What is the difference between using 'init' and 'rd.break' for reseting the root password?

Question

I know several ways to reset root user's password, but want to know which is the best and why it is. For example:

A method:

Grub > e
init=/bin/sh (Remove rhgb and quiet tags if necessary) > Ctrl+x
/usr/sbin/load_policy -i
mount -o remount,rw /
passwd root or passwd
mount -o remount,ro /

B method:

Grub > e
rd.break > Ctrl+x
mount -o remount,rw /sysroot/
chroot /sysroot/
passwd root or passwd
touch /.autorelabel

Which is the best? Why is it best? I'm preparing for RHCSA (Red Hat Certified System Admin) exam. I need to know the relative merits of each approach. Is one of them more portable? Safer? Is there a reason to choose one over the other?

score 6 · Accepted Answer · edited Oct 17 '20 at 13:48

6

I think the best way is as is shown in Red Hat documentation.
This is your second method. For GRUB2/RHEL7 single/emergency mode should not work since it will use sulogin to authenticate you before presenting the command prompt.

So lets mark off different methods.

For RHEL5, RHEL6, append 1, s or init=/bin/bash to kernel cmdline
For RHEL7, RHEL8, CentOS7, CentOS8, append rd.break or init=/bin/bash to kernel cmdline

It appears that the second method is not available on RHEL5 and RHEL6. But for RHEL7 I will prefer the first because adding init=/bin/bash is a bit tricky when single mode is password protected and may be appending rd.break is a way to standardize it.

edited Oct 17 '20 at 13:48

αғsнιη

41,407

answered Mar 21 '15 at 14:24

taliezin

9,275

Thanks for your answer, @taliezin. Both work for me. First method is also shown in documentation: http://red.ht/1vHVatu. – rzaaeeff Mar 21 '15 at 14:30
@taliezin what is the full meaning of rd in rd.break? – Learner Apr 15 '16 at 06:06
1

@SIslam, rd.break - drop to a shell at the end. More info you can find here. – taliezin Apr 15 '16 at 09:45
What does chroot /sysroot/ do? – Snowcrash Feb 05 '17 at 13:13
@SnowCrash, as rd.break asks for a break at an early stage of the boot process then after mounting as read/write you have to chroot to it, more info for chroot you can read here – taliezin Feb 05 '17 at 23:03
Documentation link is now 404 unfortunately :/ – Noah May Jul 28 '21 at 04:38

score 4 · Answer 2 · answered Nov 02 '17 at 03:39

The ‘rd’ part of ‘rd.break’ refers to ramdisk— the initial ramdisk (initrd) environment.

The second method (using rd.break) is preferable for RHEL7. Some systems (with a USB keyboard or a VM) don’t actually seem to set the password when you reboot. Possibly it’s only setting the password for /etc/shadow inside the ramdisk, and not the one you were expecting.

What that has to do with a USB keyboard I don’t know, but that’s what the knowledge base arrival says, and what my experience to date has been. I rather suspect this has more to do with whether your root filesystem is on LVM (hint: dracut)

What is the difference between using 'init' and 'rd.break' for reseting the root password?

2 Answers2

Linked