FAQ: Resetting the Administrative Password


I've forgotten the password I chose for Sawmill when I first installed; how can I reset it?

Short Answer

As of version 8.0.2, there is a custom action reset_root_admin.

Long Answer

For security reasons, Sawmill requires an administrative username and password whenever you use it (otherwise, anyone could use it to access your computer, since Sawmill is normally accessible by anyone on your network). You choose this username and password when you first run Sawmill, and it asks you for it whenever you run it again.

In version 7 we simply deleted users.cfg and prompted for a new root admin username and password. Though this is very insecure in a multi-user environment when the Root Admin deletes users.cfg but delays to enter a new username and password for hours or days. In such a case every other user who tried to access Sawmill would be prompted to enter a new root admin username and password and would gain root admin access when doing so.

In version 8, as of 8.0.2, there is now a custom action, reset_root_admin. This is run from the command line like this:

sawmill -a rra -u username -pw password

This command changes the root username and password to the values specified for username and password.

E.g., on Windows, from the Command Prompt:

c:\
cd c:\Program Files\Sawmill 8
Sawmill.exe -a rra -u jane -pw mypassword

or on Macintosh or Linux/Unix, from the terminal (assuming Sawmill is installed in /Applications/Sawmill):

cd '/Applications/Sawmill'
./sawmill -a rra -u jane -pw mypassword

This is even more secure than using a default/default users.cfg, because there is no longer even the possibility of an attacker repeatedly trying default/default in the hope of catching Sawmill between steps 2 and 4 of the original approach (below). The custom action approach also solves the problem of losing other users (and the root admin language), because nothing is changed in users.cfg other than the root admin username and password.

This action exists only in 8.0.2 or later. For users with 8.0.0, and you forgot the username or password you originally chose, you can reset your password but you must contact Sawmill support and we will give you a file to be placed in lang_stats.directory. This will delete all users from Sawmill. Once you have the new users.cfg, access Sawmill again through a web browser, and you will be prompted to choose a new administrative username and password.