Linux Solutions

Welcome to the tutorial guide. The tutorial will provide the user with advise and guidance on password security. It will also cover information on what to do if a user forgets the root password.
It is important to know that all the login names and passwords should always be kept secure. Please note some examples of poor passwords.

The word “password”
Your login name
Your first name or your last name
Date of your birth, National insurance number
Name of your company, department, workgroup,
Password written in the calendar on your desk or on MS Calendar or elsewhere where it is easily accessible
A password which you also use in an insecure public place
Any word which is in the English dictionary. The English dictionary does not contain as many words as it might seem.

Good password

A good password is relatively long (minimum 6 characters, some experts even recommend minimum 10 characters), contains a mixture of letters (upper and lower case, if possible), numbers and special characters, and is changed quite regularly.

In order to address password security issues, a system administrator should set the password policy which covers following points:
- minimum length,
- requirement of special characters,
- password expiry

All this can be set through the utility included in this configuration program:

linuxconf

In this way, users won’t be able to set a password which is too short, is a dictionary word, or does not contain the prescribed number of non-alphanumeric characters. This will therefore contribute towards high security and will lead to low or minimal risks to the password security. (

It is also a good idea to ensure that any file that contains any password of yours has proper, secure permissions so that it cannot be read by anybody.

If you are planning or using an over the phone Internet connection for just a couple of hours a week, you don’t have to worry about password security and will not a strong password, but please note that if you if you are planning to use a cable modem or are connected to the Internet for a significant amount of time, then you must consider security as a top most priority.

What happens if you have forgotten your root password
If you have forgotten your password, then you need to go through two methods as provided below:

- You can boot your Linux in the single-user mode. This will solve your forgotten root password problem. You can do so by typing:

linux single
This will make you “root” without asking for a password. Now, being root, you will be able to change the root password using this command:
passwd

- there is another way to solve the lost-root-password. In this method, you will have to boot your computer from the Linux boot diskette or the CD. Then your have to find your Linux root partition on the hard drive, mount it, and edit the file /etc/shadow. It is good to note that in the password file, you can erase the encrypted password for root. The information about a user account is kept in plain-text files: /etc/passwd and /etc/shadow.

The file /etc/passwd contains the “world-readable” information about all accounts on the computer. Please note that each line in this file contains information about one account. Each line has 7 colon-delimited fields (this means 8 entries separated by colons): login name, the letter “x”, the numerical user ID, the numerical primary group ID for the user, a comment field (for example, the full name of the user), the user’s $HOME directory, the name of the shell (meaning the program that is run at login).

The balance of information about accounts on the computer is stored in the file /etc/shadow. This file is more secure because normally only root can read it. In this file, each line describes shadow information about one account, and has 9 colon-delimited fields: login name, encrypted password, days since Feb 1 1998 that password was last changed, days before password may be changed, number of days after which the password must be changed, number of days before password expiration to warn the user, number of days after password expiry that account is disabled, number of days since Feb 1 1998 that account is disabled, and a reserved field.

Please note that some UNIX or Linux systems do not contain the file /etc/shadow and store the encrypted user password in the second field of each line of the file /etc/passwd.

Regarding the root account, it has no password, so you can reboot the computer and, at the login prompt, just type in “root” and for password just press ENTER. If the login is successful, you can set the password for root using following command:
passwd

Please note that despite deleting the password from /etc/shadow , the Debian distribution will not let you log in passwordless. If this is the case then it is recommended to replace the password in /etc/shadow with an encrypted password from another account, where you know the password. After that, you can login since you know the password.

E-mailing an encrypted password may be also a secure way to set up an account for somebody remote. After the encrypted password is received, you can insert it into the appropriate field in /etc/shadow. Now, the user can log in, since he/she knows the password, but nobody else can.

what happens if you have forgotten your user password
If a regular (non-root) user forgets his/her password, this is not a problem since root can change any password. An example for the root is:
passwd shafkat

This will prompt for a new password for the user “shafkat”, but if a regular user who is classified as a non-root wants to change his/her password, then s/he will be asked for the old password first.
I hope that the tutorial guide proved useful for you.