Temporarily changing passwords

April 3, 2007

This came up on comp.sys.mac.system - how could you easily change a users password without having admin access to the system? Say a customer asks you to install Final Cut Studio before going into a meeting and forgets to give you his password (or writes down the wrong one, or whatever). Do you just wait for the customer to return and tell them they’ll have to wait another 45 mins for the 30+ GB to finish installing?

You could always just reset the password with the help of the OS X install disc, but there’s an easier way and one that will actually let you restore the old password. All you need to know is the owner’s user name (actually you can do some more dscl digging to use their real name as well).

You start off by booting into Single User mode (Cmd-S) and then:

mount -uw /; sh /etc/rc
cd /var/db/shadow/hashes
guid=`dscl . -read /Users/username GeneratedUID | awk '{print $2}'`
cp $guid $guid.old
passwd username

You can now log in as that user with your new password. When you’re done, just boot back into Single User mode and mv the .old hash file back in place. Just make sure you test that the owner can log in when they get back. ;-)