Booting into Different
Targets Manually

Boot systems into different targets manually

CIS126RH | RHEL System Administration 1
Mesa Community College

Not every administrative task can be performed on a fully running system. Resetting a forgotten root password, repairing a corrupted filesystem, or diagnosing a service that prevents normal boot all require entering a different system state. This module covers how to switch targets while the system is running, how to select a different target at boot time through the GRUB2 menu, and how to use emergency and rescue targets for recovery work. These skills are tested on the RHCSA exam.

Learning Objectives

Switch targets on a running system — Use systemctl isolate to move to a different target without rebooting
Change the default boot target — Use systemctl set-default to control which target the system enters on every future boot
Select a target at the GRUB2 boot menu — Interrupt the boot sequence, edit the kernel command line, and append a target specification to boot into rescue or emergency mode
Use rescue and emergency targets for recovery — Access a root shell in a minimal environment to repair the system and then return to normal operation

Switching Targets on a Running System

systemctl isolate transitions the running system to a different target immediately — stopping units that are not part of the new target and starting those that are required by it.

# Check the current active target
$ systemctl get-default
graphical.target

# Drop to text-only multi-user mode right now
$ sudo systemctl isolate multi-user.target
# The graphical display manager stops immediately

# Return to graphical mode
$ sudo systemctl isolate graphical.target

# Enter rescue mode — most services stop, root shell only
$ sudo systemctl isolate rescue.target

# List all active targets
$ systemctl list-units --type=target --state=active

isolate affects the running system immediately

systemctl isolate stops services right away — it does not wait for users to log out or for in-progress operations to complete. Use it during a maintenance window when the system is otherwise idle.

Setting the Default Boot Target

The default target controls which state the system enters on every boot. It is stored as a symlink at /etc/systemd/system/default.target.

# View the current default target
$ systemctl get-default
multi-user.target

# Set the default to graphical (adds display manager on boot)
$ sudo systemctl set-default graphical.target
Created symlink /etc/systemd/system/default.target →
    /usr/lib/systemd/system/graphical.target.

# Set the default to multi-user (text login, no GUI)
$ sudo systemctl set-default multi-user.target

# Inspect the symlink directly
$ ls -l /etc/systemd/system/default.target
lrwxrwxrwx ... default.target -> /usr/lib/systemd/system/multi-user.target

RHCSA Focus

Know systemctl get-default to read the current default and systemctl set-default TARGET to change it. The change takes effect on the next boot — it does not change the current running state.

systemd Targets Reference

Target	Old runlevel	Description	Can isolate to?
`poweroff.target`	0	Halt and power off	Yes — equivalent to poweroff
`rescue.target`	1	Single-user, root shell, most services stopped	Yes — maintenance mode
`multi-user.target`	3	Multi-user, networking, no GUI	Yes — standard server mode
`graphical.target`	5	Multi-user with display manager	Yes — workstation/desktop mode
`reboot.target`	6	Reboot the system	Yes — equivalent to reboot
`emergency.target`	—	Minimal environment, root filesystem read-only	Yes — deepest recovery mode

Targets that can be set as default

Only multi-user.target and graphical.target are appropriate as persistent default targets. The others (rescue, emergency, poweroff, reboot) are operational targets for specific tasks.

The GRUB2 Boot Menu

GRUB2 is the bootloader on RHEL 9. Its menu appears briefly during boot and allows you to select a kernel or modify boot parameters before the OS starts.

Appears for a few seconds on boot — time is set in /etc/default/grub
Press any key (or hold Shift on UEFI systems) to pause the countdown
Use the ↑ / ↓ arrow keys to select a kernel entry
Press e to edit the selected entry's boot parameters
Press Ctrl+X or F10 to boot with the edited parameters
Press Esc to discard edits and return to the menu

RHCSA Exam — GRUB2 access

In the exam virtual machine environment, you may need to reboot the system and press a key quickly to interrupt the GRUB2 countdown. Practice reaching the GRUB2 menu in your lab before exam day — the timing window can be very short.

Editing the Kernel Command Line

Pressing e at the GRUB2 menu opens an editor. Find the line beginning with linux — this is the kernel command line.

# Typical GRUB2 kernel line (line starting with 'linux')
linux ($root)/vmlinuz-5.14.0-362.el9.x86_64 \
    root=/dev/mapper/rhel-root \
    ro \
    crashkernel=auto \
    resume=/dev/mapper/rhel-swap \
    rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap \
    rhgb quiet

# To boot into rescue.target — add at the end of the linux line:
systemd.unit=rescue.target

# To boot into emergency.target — add at the end of the linux line:
systemd.unit=emergency.target

# To boot into multi-user.target — add at the end of the linux line:
systemd.unit=multi-user.target

GRUB2 editor keys

Use the arrow keys to navigate to the end of the linux line. Add a space and then the target parameter. Press Ctrl+X to boot. The change is temporary — it is not saved to the GRUB2 configuration.

