I forgot my root password, but traditional single-user mode doesn't work

how should i reset my root password

Hi, already answered here: How to recover root password - #2 by iwalker

That procedure pretty much always works.

First of all thank you for your answer, but after I follow the steps to enter the command line interface, it prompts me to “Give root password for maintenance”, I can’t continue without entering the password, why is this :laughing:

That’s probably because you didn’t use the options to edit the grub config and put rd.break. Had you done that, it wouldn’t ask for you to provide root password as that step bypasses the recovery mode you are using when booting normally.


After completing the above steps, enter the interface shown in Figure 2, but the root password is not skipped, this is the rocky9.0 version

I would say boot from the Rocky 9 DVD or minimal ISO image, you have options there I’m sure for booting rescue mode. Not sure why that’s not working, as that was always the way to do it with EL7/EL8 versions.


Yep, is a bug:2057365 – Unable to reset root password using rd.break there are some alternative methods suggested there. One of which suggested, instead of selecting the normal kernel to boot with, from grub there is the rescue kernel, select this, then edit this and add rd.break and boot. That apparently should work (reddit post also hints at this). Other suggestions involve adding init=/bin/bash but never used it personally.


I remembered posting an alternative using systemd.unit=rescue.target when editing the grub entry temporarily like you do with rd.break. so another way around it: Autorelabel and SELinux Question - #5 by iwalker

1 Like

Just tested it with Rocky 9, selecting rescue kernel, adding rd.break. Booted, still get the password option, but just pressed enter without putting a password, and it bypasses and allows you to continue at this point. So, this will allow you to reset the root password with the remaining steps.


The second solution given in the link that iwalker pasted is simpler and also works. Probably works on older versions too. To save people time.
Boot, hit e for edit (you can use normal kernel). In the line beginning with linux, change the ro to rw and add at the end init=/bin/bash
This will boot into a root prompt no pass needed. Use the passwd command to change root password.

touch /.autorelabel
exec /sbin/init

Simpler, in my opinion, as it eliminates the mount -o remount and chroot.
Tested it last night and worked (On RHEL9 VM).


@iwalker , I have never had much understanding of the Bugzilla reports. But if this issue existed for both the RHEL9 as well as RHEL8 kernels, how would that be displayed? In a single Bugzilla report or two independent reports?

Thank you.

Just had this happen to me yesterday… but SOLVED it. Here is how to solve it:

Some caveats so you don’t waste 5 hours like I did:

  1. After “rd.break” don’t forget to put “enforcing =0” . This is at the end of the Linux line. Followed by hitting “Ctl+X” this gets you into Start the Emergency mode scripting Shell.

From here on in you are in "switch_root:/# or some other 1 LINE command followed by ENTER. All the other individual commands are on a single line followed by ENTER This is followed by another line that starts with switch_root:/#. Don’t make my mistake of putting ALL the commands on the “Linux” line. It took me 5 hours to figure out the secret.

  1. The next two lines deal with /sysroot. the 2nd line that begins switch_root:/# followed by chroot /sysroot. This allows you to CHANGE your ROOT Password. Now when you press ENTER you will be greeted by sh-4.4# where you will be see a request /statement for passwd root where you do your passwd changes. After you have updated your root passwd you will see another sh-4.4#

  2. Type exit Press ENTER

  3. Now you have to Make filesystem again read-only:
    type mount -o remount,ro /sysroot … followed by ENTER

  4. Type exit followed by “ENTER”

  5. NOW Login with your NEW PASSWORD!!

Now for some cleanup on aisle 6:

  1. Remove any residue entries and set SELinux enforcing mode. Don’t forget to reset enforcing 1

I can’t remember if there was an ENTER after each command or not – short memory from brain damage from the crash. This actually WORKS!! References found in these forums did not work, nor was there any reference that you needed and when to hit ENTER, or that you needed to first set enforcing=0 and later enforcing 1. OTOH this is a pretty well laid out ARTICLE on how to reset your password – READ IT!!! – Don’t take my down and dirty summation You still need to be eagle eyed to discern that A) Everything is NOT on the Linux line B) That you need to hit ENTER to force New Line wherein you enter your NEXT command. Like I said, it ONLY took me 5 hours to get back my root password.

D’ Cat

@warron.french The problem only occurs in EL9. In EL8 it works fine. RH obviously changed something in EL9 which caused this to stop working.

@desercat You do not need to use enforcing=0 in the majority of cases. For a password reset it’s enough to chroot and change the password and then do touch /.autorelabel. This will reset the contexts for selinux on reboot. A lot of the steps you have outlined just simply aren’t needed. It would be:

  1. Boot grub and add rd.break
  2. chroot into /syslinux
  3. Change root password.
  4. Touch /.autorelabel
  5. Exit chroot and reboot

If you don’t even have selinux enabled anyway then you don’t even need step 4 at this point. Alternatives are instead of touching ./autorelabel to edit /etc/selinux/config, put it in permissive mode and reboot, which would reset the contexts as well, and then change back to enforcing afterwards. But it’s easier and quicker to touch the file which resets the selinux on reboot.