Reset Root Password - RHCSA v9 Review
Вставка
- Опубліковано 5 вер 2024
- RHCSA on RHEL 9 Series:
How to reset the root password to gain access to a RHEL 9 system.
#passwd #rhcsa #linux
Clarifications:
I produce “educational-style” videos to help me practice public speaking and tricky concepts. If these videos are helpful to you, that is fantastic, but please be aware of the original intent.
My videos will NOT give you an unfair advantage on any exam. The information in my videos is sourced from publicly available documentation and my own experience OUTSIDE of any exams I have taken. That information is also provided "as is" and is not guaranteed to be free from error.
Your viewership is greatly appreciated. Thank you!
A true man of the people. I retook the RHCSA and passed. Thanks alot. I just started following the RHCE series. Keep up the excellent work. Much blessings.
Great job!
I also didnt knew this was using rd.break and couldn't enter in
Yo, just want to be another person to say that I passed RHCSA thanks to your videos! They have been extremely helpful, insightful, and intuitive. Also really liked your approach where you would show us the relevant part of the man-pages while teaching, so that we can review it again during exam, rather than relying on rote memorization. Once again, thank you, and cheers!
Congrats! I'm also finishing watching the series.
I've also used Sander van Vugt's materials along the journey.
Could you share any additional marathon resources you practiced with to get specifically prepared for the exam?
@@samuelalbershtein3122 Hmm it wasn't anything special. I simply watched a lot of RHCSA practice playlist like this one (which you can simply do a youtube search on) and read the relevant man-pages a lot (so that I'd know what to search when I forgot the command syntax). That, and also putting together a logbook that summarizes what I've learned daily (mostly just relevant command syntax, screenshots from practice videos, and some personal comment)
Good luck on your preparation! Hope you can pass like I did!
@@airev8158 Thanks!
Took exam April 1st 2024, failed because of this. I can confirm this is the new method and rd.break does not work form exam.
Same bro, locked me out of what seemed to be 1/3 of the exam, which would've made the passing difference :/ But this time, I will be prepared #ThankGodForRetakes
i usually use the rd.break like the book, and it took time to boot, this one is a lot faster and well explained !
I just want say thank you for this video, Today I passed the exam and this video was very helpful to me.
I passed the exam today.
Thank's beanologi, you are the best.
RHCSA coming up in a few days for me - these videos have been an absolute gem. Thank You!
Wishing you the best for your rhcsa!
Thank you for showing this faster method and explaining the commands.
I retook my RHCSA 9 and passed after watching this video on how to reset the root password.
Thanks!!!🎉
Are u unable to crack root password on ur 1st attempt? I'm curious to know what happens when we fail
Just passed RHCSA. Loved watching your series as part of my preparations! Wish you all the best and I will keep an eye on the future videos for sure :)
Awesome! Thank you!
what materials did you use to study?
Hey@@nlvon
I mostly used the RHCSA course on KodeKloud. I set up a RHEL VM to practice and read through --help & man pages a lot. I also did a short course on Bash scripting as I was not familiar with that all that much (LearnLinuxTV, it's free) and a lot of regex/grep/egrep/sed practice.
Beanology's videos provided a nice summary and deep-dive on some of the topics. Good luck! It's a cool cert to get :)
Contratulations Marek! Can you share some tips for the exam?
Your videos have been VERY helpful. They are really well done. Thank you!
I am using AlmaLinux 9.3. I followed the steps but had SELinux permission issues after booting into the normal system. I could not really do anything as root without permission denied errors. I rebooted again with 'init=/bin/bash'. Then I did 'touch /.autorelabel' and it fixed the issue. It did not take my system very long to relabel, but it is a fairly bare-bones system with no GUI, etc.
Thank you for sharing your experience, I really value it! When I get back to making more content I will try to present backup methods for cases when certain shortcuts like the one shown don’t work as planned. Looking back now, compared to when the video was published, I didn’t expect such a wide spectrum between the method succeeding and failing for others since it worked in my testing. However, it was a valuable learning for me to be more careful when demonstrating things that even slightly deviate from product documentation. Again, your kind words were appreciated! Have a great day
Thank you for your generosity in sharing your valuable knowledge.
Hi....The rd.break issue still seems to be there and i could not complete the questions on node2. I raised a ticket on this issue cis i think its not fare to loose the chance to pass the examm in the first attempt itself. Thank you so much for uploading the video and your explanation is awesome. Let me know if you are providing training on RH.
