Issue 790 - need to set selinux to permissive for autorelabel to work #801
1 changed files with 16 additions and 19 deletions
|
|
@ -1,7 +1,9 @@
|
|||
:experimental:
|
||||
|
||||
= How to Reset the root Password
|
||||
The Fedora docs team
|
||||
:revnumber: F36
|
||||
:revdate: 2022-01-10
|
||||
:revnumber: F41
|
||||
:revdate: 2025-02-11
|
||||
:category: Administration
|
||||
:tags: Password
|
||||
|
||||
|
|
@ -27,7 +29,7 @@ While booting the system, the xref:grub2-bootloader.adoc[GRUB2] menu will be dis
|
|||
|
||||
. Select the boot entry you wish to edit with the arrow keys.
|
||||
|
||||
. Select the entry you wish to edit by pressing *e*.
|
||||
. Select the entry you wish to edit by pressing kbd:[e].
|
||||
|
||||
. Use the arrow keys to go to select the line beginning with `linux`, `linux16`, or `linuxefi`.
|
||||
|
||||
|
|
@ -35,10 +37,10 @@ While booting the system, the xref:grub2-bootloader.adoc[GRUB2] menu will be dis
|
|||
+
|
||||
[NOTE]
|
||||
====
|
||||
If your disk is encrypted, you may need to add `plymouth.enable=0`[NOTE]
|
||||
If your disk is encrypted, you may need to add `plymouth.enable=0`
|
||||
====
|
||||
|
||||
. Press *Ctrl-x* or *F10* to boot the entry
|
||||
. Press kbd:[Ctrl+X] or kbd:[F10] to boot the entry
|
||||
|
||||
. Run the command:
|
||||
+
|
||||
|
|
@ -48,19 +50,12 @@ passwd
|
|||
----
|
||||
+
|
||||
You will be prompted to enter the new root password twice.
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
You can also reset a non-root user password using the same command if you specify `passwd <username>`.
|
||||
====
|
||||
|
||||
. Restore the SELinux context and permissions with:
|
||||
+
|
||||
[source,bash]
|
||||
----
|
||||
touch /.autorelabel
|
||||
----
|
||||
+
|
||||
[WARNING]
|
||||
====
|
||||
If you do not restore the SELinux permissions, the boot process may fail.
|
||||
You may have to do a hard-reboot and start back at step 1.
|
||||
====
|
||||
|
||||
. Reboot the machine with:
|
||||
+
|
||||
|
|
@ -69,12 +64,14 @@ You may have to do a hard-reboot and start back at step 1.
|
|||
/sbin/reboot -f
|
||||
----
|
||||
|
||||
. As the boot (GRUB) menu appears (same as the first step), again select the boot entry you want to use, press *e*, and add the `enforcing=0` option to the end of the command line. This will temporarily set SELinux in permissive mode, which will allow the relabeling process to proceed. Then, boot the modified entry.
|
||||
. As the boot (GRUB) menu appears (same as the first step), again select the boot entry you want to use, press kbd:[e], and add the `autorelabel=1` option to the end of the command line. This will temporarily set SELinux in _permissive_ mode (instead of the standard enforcing mode), which will allow the relabeling process to proceed, as well as trigger the relabeling process.
|
||||
+
|
||||
Then, boot the modified entry with kbd:[Ctrl+X] or kbd:[F10].
|
||||
|
||||
The system may take a moment to boot while SELinux relabels its permissions on the filesystem.
|
||||
If you see the Plymouth boot screen you can press the `ESC` key on your keyboard to view the SELinux progress.
|
||||
|
||||
Once it is complete, your system is ready and your root password has been successfully changed. Upon next reboot, the `.autorelabel` file will be gone and SELinux will be set to previous behavior.
|
||||
Once it is complete, your system is ready and your password has been successfully changed.
|
||||
|
||||
For more information about SELinux states and modes, see xref:selinux-changing-states-and-modes.adoc[Changing SELinux States and Modes].
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue