{"id":1103,"date":"2018-10-27T22:51:47","date_gmt":"2018-10-27T19:51:47","guid":{"rendered":"http:\/\/kifarunix.com\/?p=1103"},"modified":"2024-03-11T19:58:28","modified_gmt":"2024-03-11T16:58:28","slug":"how-to-protect-single-user-mode-with-password-in-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-protect-single-user-mode-with-password-in-ubuntu-18-04\/","title":{"rendered":"How to Protect Single User Mode with Password in Ubuntu 18.04"},"content":{"rendered":"\n<p>In this tutorial, we are going to learn how to protect single user mode with password on Ubuntu 18.04 server such that whoever wants to access the system root filesystem through this runlevel\/target has to supply the password first.<\/p>\n\n\n\n<p>Single user mode, also known as <strong>maintenance mode<\/strong> is a mode in which a multi-user computer OS&nbsp; boots into a single superuser. This mode is commonly know as <strong>runlevel 1<\/strong>&nbsp; or <strong>rescue.target <\/strong>(rescue mode) in systems that implement <strong>Sys-V<\/strong> or <strong>Systemd<\/strong> style initialization respectively.<\/p>\n\n\n\n<p>The single user mode allows administrators direct access to the root filesystem without a password in order to carry out system maintenance e.g resetting forgotten root password, repairing messed-up system initialization files etc. This, however, is a security loophole and therefore is important to configure your system to requires password for such access.<\/p>\n\n\n\n<p>Want to enforce complex password policy for local accounts on you Ubuntu 18.04 system? See our article by following the link below;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kifarunix.com\/enforce-password-complexity-policy-on-ubuntu-18-04\/\" target=\"_blank\" rel=\"noopener\">Enforce Password Complexity Policy On Ubuntu 18.04<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Protecting Single User Mode with Password in Ubuntu<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Set the Grub Password<\/h3>\n\n\n\n<p>In order to secure your system&#8217;s single user mode, you need to set the grub password. In this case we are going to generate hashed password for GRUB by running the command below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># grub2-mkpasswd-pbkdf2 \nEnter password: <strong>Enter Your STRONGPASSWORD<\/strong>\nReenter password: <strong>Re-Enter Your STRONGPASSWORD<\/strong>\nPBKDF2 hash of your password is <strong>grub.pbkdf2.sha512.10000.2E76F00F221375A635334DEE22E9EF48A3C752EDCFA01221789FDFFE34251C23C1EF11E39CF13EB525D4E99008598CE81035EF0AA67C8B4F0569B0C3BE5A20F1.0A43B4FC74BF2EEE479E3CE0697B933BC7249894029523CEF2D01605480FA869CAA9B44BFCBAB4316338EF6DDA9F8D4E30E996FB14E2ED0B42B05F5435778A73<\/strong><\/pre>\n\n\n\n<p>As you can see above, your GRUB hashed password has been generated;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>grub.pbkdf2.sha512.10000.2E76F00F221375A635334DEE22E9EF48A3C752EDCFA01221789FDFFE34251C23C1EF11E39CF13EB525D4E99008598CE81035EF0AA67C8B4F0569B0C3BE5A20F1.0A43B4FC74BF2EEE479E3CE0697B933BC7249894029523CEF2D01605480FA869CAA9B44BFCBAB4316338EF6DDA9F8D4E30E996FB14E2ED0B42B05F5435778A73<\/strong><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">&nbsp;Enable GRUB Password Protection<\/h3>\n\n\n\n<p>To enable grub password protection, you have to identify grub menu items to protect, users authorized to access the GRUB and their passwords. The users and their passwords are manually added <strong><em>\/etc\/grub.d\/00_header<\/em><\/strong> file.<\/p>\n\n\n\n<p>To edit the <strong><em>\/etc\/grub.d\/00_header<\/em><\/strong><em>, <\/em>run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># vim \/etc\/grub.d\/00_header<\/pre>\n\n\n\n<p>You may also use you preferred editor.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Define Superuser and the Password<\/h3>\n\n\n\n<p>Once you have opened the above file for editing, enter the superuser and its password at the end of the file in the following format.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>cat &lt;&lt; EOF\nset superusers=\"user1\"\npassword_pbkdf2 &lt;user&gt; &lt;password&gt; \nEOF<\/strong><\/pre>\n\n\n\n<p>This should finally look like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>cat &lt;&lt; EOF\nset superusers=\"admin\"\npassword_pbkdf2 admin grub.pbkdf2.sha512.10000.2E76F00F221375A635334DEE22E9EF48A3C752EDCFA01221789FDFFE34251C23C1EF11E39CF13EB525D4E99008598CE81035EF0AA67C8B4F0569B0C3BE5A20F1.0A43B4FC74BF2EEE479E3CE0697B933BC7249894029523CEF2D01605480FA869CAA9B44BFCBAB4316338EF6DDA9F8D4E30E996FB14E2ED0B42B05F5435778A73\nEOF<\/strong><\/pre>\n\n\n\n<p>Once you are done editing, save the file and update grub by running the following command.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"># update-grub2\nGenerating grub configuration file ...\nFound linux image: \/boot\/vmlinuz-4.15.0-36-generic\nFound initrd image: \/boot\/initrd.img-4.15.0-36-generic\ndone<\/pre>\n\n\n\n<p>When grub is updated, the user\/password information is automatically added to the GRUB 2 menu configuration file, <strong><em>grub.cfg<\/em><\/strong><em>.<\/em><\/p>\n\n\n\n<p>Now your grub is password protected. To verify this, reboot your system and try to boot to single user mode as described below;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>At the GRUB splash screen at boot time, press any key to enter the GRUB interactive menu.<\/li>\n\n\n\n<li>Select the Kernel line and press &#8216;<strong>e<\/strong>&#8216; to edit.<\/li>\n<\/ul>\n\n\n\n<p>Immediately you press <strong>e<\/strong>, you will be prompted for the username and password.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"http:\/\/kifarunix.com\/wp-content\/uploads\/2018\/10\/password-protected-single-user-mode.gif\"><img loading=\"lazy\" decoding=\"async\" width=\"654\" height=\"482\" src=\"http:\/\/kifarunix.com\/wp-content\/uploads\/2018\/10\/password-protected-single-user-mode.gif\" alt=\"password-protected-single-user-mode\" class=\"wp-image-1111\" title=\"\"><\/a><figcaption class=\"wp-element-caption\">password-protected-single-user-mode<\/figcaption><\/figure><\/div>\n\n\n<p>That is all about how to protecting Single User Mode with Password in Ubuntu 18.04. We hope that this helped.<\/p>\n\n\n\n<p><strong>Note<\/strong> that if you lost you both your grub password as well as the root password, the only way to get to the shell is by booting your system with LiveCD, mount the root partition in rw mode and remove the password in the grub configuration file.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, we are going to learn how to protect single user mode with password on Ubuntu 18.04 server such that whoever wants to<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,34,64],"tags":[213,212,211],"class_list":["post-1103","post","type-post","status-publish","format-standard","hentry","category-howtos","category-security","category-ubuntu-18-04","tag-grub","tag-grub-password","tag-single-user-mode","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1103"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=1103"}],"version-history":[{"count":11,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1103\/revisions"}],"predecessor-version":[{"id":21024,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1103\/revisions\/21024"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=1103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=1103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=1103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}