClearOS 6, click here. For ClearOS 5, click here.

Recovery Methods

There are three methods for 'root' password recovery:

  • - Change the password from another administrator account (easiest, but requires alternate admin account)
  • - Reset via 'rd.break' (easy, requires exact commands)
  • - Use the installation media to mount the system in rescue mode (easy, requires exact commands and installation media for ClearOS 7)

Reset Using Another Administrator

If you have enabled a user as a member of the 'wheel' group, you can simply change the password from command line at the console or through and ssh login.

sudo passwd root

If you did not set up named admins on the system or your directory is offline, you will need to use a different method.

Changing the Root Password Using rd.break

To change the root password using the rd.break method, you will need to be physically in front of the server with a monitor and a keyboard. You will also need to be able to take the server down with a couple of reboots.

With a monitor and keyboard attached, reboot the server. At the GRUB screen, interrupt the count down by pressing any key on the keyboard such as the spacebar.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=912202&media=content:en_us:7_grub_countdown.png

With the countdown interrupted, select the kernel line corresponding to the environment you are running. Typically this is the default line. If it is not, use the arrow keys to navigate and press Enter.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=bfb35e&media=content:en_us:7_grub_countdown_interrupted.png

Next, press the e key to edit the selected item.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=f26839&media=content:en_us:7_grub_edit.png

The boot parameters for your server will appear. You can use the arrow keys to navigate down in this file. Locate the line that starts with 'linux16' (for most x86_64 system), 'linux' (for IBM Power Series), or 'linuxefi' (for systems which utilize UEFI.)

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=028ffe&media=content:en_us:7_grub_edit_kernel_line.png

In this file, you need to remove some parameters and add some others (you can hop to the start of the line with Ctrl+a and the end of the line with Ctrl+e). Remove the parameters name 'rhgb' and 'quiet' by navigating to the end of the word and hitting backspace on your keyboard.

Next, add the following to the very end of the line by navigating to the end and adding a space. Add the parameters 'rd.break enforcing=0'

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=8b1364&media=content:en_us:7_grub_edit_kernel_line_edits.png

When the changes are made, you will need hold the control key and press x, then release ('Ctrl+x'. As indicated in the text at the bottom of your screen.)

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=52602f&media=content:en_us:7_boot_single.png

The system will boot to a command prompt. If you have encrypted partitions, the system will need the password key to decrypt the file-system. You may not see the prompt for this unless you hit the backspace key to get back to the prompt.

switch-root:/#

At this prompt, you will need to enter several commands. The first changes your file system from the default read-only mode to read/write mode.

mount -o remount,rw /sysroot

Next, you will need to set this root as your running root partition:

chroot /sysroot

Your prompt will change to:

sh-4.2#

Change the root password by issuing the following command:

passwd
Changing password for user root
New password:

Make sure that you set a strong password - i.e. it should not be based solely on a dictionary word and should contain numbers or other valid non-alpha characters. Also, the system will not stop you from using a bad password. It:

  • Must start with a letter or number
  • Must not contain the following characters: | ;*

In addition we suggest passwords that do not have a percent sign '%' which is then followed by a hexidecimal capable set of numbers. This can be interpreted by some web forms (including Webconfig) as a special character.

If you have used a weak password (one based on a dictionary word) it may state:

BAD PASSWORD: it is based on a dictionary word

In this mode, it will take weak passwords in spite of the fact that they are weak.

  • You will then be asked to re-enter the password to confirm it and will subsequently receive a confirmation that the root password has been reset.
Retype new password:

passwd: all authentication tokens updated successfully.

Next, we need to touch a file to indicate to a potentially enable SELinux that our changes are valid. Skipping this step is not advised.

touch /.autorelabel

Next, remount the existing filesystem back to the default rd.break mode of read-only:

mount -o remount,ro /

Next, type 'exit' and 'Enter' the change root environment:

exit

This will change your prompt back to:

switch-root:/#

Type 'exit' and 'Enter' again to reboot.

exit

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=bc1006&media=content:en_us:7_boot_single_reset_rootpw.png

Changing the Root Password from Install Media

Boot the server from the installation media. You will need to use the same mechanisms that you used to install the system. In most cases this is straight forward. With systems that required disk drivers in order to see partitions, you will need to use those same methods to mount the disks to modify the 'root' password.

Install media start screen

At the start screen, navigate with the arrows to select 'Troubleshooting'

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=fbe560&media=content:en_us:7_install_media_first_screen_beta3_troubleshooting_selected.png

Press <ENTER>.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=84889a&media=content:en_us:7_install_media_first_screen_beta3_rescue_selected.png

At the troubleshooting screen, select 'Rescue a ClearOS System' and press <ENTER>.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=56f21a&media=content:en_us:7_rescue_mode_first_screen.png

After a while a blue screen will come up.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=d72e73&media=content:en_us:7_rescue_mode_first_screen_continue_selected.png

Use the arrow or tab keys to select 'Continue'. Press <ENTER>.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=e7dbaf&media=content:en_us:7_rescue_mode_mounted_sysimage_notification.png

The system will attempt to find your ClearOS partition. If this step was not successful, you may need to load special drivers or contact support for assistance. If it finds your partition, it will notify you that the partition was found and mounted under '/mnt/sysimage'. Press <ENTER>.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=b232d3&media=content:en_us:7_rescue_mode_mounted_sysimage_notification2.png

For extra measure, we will notify you that your partition is mounted under '/mnt/sysimage'. Press <ENTER>.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=663714&media=content:en_us:7_rescue_mode_mounted_sysimage_shell_default.png

You will be dropped to a command prompt. Your prompt will look similar to the following:

sh-4.2#
  • Type the command
    chroot /mnt/sysimage

    and press Enter. You will see the following:

bash-4.2#
  • Type the command
    passwd

    and press Enter. You will see the following:

bash-4.2# passwd

Changing password for user root
New UNIX password:

Make sure that you set a strong password - i.e. it should not be based solely on a dictionary word and should contain numbers or other valid non-alpha/numeric characters. Also, the system will not give any signal that it is typing but it is. This is done to prevent someone from seeing how many characters are in your password through the screen. As a side note, avoid using the '%' sign if you have 2 or more hexi-decimal numbers/characters after the percent sign.

If you have used a weak password (one based on a dictionary word) it may state:

BAD PASSWORD: it is based on a dictionary word

In this mode, it will take weak passwords in spite of the fact that they are weak.

  • You will then be asked to re-enter the password to confirm it and will subsequently receive a confirmation that the root password has been reset.
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
  • Type the command
    exit

    and press Enter. You will see the following:

sh-4.2#
  • Type the command
    exit

    and press Enter. The system will be rebooted.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=550&tok=0e9ecb&media=content:en_us:7_rescue_mode_mounted_sysimage_shell_default_reset_root.png

Don't forget to remove your installation media when the POST screen appears during reboot.

content/en_us/7_kb_forgot_root_password.txt · Last modified: 2019/03/27 10:44 by NickH

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3A7_kb_forgot_root_password&1710817473