More Secure Single User Mode Via Password

Registered by Michael Lynch

Currently, when a user chooses to boot Ubuntu in singleuser mode they are granted total access to the entire system.

This is not ideal in any sitution but most certainly not in public, high traffic, or "secure" environments such as schools, libraries, or businesses. Ubuntu should ask the user for a password. The system could either ask for the password via GRUB or possibly once the system boots into singleuser mode.

It would be relatively easy to re-implement the singleuser mode password as that simply involves giving root a password.

Blueprint information

Not started
Needs approval
Series goal:
Milestone target:

Related branches


An idea... if the user forgets his/her password and needs to use 'Recovery Mode', they should answer some security questions before being granted 'root' access.... the first user (the person who installed the operating system) could fill in the details upon installation. e.g, Mothers Maiden Name? Last School Attended

* Feel free to make that an optional question, but it is very easy to subvert. See and the "init=/bin/bash" boot parameter. If a user expects their system to be secure against *physical* access, they should set a GRUB password and disable all boot devices other than the hard disk. Of course, you'd also have to fill the entire box with epoxy so that they couldn't break whatever lock you have on the side of the computer or cut through it and get at your data. In other words, use encryption. -lfaraone

I would go so far as to say a backdoor is a *terrible* idea. Any user who has need of a single-user-mode password should also have the ability to store that password somewhere safe; i.e. a user who knows they need it also knows why they need it. Additionally, a user who has need of the feature also probably knows how to remove the hard drive, put it in another machine, and get to their data that way if they lose the single-user-mode password. Adding a backdoor mechanism only encourages users to set up features they don't understand and ultimately makes the system less secure, not more so. Just because banks and other personally valuable resources use backdoors doesn't mean it's right; backdoors are grossly negligent and reduce overall security to nearly zero. See for a better description than I can give on the matter. - jelias


Work Items

This blueprint contains Public information 
Everyone can see this information.