Booting into rescue.target

rescue.target provides a root shell with most services stopped and the root filesystem mounted read-write. It is the first choice for maintenance that cannot be done on a fully running system.

What rescue.target provides

Root filesystem mounted read-write
Basic networking may be available
A root shell — requires the root password
Most system services are stopped

How to reach rescue.target

Reboot and pause at the GRUB2 menu
Press e to edit the default entry
Navigate to the end of the line beginning with linux
Add systemd.unit=rescue.target
Press Ctrl+X to boot
Enter the root password when prompted

rescue.target requires the root password

The rescue target prompts for the root account password before granting a shell. If the root password is unknown, use emergency.target or the rd.break method instead.

Booting into emergency.target

emergency.target provides the most minimal possible environment — the root filesystem is mounted read-only and almost nothing else runs. Use it when rescue.target itself fails to boot.

What emergency.target provides

Root filesystem mounted read-only — must be remounted to make changes
No networking
A root shell — requires the root password
Virtually no services running

Remounting root read-write in emergency mode

# After booting into emergency target — remount root read-write
$ mount -o remount,rw /

# Now you can edit files
$ vim /etc/fstab   # fix a broken fstab entry for example

# Reboot to return to normal operation
$ systemctl reboot

The rd.break Method

rd.break interrupts the boot process inside the initramfs, before the real root filesystem is mounted. This provides a shell without requiring the root password — essential for root password recovery.

How rd.break works

The initramfs provides a shell before systemd loads the actual OS
The real root filesystem is mounted at /sysroot as read-only
You must remount it read-write, chroot into it, and then reset the password
SELinux labels must be updated — a file must be created to trigger relabelling on next boot

To reach rd.break

Pause at GRUB2 menu and press e
On the linux line, remove rhgb quiet and add rd.break
Press Ctrl+X to boot

Root Password Reset — Most Tested Recovery Task

The RHCSA exam frequently requires resetting the root password using rd.break. Know the exact sequence of commands after reaching the rd.break shell. The next three slides cover each step in detail.

Root Password Reset: Step by Step

After reaching the rd.break shell, execute these commands in order.

# Step 1: Remount /sysroot read-write
switch_root:/# mount -o remount,rw /sysroot

# Step 2: chroot into /sysroot to make it the working root
switch_root:/# chroot /sysroot

# Step 3: Reset the root password
sh-5.1# passwd root
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

# Step 4: Tell SELinux to relabel on next boot (CRITICAL)
sh-5.1# touch /.autorelabel

# Step 5: Exit the chroot and resume boot
sh-5.1# exit
switch_root:/# exit

Why the SELinux Relabel Step Matters

The /.autorelabel file triggers a full filesystem relabelling by SELinux on the next boot. Skipping it is the single most common reason the root password reset appears to succeed but then fails at login.

When passwd runs inside the initramfs chroot, it modifies /etc/shadow without setting the correct SELinux file context
On the next boot, SELinux enforces file context rules
If /etc/shadow has the wrong context, SELinux blocks access to it — login fails even though the password was set correctly
Creating /.autorelabel tells SELinux to reset all file contexts on the next boot, correcting the shadow file context

The relabel boot takes extra time

When /.autorelabel exists, the next boot relabels every file on every filesystem — this can take several minutes on a system with many files. This is normal. Do not interrupt it.

Alternative: Restore Only the Shadow File Context

If you want to avoid the slow full relabelling, restore only the SELinux context of /etc/shadow before exiting the chroot.

# Inside the chroot (after passwd) — restore shadow file context
sh-5.1# restorecon -v /etc/shadow
Relabeled /etc/shadow from system_u:object_r:unlabeled_t:s0
to system_u:object_r:shadow_t:s0

# This replaces the /.autorelabel step for this specific repair

# Full procedure with restorecon instead of autorelabel:
# 1. mount -o remount,rw /sysroot
# 2. chroot /sysroot
# 3. passwd root
# 4. restorecon -v /etc/shadow    <-- instead of touch /.autorelabel
# 5. exit
# 6. exit

Which method to use on the exam

Both methods work. touch /.autorelabel is simpler to remember. restorecon /etc/shadow is faster because it avoids relabelling the entire filesystem. Either is acceptable on the RHCSA exam.

Returning to Normal Operation

After performing recovery work in rescue, emergency, or rd.break mode, return to the normal running state.

From rescue or emergency target (reached via GRUB2 edit)

# Reboot — system returns to the default target
$ systemctl reboot

# Or exit the rescue shell to continue the normal boot sequence
$ exit
# systemd continues starting the remaining units

From rescue target (reached via systemctl isolate on a running system)

# Return to normal multi-user mode
$ systemctl isolate multi-user.target

# Or return to graphical mode
$ systemctl isolate graphical.target

# Or use systemctl default to activate the configured default target
$ systemctl default

systemctl default

systemctl default activates whatever target is set as the default — a convenient way to return to normal operation without knowing the target name.

