RSS Feeds
fix
Recover a Lost Linux Password
Posted by Kevin Purdy at 12:00 AM on September 6, 2008
If your memory or mistyping leaves you without the right password to get into an account on a Linux computer, there's no need to reformat. Make Magazine's Hacks Blog gives a step-by-step account of the command line fix you can make by booting into "single user mode." The fix is written from an Ubuntu perspective, but applies to most any Linux system that boots with the GRUB manager. It's also a reminder that even a password-protected Linux box isn't truly protected from the curious, so consider encrypting your data or taking other measures. Photo by Carl Johan.
Comments (AU Comments · US Comments)
Prasad
Posted September 6, 2008 6:27 PM
"Recover" is not the appropriate word here, where I guess "reset" would fit in. The article in question describes a method to RESET the password, and not recover a lost or forgotten one.
Ben Zvan
Posted 1:15 AM 6/9/08
@qpease: This works in RedHat distros as well.
Of course, any admin worth their salt has added a password to grub and made this impossible to do...
Ben Zvan
Superhuman
Posted 1:11 AM 6/9/08
@qpease: This should work on most newer kernels. Afaik. Its a kernel feature, not a distro specific option.
Alternatively you could boot with a LiveCD, mount your partitions,swap space and proc, update the environment, chroot into your / partition, and change the password with the passwd command.
Editing the kernel boot line in grub is quickest and easiest. lol.
Superhuman
vicbelt
Posted 12:47 AM 6/9/08
This is like a god send! I had an old machine with Xubuntu but I had forgotten the pwd. Thanks!
PS I'll let yuo know if I succeed.
vicbelt
qpease
Posted 12:33 AM 6/9/08
I assume that this works with other Debian-based Linux distros. Correct me if I am wrong.
qpease
yotommy
Posted 2:04 AM 6/9/08
Seems like the title of this post is a little misleading. You don't /recover/ a lost password (meaning learn what the old password was), you /reset/ the password. This is clear in the linked article. This is a good thing, by the way, as having an unauthorized third party learn your password is more dangerous than having that same third party change your password.
yotommy
mrmuskrat
Posted 1:48 AM 6/9/08
@Superhuman: This has worked in all kernels since at least 1995 (first time I used it) and more than likely a few years before that.
mrmuskrat
rubbsdecvik
Posted 2:08 AM 6/9/08
This method only works if there is no password on your grub loader. Most installs don't require one, but if you want to add more security to your machine you can add a password to grub.
No machine is safe if physical access is given, but you can help minimize it with the following:
1) Change the boot up order in your bios to only boot from your hard drive
2) add a password to your bios so others can't change it.
3) add a password to grub
4) Encrypt your whole drive
5) Lock up the computer. If no one can get to it, they can't change it.
That said, even the things above can't be full proof. If someone wants to get into your data, they can. The trick is to make it too much work to be worth it.
rubbsdecvik
Kevin Purdy
Posted 4:59 AM 6/9/08
@yotommy: You are right. Bad headline, but I suppose you "recover" it if you re-type what you thought your password was in the first place ...
Kevin Purdy
Albaraha
Posted 5:16 AM 6/9/08
@Kevin Purdy: If you re-type what you thought your password was in the first place, then you don't need to enter to the single user mode. ;)
Albaraha
snikket
Posted 5:33 AM 6/9/08
Similar thing applies to anyone using XP home. F8 at boot up start xp in safe mode, go into user accounts and change any users account or PWD.
Does not work for pro though, it asks for admin PWD.
snikket
basementcat
Posted 4:38 PM 6/9/08
@rubbsdecvik: As they say... "the only truly secure computer is one buried in concrete, with the power turned off and the network cable cut." Those protections are bypassed when one opens up the computer and uses a jumper (or pulls off the battery) to reset the BIOS password, or just pulls out the hard drive and then they can take their time.
Physical access guarantees someone can get into your computer. You just need to make it as difficult as possible, so it's not worth it. Using some good encryption to hide your financial information is probably the most important part, though the other stuff prevents someone who doesn't know what they're doing from getting anything of value.
basementcat
randomset
Posted 4:32 AM 6/9/08
@qpease: works with linux and kernels and run levels, therefore, in theory, in every distribution.
@Ben Zvan: to bypass that, from a rescue disk replace grub or chroot into the "/" mount point and change the root password. Never tried, but might work.
randomset
distortedloop
Posted 12:24 AM 8/9/08
@snikket: And to Apple OS X as well. Anyone with a OS X boot CD can just boot from the CD, then use Password Reset Utility to change the password on any account, even Root.
You can protect against that by enabling the EFI Boot Firmware password, which prevents booting to CD or Single Mode without a password.
distortedloop
rubbsdecvik
Posted 5:30 AM 8/9/08
@basementcat: Thats why I said "That said, even the things above can't be full proof. If someone wants to get into your data, they can." in my post. I know there are ways around it.
There is always a way around security. The trick is to make it more trouble than it's worth.
rubbsdecvik
Hieronymus
Posted 5:44 AM 9/9/08
Also, many of today's distributions require a password even booting into single user mode. openSUSE is an example of this.
But if you can get into single user mode, this also works with BSD versions too.
Hieronymus