Daft mistake on the way from Stream to Rocky

Hi Folks, Following the howto here for getting a Stream system back to CentOS in prep to running the migration instructions I made an almighty f’up:
Before copying ~/AuthSelect back to /etc/authselect I had the bright idea backing up /etc/authselect to /etc/authselect.bak;
Unfortunately, in a brain dead moment, I used mv instead of cp and immediately found myself unable to su, sudo login to root or any other account.
Is the simplest way back to sanity to boot from a live usb? Or is there something more straight forward?

migrate2rocky is capable of migrating from CentOS 8 Stream directly without having to first convert it back to a CentOS 8 system. The instructions you mention could potentially leave the system in a less than ideal state that could then cause migrate2rocky to fail.

Thanks Peter, Having already commited the sin you caution against, any comment on:


Boot from live cd/iso/usb, mount the partition where you used mv for that file. Then copy it back to it’s original place. If selinux was enabled, assuming /etc is under / then touch .autorelabel outside of etc so that it will autorelabel any selinux contexts on the file. Then unmount the partion and reboot, you should have your system working again.

Thanks Ian, that’s very helpful - especially re selinux. To be clear, if -

# touch /.autorelabel

Yes, it would normally be in the root so:

touch /.autorelabel

of course, if you have mounted the partition to /mnt or somewhere else when booted from an iso/cd/dvd/usb, then you would do:

touch /mnt/.autorelabel

then when the system boots, it would be /.autorelabel and would start fixing selinux for you. You can also edit /etc/selinux/config and change from enforced to permissive which will apparently also start an autorelabel and then later switch back to enforcing, but requires a couple of reboots, unless using:


to enable enforcing without a reboot.

1 Like

Thanks for the heads up on watching where I mount my system root…

I’ve actually had selinux in permissive for some time while I settle on my containers set up and configure selinux not to eat them (the server doesn’t face the Internet).


It’s generally not recommended to run selinux in permissive mode for long periods of time (I just use it as a quick troubleshooting tool to see if selinux is the cause of an issue).

That said, you should use the above advice to relabel your filesystem (touch ./autorelabel) when you do finally enable selinux as it is highly possible that the contexts will get our of sync by not having selinux in enforcing mode.

If you’re still having problems after restoring the files you mentioned above you’re welcome to contact me in IRC or mattermost chat where I can generally respond faster than the forums.

1 Like

Thanks @pajamian, it might be a little while before I get there… It’s a labour of love rather than a financial endeavour.

1 Like