Comparing Entry Methods

Method	Password required?	Root filesystem	Best for
`systemctl isolate rescue.target`	No (already authenticated)	Read-write	Maintenance on a running system where you are already logged in
`systemd.unit=rescue.target` at GRUB2	Yes — root password	Read-write	System that won't complete normal boot; root password is known
`systemd.unit=emergency.target` at GRUB2	Yes — root password	Read-only — must remount	Recovery when rescue.target itself fails to boot
`rd.break` at GRUB2	No — shell in initramfs	Read-only at `/sysroot` — must remount and chroot	Root password unknown; complete system repair

Common Mistakes

Mistake	What goes wrong	Correct approach
Confusing `set-default` with `isolate`	`set-default` only affects future boots; does not change the running state	Use `isolate` to change the running system; `set-default` for future boots
Skipping `/.autorelabel` or `restorecon` after password reset	Password is set but SELinux blocks login — root still cannot log in	Always run `touch /.autorelabel` or `restorecon /etc/shadow` before exiting
Forgetting to `mount -o remount,rw /sysroot` before chroot	Files inside /sysroot are read-only — passwd and other changes fail	Remount read-write before chrooting: `mount -o remount,rw /sysroot`
Exiting only once after the chroot in rd.break	Returns to the chroot environment, not the initramfs — boot does not resume	Two exits are required: one to leave the chroot, one to leave the initramfs shell
Editing GRUB2 configuration files directly	Changes to `/boot/grub2/grub.cfg` are overwritten by `grub2-mkconfig`	Edit `/etc/default/grub` and regenerate with `grub2-mkconfig`
Missing the GRUB2 menu timeout	System boots normally — no chance to edit the kernel line	Reboot and immediately press a key; practice the timing in your lab

Knowledge Check

Answer these before moving to the next slide.

What is the difference between systemctl set-default multi-user.target and systemctl isolate multi-user.target?
You need to enter rescue mode at boot time. What do you add to the kernel command line in the GRUB2 editor?
You boot into rd.break mode to reset the root password. List the commands you run in order after reaching the initramfs shell.
Why is the touch /.autorelabel step required during a root password reset?
After entering emergency mode, you need to edit /etc/fstab. What must you do before running the editor?
How do you return to normal operation after performing repairs in rescue mode that was entered by editing the GRUB2 kernel command line?

Knowledge Check — Answers

set-default changes the default target for all future boots by updating the /etc/systemd/system/default.target symlink. isolate transitions the currently running system to the specified target immediately — it does not affect future boots.
Append systemd.unit=rescue.target to the end of the line beginning with linux in the GRUB2 editor. Press Ctrl+X to boot.
1. mount -o remount,rw /sysroot
2. chroot /sysroot
3. passwd root
4. touch /.autorelabel (or restorecon /etc/shadow)
5. exit (leave chroot)
6. exit (leave initramfs shell, resume boot)
The passwd command inside the initramfs chroot modifies /etc/shadow without setting the correct SELinux file context. Without /.autorelabel, SELinux enforces the wrong context on /etc/shadow at the next boot, blocking login even though the password itself was changed correctly.
Run mount -o remount,rw / to remount the root filesystem read-write. Emergency mode mounts it read-only, so files cannot be edited until the remount.
Run systemctl reboot to reboot cleanly. The system will boot using its default target (the GRUB2 edit was one-time only and did not change the default target).

Key Takeaways

Two ways to change targets: isolate (now) or set-default (next boot). systemctl isolate TARGET changes the running system immediately. systemctl set-default TARGET changes the default for future boots. Verify with systemctl get-default.
Reach non-default targets at boot by editing the GRUB2 kernel line. Press e at the GRUB2 menu, navigate to the linux line, and append systemd.unit=rescue.target or systemd.unit=emergency.target. The change is one-time only.
Use rd.break to reset the root password when the root password is unknown. Add rd.break to the GRUB2 kernel line. Then: remount, chroot, passwd, touch /.autorelabel, exit, exit. Two exits are required.
The SELinux relabel step is mandatory after a root password reset. touch /.autorelabel (full relabel) or restorecon /etc/shadow (targeted). Skipping this step means the reset password will not work at login.

Graded Lab

Run systemctl get-default to record the current default target. Use systemctl set-default multi-user.target to change it, then confirm with get-default. Restore the original default when done.
If your lab system is running graphical.target, use sudo systemctl isolate multi-user.target to switch to text mode. Confirm the switch, then isolate back to graphical mode.
Reboot the lab system and pause at the GRUB2 menu. Press e to enter the editor and locate the linux line. Add systemd.unit=rescue.target to the end, then boot. Confirm you receive a rescue shell, then exit to resume normal boot.
Reboot again and use the rd.break method to enter the initramfs shell. Work through the complete root password reset procedure, including the touch /.autorelabel step. Reboot and confirm you can log in with the new root password.

RHCSA Objective

"Boot systems into different targets manually." The GRUB2 kernel line edit and the rd.break root password reset are the two most heavily tested skills in this objective. Practice them repeatedly in your lab environment before exam day.

Next: Interrupt the boot process in order to gain access to a system