Boot RHEL 9 into Emergency/Rescue mode to change the password

A rescue mode or emergency mode on Linux systems will give us a chance to boot our VM into a console session to do some troubleshooting to revive the VM back into an operational state. This boot shell would also aid in password resets in case the root passwords are locked or forgotten. The emergency mode and rescue mode serve the same purpose of booting into the system console so you could use anyone depending on the scenario you are in.

Bootup into Emergency mode

An Emergency mode is similar to the safe mode on Windows and this is typically used when the admin can’t get into the rescue mode. All local filesystems will be mounted but there won’t be any network connectivity.

1 – Snapshot the Linux VM
2 – Reboot the Linux VM and select the kernel

3 – After rebooting the Linux VM appliance, we need to get into the GRUB Menu to reset the root password. Press the e key to enter the GNU GRUB2 Edit Menu.

4 – Go to the line that opens with the word Linux(RHEL 8/9) or Linux 16(RHEL 7) and add the below parameters and press Ctrl+X or F10 to boot the VM

systemd.unit=emergency.target For emergency mode
systemd.unit=rescue.targetFor rescue mode
rd.break For password resets

5 – Add ‘systemd.unit=emergency.target ‘ at the end of that line for emergency mode

6 – We will boot to an ‘emergency‘ prompt with root prompt.

7– To run commands on this single-user mode, we should remount the ‘/’ file system in read-write mode.

8 – Use this command to remount the root partition in read-write mode.

# mount -o remount rw /
Or
Run this command to mount the root partition.
# mount -o remount rw /sysroot

Bootup into Rescue mode

1 – If for rescue mode, we will enter the boot parameter as shown and press Ctrl+X or F10 to boot the VM

2 –You will boot to a ‘rescue‘ prompt that looks like this: switch_root:/#.

3 – As expected, we can see the login prompt.

Recovering the root password

1 – For recovering the root password, we will enter the boot parameter as shown

2 – On the RHEL system, we will be logging into a /sysroot directory which by default will be r/o mode

3 – To run commands on this single-user mode, we should remount the ‘/’ file system in read-write mode.

# mount -o remount rw /
Or
Run this command to mount the root partition.
# mount -o remount rw /sysroot

4 – Use this command to remount the root partition in read-write mode.

5 – Run this command to change into the ‘/’ sysroot directory.

6 – Use the passwd command to change the password for root

7 – We will now need to create a hidden file with the name autorelable using the touch command to signal SELinux on the next reboot that the filesystem has changed and allow the change to be loaded. This process is known as enabling filesystem relabeling which is done to ensure SELinux allows the file changes.

8 – Lets enable the SELinux relabeling process on the next system boot with touch /.autorelabel

9 –Type ‘exit’ to leave the chroot environment and log out of the system

The SELinux relabeling process will take a fair bit of time to complete and the VM will automatically restart when the relabeling process is complete.

10 – Now you are ready to log into the VM using the new root password.

(Visited 51 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.