Excellent explanation. Subscribed!
change context compared to restorecon is not a recipe for persistence after you boot up. Which is transient or only work during durring runtime.
Hi there, what you brought up is an excellent point. Usually restorecon is the preferred method to make labels on files align with the SELinux policy and ensures that you are properly maintaining the SELinux policy settings. However, I want to clarify that in this case, we are using the chcon command to change the file context of shadow to the exact context label that it is supposed to be and what the SELinux policy already recognizes it should be. It will persist just fine and survive a file system relabeling because it matches what the relabeling would apply anyways. What chcon does to files is not inherently transient, it just sets file system metadata and that metadata won’t go anywhere until it is explicitly changed with another file system relabeling or something similar (and that label change will only occur if there is a real discrepancy between the policy and the context label). Relabeling the file system is a common maintenance task to catch mislabeled files that do not align with the policy specs. What was done on the shadow file in Thai video does align with the policy so it’s all good 👍 . It is true that chcon makes it easier to set inappropriate labels on files when used improperly though. I appreciate your comment and hope this clarifies things. Take care!
Your vid is so informative and thanks a lot for that!
I want to ask you 2 questions if you don't mind.
1. I tried init=/bin/sh insted of init=/bin/bash, and it simply didn't work. Many features weren't loaded, pid was not 1, etc. Is that because /bin/sh loaded too early?
2. After followed your instructions entirely, it worked like a charm. But while `su root` was working `sudo su -` didn't work. Is this sudo related problem?
I really like your way of teaching. Please keep going!
Hi. First off, in my experience, sh and bash should work very similar as the sh binary is often just a symbolic link to bash. I’ve seen an occasional issue from my testing where the early boot doesn’t load very consistently and I get a different behavior than usual but that’s just the consequence of interrupting the boot process and the fact that the boot process parallelizes its jobs.
In the second case you described, I’m not sure what you meant by it “didn’t work”. I guess it could be a sudo related issue since you said ‘su root’ still works. You can isolate the problem further by doing ‘su - root’ without sudo to confirm that the root login shell works correctly as the dash uses login shell. I’m glad you enjoyed the video, thank you for your kind comment.
Hey! Thank you for this. The video was crystal clear to me and I loved the process.
Now, I got a question.
I have been practicing the root password reset with the rd.break and then the remount,rw for the /sysroot and post setting the password for root, making the .autorelabel file.
Do you recommend I do the above process for init=/bin/bash or stick to rd.break > touch /.autorelabel ?
My exam is scheduled for RHCSA v9 ; Awaiting your reply. Once again awesome stuff as always :)
Hi, I think it’s best to understand both methods so you are always prepared no matter what release of RHEL 9 they give you on the exam. Understanding how rdbreak and pivoting with chroot from the initramfs teaches valuable information about how the system boots so it’s always nice to be aware of it.
On very early versions of RHEL 9.0, the rd.break way is likely to ask for the root password in order to proceed and you might have to try your hand at the rescue kernel to see if it allows you through if you want to use rdbreak on those early versions. The method I demo in the vid will work on all early and recent versions of RHEL 9 which is why I decided to focus on that one in particular.
Thanks for asking
Thank you ☺️
Hey man, thx for the helpful content ♥
Do you happen to know if the current RHCSA exam is running on RHEL 9.0 or 9.3?
I'm asking because I've managed to recover root password on RHEL 9.3 both with good old rd.break, and with the method you showed in this video.
RHEL 9.4 is already around the corner to be released in May and 9.0 is going to be 2 years old. It’s certainly possible they have moved on to a newer minor release.
@@beanologi I took the exam yesterday. They are still using RHEL 9.0 and I can confirm rd.break does not work.
Yup, this is why I failed! This is poorly documented!
I even checked the product documentation they provided and lo and behold, it only mentioned *rd.break*
I kept trying it over 10 times, and then gave up when it kept prompting me to enter the root password in maintenance mode.
*UPDATE:* I just retook it today, and Thank you @beanologi I passed!
@@rehmanarshad1848 I have my exam on tuesday, any videos you can recommend or anything you can speak about on the exam?
IMHO, the "systemd.debug_shell" kernel parameter is better, you end up with a root debug shell on tty9 and SELinux is still on, so you don't have to change the /etc/shadow context after changing the root password.
Very well done !
Your videos are the best, does your playlist cover every single objective on the exam?
