Linux Password reset guide in case if you lost access to machine. Good for RHCSA Exam

Correct method to reset Password with/without SELinux

1. Mash F8 command while booting up the machine, to open “grum menu”;
2. In the Grub, press “e” to edit the boot entry options;
3. At the end of the “linux” line, add init=/bin/bash;
   1. 
4. mount -o remount,rw / - remounts system directory to rw;
5. /sbin/getenforce - Because our $PATH variable is not loaded, we must check SELinux status by providing absolute path to the binary.
6. ls -Z /etc/shadow - Print SELinux parameters for shadow file (note it down);
7. passwd root - change password;
8. After password change you can see /etc/shadow with ls -Z /etc/shadow and it will have ? mark where policies should be. System won’t boot if SELinux is enabled
9. chcon system_u:object_r:shadow_t:s0 /etc/shadow - restore policies for the file
10. exec /sbin/init - will replace current bash process with PID 1 with the actual systemd init process, which will boot system normally without the need of reboot

Password reset can be also achieved with rd.break parameter in the boot entry options, but in some RHEL versions it was not a working solution.

Additionally restoring SELinux policies with .autorelabel is possible, but it will need two reboots:

• One for systemd init to see this .autorelabel
• Second to start whole system relabeling process for only one important file