ot-reset-pw tool

You have to read, understand and accept the disclaimer .

You are using ot-reset-pw at your own risk! There is no guarantee - neither implicitly nor explicitly - given, that using ot-reset-pw wont affect your system in some negative way.

You are allowed to use ot-reset-pw to recover access to your personal linux-installation. Commercial use, or using ot-reset-pw to unlock user-accounts of third-party persons or organizations is explicitly prohibited.

Trying to gain illegal access to third-party computer systems is a serious crime in several countries.

About ot-reset-pw

ot-reset-pw is used to regain access to an user-account, where the credentials have been lost. You will typically use a live-linux (mint) to unlock an account this way.

With defaults, ot-reset-pw does setup a new password, which only requires to press the 'return'-key ('enter'-key').

After login with the unlocked user-account, you should set a new password first, using the 'passwd'-command.

ot-reset-pw creates backups of the credentials-file '/etc/shadow' at '/etc/shadow-backup*' (of the installed OS) before applying any changes. If creating a backup fails for any reason, ot-reset-pw will not continue.

To run ot-reset-pw you need sudo-permission to be able to gain root-rights. At a live-mint the predefined user 'mint' does use an 'empty' password = just press 'return', if being asked for a password.

Download and run

Download ot-reset-pw and run it using the preinstalled python (python 2 or python 3 should work both - python3 setups are typically more up-to-date).

Copy/paste the following to a terminal (right-click at the terminal should offer an paste-entry):


# open a terminal and run
cd ~/Downloads
wget https://www.orcus.de/Entities/linux/ot-reset-pw-001.py --backups=1
python3 ot-reset-pw-001.py

If you are not using linux mint or wget is not available for some reason use curl instead:


# open a terminal and run
cd ~/Downloads
curl -O https://www.orcus.de/Entities/linux/ot-reset-pw-001.py
python3 ot-reset-pw-001.py

If ot-reset-pw is run without root-rights, it offers to reload itself using sudo-credentials. At a live-mint the predefined user 'mint' does use an empty password; press the 'return'-key ('enter'-key) if being asked for a password.

How to use

1) Select the volume (partition) of your installed linux.

2) Use the 'mount' button. This will mount the volume and offer available account-data.

3) Select the according user-account.

4) Use the 'set pw' button. This will create a backup of the credentials-file first, and then set the pw of the according user-account.

After display of a summary message, the volume is un-mounted and ot-reset-pw is closed. Reboot afterwards, to ensure the account-data are re-read.

Trouble-shooting

1) The initial shown volumes are filtered to show ext4-filesystems only

If you are using a different filesystem, the volume-combobox might be empty:

Uncheck the 'ext4-only' option button, to show all available volumes.

2) After using the 'mount' button, nothing is shown at the 'account' combobox

a) The button-label does still show 'mount' = the volume cant be mounted

You either did select a volume, which does not offer a supported filesystem, or there are filesystem errors (ot-reset-pw wont touch the fs at this state):

Select the 'correct' volume, or repair a broken filesystem first.

If you are using btrfs as your root-filesystem, you might need to adjust the preset values of the 'mount options' combobox; ubuntu-based variants of linux mint use a '/@' subvolume for the root-fs with a default-setup.

If you are not using subvolumes, or using different subvolume-names with btrfs:

Adjust the available values by editing the 'mount options' combobox.

b) The button-label does show 'umount' (un-mount), but there are no entries shown

You did likely chose the wrong volume = there is no account-data available:

Use the 'umount' -button and select the 'correct' volume.

test - coverage

Internally tested linux versions are (using an almost default-setup, fully updated):

lmde2 32/64bit
lmde3 32/64bit
mint 18.x 32/64 bit
mint 19.x 32/64 bit
arch linux 2017-11 64 bit lxde
centos 7.5 64bit mate

Known issues

MDM (lmde2)

Using MDM as login-manager (default for lmde2 setups), does not allow to use the 'empty' entry to login - as it does internally handle an empty pw-entry field as an illegal input and wont proceed.

Select a different entry from the 'new password' -combobox instead of the default '<empty pw>' -entry.

As an alternative - in case you don't want to rerun ot-reset-pw from a live-linux - switch to a text-console using CTRL+ALT+F1 and login there: the tty does accept the empty pw.

If you own a localized keyboard, first check by typing some special characters like !"&# - if you are using the default en-us keyboard layout at the moment: test-type your new pw before using it, to be sure you wont end up at unexpected characters.

Run the 'passwd' command afterwards, just press return (enter) if being asked for the old pw and enter a new pw 2 times. When done run: 'sudo reboot' and login using the new pw.

arch linux

As arch linux does NOT use a graphical live-linux - ot-reset-pw cant be used there.

If using/"abusing" ot-reset-pw to "clear" a pw for an user-account at the installed OS (which is not recommended): If using the lxde desktop and trying to run ot-reset-pw might show, that the gtk-setup at arch is missing required python-gobject and python-gi-cairo packages.

To install the packages for both python versions use:

				
sudo pacman -S python-gobject python2-gobject python-gi-cairo python2-gi-cairo

After this ot-reset-pw can be run.

pkexec locked to root

If you are facing policy-issues at your linux-install related to pkexec, you might face a legitimation dialog where the 'root' password is asked - which you either do not know, or is even not set (disabled).

Run ot-reset-pw using sudo from the command line will bypass the legitimation dialog.


# open a terminal and run
sudo python3 ot-reset-pw-001.py