Thanks! At this time the RHCSA playlist does not cover every objective. Most of the big ones are there but it is still missing topics such as LVM, tuned, NTP, and Sudo configuration. They are just future video ideas for right now. Again, your feedback is greatly welcomed! 😊👍
@@beanologi Well I won't be too greedy now, your videos have been a good source of study material, I plan to take my RHCSA, do you know of any other good sources that I could use?
@@danielngo9516 For each objective you find on Red Hat's website, look for the corresponding Red Hat documentation pages for those specific things. That is how I reviewed before I took my RHCSA and is also a good way to get Red Hat's perspective on product expertise. I also gathered background knowledge using books about the RHCSA from various publishers. What helped the most though was to experiment and try to break things or find tricky pain points when using the software hands-on. I try to simulate that trial-and-error process in my videos but nothing beats practicing individually. Best of luck with your planned RHCSA!
please share the exact command so we can do practice now
2:58 What does 'restart signal' mean, is it performed by CTRL + C?
That part was referring to the ctrl+alt+delete key sequence which typically triggers a restart on many Linux text-console environments when performed on the physical keyboard. There are also ACPI hardware events that can also tell the OS to reboot and those are often easily exposed in virtual machine tooling to send a power state message to VM to politely power off or reboot it. You would use these means of initiating reboots when you can’t log in and run a command like `reboot` in cases where you don’t know the user password. Hope that helps answer your question.
@@beanologi Thanks!
Good video
Question, I used this in the exam and it pretty much worked, But i Didn't restart my vm after this process. after a not pass result I contact Redhat to get feedback, they told me that one of my Vms didn't start (node2). is it because I didn't restart my Vm or has it to do with something else?
Hi, it is unfortunate you got that result. To your question, if the node that didn’t start was the one you needed to reset the password on, then the two could be correlated, but it isn’t the most likely thing given that the shown method either works fine or fails in a very apparent way (like not being able to login to root). Since we are talking about a no boot situation, it is possible there could be a part of the early startup (like the mounting remote file systems objective) that may have stalled the machine from bringing itself up as well. In general, during Red Hat exams, it is highly recommended to restart your machines every now and then to validate your work. I hope that helps. Wishing you the best!
@@beanologi Thanks for all the videos and you responds ofcourse.
Hello there,
How do you reset ROOT password when GRUB_TIMEOUT=0? I mean, boot-menu does not stay long enough to press “e” or make a selection?
Hi. Depending on how grub is configured, continuously pressing the F8 key or shift key as the bootloader loads itself could be one way to interrupt it. However, in situations where the bootloader has any interactive features disabled, your next option would likely be to boot the machine with an external recovery media to gain access to the system files and reset the root password. The RHCSA is looking to see if you can work with a standard RHEL environment which doesn’t have any extreme measures taken to prevent you from interrupting the bootloader.
@@beanologiOk. So, in RHCSA we will have access to boot-menu right? GRUB_TIMEOUT will not be 0?
At least in the RH134 Labs machines, GRUB_TIMEOUT is changed when you start the lab to practise root password reset.
What you are taught in the Red Hat courses is going to be sufficient to function on the Red Hat exam. The RH134 lab script is just trying to give you a fair shot to reset the password by increasing the timeout for your practice and the exam itself is also a fair testing environment so I think you are good 👍.
press up and down arrows
When i did init=/bin/bash like shown in this video i got the message to enter password for root to enter maintenance mode so i can't reset the root password
Hi, that is unfortunate but thanks for bringing this up. I tried to recreate the issue you described and I was only able to make the "enter root password" message appear when adding "rd.break" somewhere in the boot parameters. The "init=/bin/bash" parameter alone is all that is required to match the process in the video. It has been tested on RHEL 9.0 to the current version 9.2 and AlmaLinux. If you are still facing trouble, try the rescue kernel with the same steps. Here is some Fedora documentation which shows a similar method to the video and might provide additional clarity: docs.fedoraproject.org/en-US/quick-docs/reset-root-password/
Wishing the best to resolving that problem!
Oh one more tip, if the path to the "init" command is invalid, the dracut initramfs scripts will also take over and show the emergency mode/maintenance mode prompt as well!
Iam asking if rd.break works on exam servers ex-200 ?
If you are using RHEL 9.1 or 9.2, rd.break works as expected (same behavior as RHEL 8). Early versions of RHEL 9.0 differ slightly and it is beneficial to use another method to interrupt the boot process.