chroot password reset explanation

You're talking about the procedure to reset a lost root password. This is needed only when the root password is lost and there is no sudo root access or similar available.

At boot, the bootloader (usually GRUB) loads 2 files: the kernel and the initramfs (also known as initrd) file. The initramfs file contains a minimal filesystem that includes any tools and kernel modules required to activate the real root filesystem, its disk controller(s) and other features necessary to activate it (e.g. any combination of: LVM, disk encryption, multipathing and/or software RAID).

The rd.break boot option tells the boot sequence to stop while the system is still using initramfs, but the real root filesystem is already mounted at /sysroot. Normally the next step would be a pivot_root operation to switch /sysroot into a real root filesystem, start executing stuff from there and then remove the initramfs from memory.

By stopping within the initramfs we gain access to the emergency shell. But the initramfs has a very limited number of commands available, and editing the initramfs's /etc/passwd file would achieve nothing as the entire initramfs gets replaced by the real root filesystem anyway.

The root filesystem is initially mounted in read-only mode in order to allow filesystem checking. The first step is to remount it read-write, to allow the password change to stick.

The chroot /sysroot command means: "start a new shell in such a way that for that shell the /sysroot directory will appear as /." Within that chrooted shell, /etc/passwd and /etc/shadow will refer to the real password files in the real root filesystem, and /bin/passwd will be the same command you'll use when the system is running normally. Since this chrooted shell was started from the emergency shell, you already have full root access, and you can use the passwd command to set a new password for anyone without being asked for the old one first - including setting a new root password.

Once the procedure is complete, the first exit command will exit the chrooted shell and return you to the initial emergency shell, which still sees the real root filesystem as /sysroot. The second exitcommand will return control to the boot scripts, which usually trigger a reboot whenever emergency shell has been used.