Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hi
I have root privilege to the Linux system
My problem is “how can I find the password of the particular user with out changing the password of that user”
1. ALT + F2 > typ kuser
2. If you're root you will het kuser, if you aren't root, typ the root-password.
3. The select the user you want
4. Click edit (at the top)
5. Then you can change the password
chakribobby, unix-style authentication using the passwd (and shadow) file works by putting the user's password through a cryptographic hashing function, and storing this hashed result. When the user tries to authenticate, the plaintext password they enter is put through the same hashing function, and if the result matches the stored value, the user is authenticated.
The hashing function is "one way", meaning that it is not possible (or infeasibly difficult) go from the hashes password back to the plain text password.
As a system administrator you should not have to reverse a password. If you want to reset a users password, this is possible, and you have to tell the user that you have reset their password (or at least they will know it because their old password will stop working). As root, you can assume the identiy of the user without having to know their password using the su program as Disillusionist mentioned.
The only legitimate reason for trying to determine a user's password is to discover weak passwords (those which can easily be guessed), which might constitute a security threat to the system you are administrating. I believe it is unethical to do this without telling users what you are doing because users often use the same password on many systems, and might not want you to know it. Of course this is bad security practise on their part, but that's no excuse to act in a shady manner.
Regardless of the OP's original question, the following still stands.
Quote:
The hashing function is "one way", meaning that it is not possible (or infeasibly difficult) go from the hashes password back to the plain text password.
Unless you find some kind of keylogger, you will have to crack the password.
John The Ripper is a good tool for discovering weak passwords.
You need root privileges to use John properly, as you need access to /etc/shadow file to recreate the actual password hash.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.