Ubuntu Guide For Windows Users: Reset Your Password When You Have Forgotten It

I am not sure why this is considered easier than Windows, but that is a typical comment to make.

Anyway, what if you have ab encrypted rootfs or use SELinux?

@Silver

With Windows, if you don't have another account (with rights to change user account passwords)you either need to create a password reset disk or use a third party utility just to change your password (when you have forgotten it).

Compare that to Linux, the above method is much easier.

As for ab encrypted rootfs or SELinux, I'll need to do some digging if the method can be used.

There's an even easier way: just select the recovery mode option, select "root" (Drop to root shell prompt) and change your password that way. No need to alter any lines or anything of that sort.

How can this be secured against? If I won't forget my password and would rather reinstall than leave root access open this easily?

Isn't that what the "recovery mode" option is for? I haven't used Ubuntu in a while, but on Gentoo that means a root prompt in single user mode. (i.e this)

And to answer Jimmy, there is no way to stop access to the root prompt on your computer (if you have physical access), but you CAN encrypt the hard disk. Then you have to enter a password to boot up at all. There are many howtos on this, but you only want it if you really care about security.

WOW!!!

You guys need some serious help. First of all, yes those will work.

If you don't want people to edit GRUB in this way, then password protect it. This guide goes over using encrypted passwords, but plain text passwords are also possible. The idea is to protect 1. booting into recovery mode, and 2. editing the configuration file.
http://www.debiantutorials.org/content/view/40/227/

I also added a comment in there to explain some things.

The will pretty securely cover GRUB. BUT, I know of a way around this. You can boot to a live CD and change the systems /etc/shadow file which contains system passwords. You can replace any users password with another hash. But once GRUB is locked down, going through that process would be pretty painstaking since you can no longer just wipe the root password and boot into recovery mode.

Anyway, how some of that has been cleared up for you.

No amount of security will help if the attacker has physical access to the machine. There are even ways around drive encryption, especially if the drive is still mounted when the machine is 'attacked'. Boot passwords and BIOS passwords are easily circumvented to even the slightest determination. All you need is a livecd and a screwdriver!

The above shouldn't ever be used unless you really know what you're doing and won't work for encrypted volumes (in most cases you WILL run in to trouble if you set init to a shell, such as the environment not being set up (thus making vim and other editors useless)). Use the recovery mode to properly boot in to single user mode, as it will run through essential init scripts.

On most Linux installs, setting init=/bin/sh will boot with / in read only mode too since remounting it is handled by a init script.

It's called recovery mode for a reason! Use it!

It did not work. It is showing that command not found.