Chroot

From DikapediaV2
Jump to: navigation, search
  • Very important to bind /dev since the passwd command makes use of /dev/random which needs to actually exist

Robert's way (This example shows how to change a password while chrooted):

(all sudo)  

mount /dev/xvdf1 /mnt
mount -o bind /proc /mnt/proc
mount -o bind /sys /mnt/sys
mount -o bind /dev /mnt/dev
mount -o bind /run /mnt/run  #This one was recommended but I didn't end up using it

chroot /mnt

passwd [username]
exit

umount /mnt/{dev,sys,proc}
umount /mnt


Other way:

$ mount /dev/xvdf1 /mnt
$ for i in dev proc sys run; do mount -o bind /$i /mnt/$i; done
$ chroot /mnt
$ for i in dev proc sys run; do sudo umount /mnt/$i; done


Neshons way:

$ cd /tmp/rescueroot
$ sudo mount -t proc /proc proc/
$ sudo mount --rbind /sys sys/
$ sudo mount --rbind /dev dev/
$ sudo mount --rbind /run run/
$ sudo chroot /tmp/rescueroot  #This one was recommended but I didn't end up using it


Resetting Root Password


You will have to reset the password manually by interrupting grub by using the kernel parameter rd.break.

1. Boot the system and interrupt the booting process when you're at the GRUB menu by pressing 'e'.
2. Add the kernel parameter rd.break to the Linux kernel line.
3. Press 'ctrl+x' to boot.
4. You will enter the emergency mode prompt (or preboot screen, per Joe) to authenticate to unlock the drive.
5. Then run the following commands:

# mount -o remount,rw /sysroot
# chroot /sysroot
# passwd 
# touch /.autorelabel
# exit
# logout

6. A couple of minutes and once done, the system will reboot upon which you can log in as the root user with the new password.

Notes:

  • The rd.break parameter interrupts the boot process before the control is passed over to the kernel. At this point, when you run the passwd command to do the password reset, the associated shadow file (/etc/shadow) is modified with an incorrect SELinux context. The touch /.autorelabel command creates a hidden file named .autorelabel under the root directory. On the next boot, the SELinux subsystem will detect this file, and then relabel all of the files on that system with the correct SELinux contexts. On large disks, this process can take a good amount of time.

Reference:
[+] https://www.tecmint.com/reset-forgotten-root-password-in-rhel-8/
[+] https://learn.redhat.com/t5/Platform-Linux/Unable-to-reset-the-root-password-when-disabling-SELinux/td-p/21082
[+] https://unix.stackexchange.com/questions/509798/what-does-touch-autorelabel-do-when-we-reset-the-root-password-in-red-hat-en/509801#509801