It's inevitable that something will go wrong with a Linux installation that needs to be fixed. The best way of doing this is booting into the emergency target, which still prompts for a password but doesn't mount the root filesystem. If the root password has to be retrieved then you need to do an administrator password reset.
- [Instructor] To boot up a system that is not functioning properly, we can use a systemd emergency target. In the emergency target, it doesn't try to mount the root file system. This would be the correct target if the root file system were having problems. Note that the emergency target still requires a password. To change temporarily into the emergency target, double click the centos7-ks VM in the virtual machine manager window, and click the console button on the toolbar. Now, click on the power button to start it up.
At the GRUB prompt, press any key to enter the GRUB menu. We could choose a different kernel entry here if we wanted to, using the up and down arrow keys. This gives us the ability to boot into an older kernel if an update didn't go well. Let's select the most recent kernel, which will be at the top. Then press the E key for edit. Go down to the line that includes vmlinuz, and then press the End key to go to the end of the line. Type in systemd.unit=emergency.
The line that includes vmlinuz is the kernel line, and the items after it are kernel parameters. We're adding the systemd.unit=emergency parameter. Press Control + X to continue booting. If it looks like the boot process froze, it's probably because you're using the graphical console. Go to the View menu, then Text Consoles, and Serial 1. Click on the window and hit Enter to get the prompt, and enter your root password. Now you're logged in as a root user, and can do maintenance.
When done, press Control + D to exit, and the system will continue booting. Notice that in emergency mode we still needed to enter the root password. If we need to do password recovery, we'll need to provide different options. Reboot your virtual machine again by going up to the power menu, and clicking on reboot. As soon as you can see the GRUB menu, press any key again to stop the countdown. Now highlight the menu entry of the most recent kernel, which is at the top, and press the E key again. Go down to the line that has vmlinuz in it, and press the End key to go to the end of the line.
Now type in rd.break, and press Control + X to boot up. Once the VM has booted, Linux mounts a root file system as read only on /sysroot. Let's remount this as read/write. Type in mount, -o, space, remount,rw, space, /sysroot and hit enter.
We need to change our root file system to /sysroot, which we'll do with the chroot command. Before we do that, let's type in pwd and ls to verify where we are, and list the contents. Type in pwd enter, and then ls, and enter. This shows that we're in slash, and we get a list of subdirectories here. Type in chroot, space, /sysroot, hit enter. Now type in pwd and ls. We're still in slash, but you notice that the contents are different. The reason is our slash, or top level directory, is now in /sysroot.
We can temporarily use another directory as slash using this method. Now we'll use a password command to reset the root user's password. Type in passwd and hit enter. Now enter a new password. The password command doesn't echo the characters on the screen, so it looked like nothing is happening. When done, you will get your prompt back. The last step is to have SELinux rewrite the security context of all files on the next reboot. To do this, we'll create a hidden file in slash. Type in touch, space, /.autorelable.
Make sure that you spell this right, or won't work, and you won't be able to log in as root. Now exit out of the chroot shell by typing exit. Now leave the password recovery mode by typing in exit again, and hit enter. Once your VM has booted, go to the power menu and reboot it. This is necessary, so SELinux will relabel the security context on all files in the system.
Once the system has booted up again, log in as root to make sure it worked. Previously, we've managed to temporarily boot into different targets by editing GRUB's kernel line. We've also been able to temporarily boot into different kernels by choosing them at the GRUB boot menu. If we wanted to make either of these boot choices persisted, we need to use different commands. To persistently boot with a different kernel, we can use the grub2-set-default command.
To change the default kernel to the second one in the list, we do grub2-set-default, space, one. Kernel numbering starts with zero, so the first kernel is zero, the second kernel is one, and so on. Now, if we reboot, it will boot up into the second kernel by default. Before we go any further, let's set it back to the most recent kernel, since we probably don't have more than one yet. Type in grub2-set-default, space, zero.
Notice I didn't have to type in sudu, it's because I'm still logged in as root from testing my password. Now to persistently boot into a different systemd target, we'll use the systemctl command. To get the default target, type in systemctl, space, get-default, and hit enter. We can see that as the graphical target. To change this to another target, we just supply the name to systemctl. We type in systemctl, space, set-default, space, multi-user, and would hit enter.
We can verify this by using systemclt get-default. Once again, before we move on to the next lesson, let's put it back.
Instructor Grant McWilliams covers network and internet services administration, kernel management, and intrusion prevention. He shows how to make your systems more efficient with virtualization, manage users and groups, and lock everything down with SELinux mandatory access control. Plus, get access to 25 PDF "cheat sheets" and 100 practice questions so you can solidify and test your knowledge.
- Installing Linux on a physical machine
- Managing systemd services
- Managing reoccurring jobs with cron
- Limiting system access
- Configuring networking
- Creating, editing, and moving files and directories
- Analyzing text with grep and regular expressions
- Installing software and packages
- Managing the kernel
- Managing users, accounts, and groups
- Setting permissions
- Using access control lists
- Securing Linux with SELinux
- Accessing Linux remotely
- Configuring local storage