# 14.2 Resetting Passwords

When you have lost the password of your server of your own user and even root it becomes nececacry to change the password.

#### Gettting into single user mode
We can do this in single-user mode again, go into single user mode 

At the following screen use the cursus key to move up and down to stop the timer:
[![kernelselection.png](http://www.greateracademy.nl:8088/uploads/images/gallery/2020-08-Aug/scaled-840-0/kernelselection.png)](http://www.greateracademy.nl:8088/uploads/images/gallery/2020-08-Aug/kernelselection.png)

Go to the top kernel and press the ```e``` button.

Go to the line that begins with ```linux ($root)```

Go to the **end** of this line and add ```rd.break```

It should now look like this:
[![kernelrdbreak.png](http://www.greateracademy.nl:8088/uploads/images/gallery/2020-08-Aug/scaled-840-0/kernelrdbreak.png)](http://www.greateracademy.nl:8088/uploads/images/gallery/2020-08-Aug/kernelrdbreak.png)

Press ```ctrl-x``` to start the boot process with this kernel and thus into single user mode.

During boot the real root file system will be mounted under ```/sysroot``` but the mount is in read-only so we cannot change anything.

To change the ```/sysroot``` to read-write we must remount it:
```
mount -o remount,rw /sysroot
```

#### Reseting the password
Now that the machine is in single user mode and the ```/sysroot``` has been remounted into read-write, we can start the reset process.

What we need next is to change our root from the booting process to being the root of our main system in ```/sysroot```.

We can do this with the ```chroot``` command which suprisingly stands for **Ch**ange **root**:
```
chroot /sysroot
```

The prompt should slightly change.

Now it is like we are in an incomplete version of our normal root system and we can change the password as normal with the ```passwd``` command.
```bash
passwd root
```

Now that we made these password changes, the ```/etc/shadow``` file was changed with the new password. However, selinux is not running, so it is unaware of the changes to this file, meaning that SeLinux, when turned on, will deny us access to this file since it is unaware of it's new status and this will prevent us from logging in.

We need to relabel the ```/etc/shadows``` file. We can do this in a very simple way. SeLinux checks for the existence of the file ```.autorelabel```  during the boot procedures, if it finds this file it will trigger an automatic relabeling of the entire filesystem and then remove that file.

We can make this file with the touch command like this:
```bash
touch /.autorelabel
```
Type exit twice to continue booting your system as normal. The system will run an SELinux relabel (notice: this can take pretty long).<br>
When done, see if you can login as root with the new password.