HELP after pkill how to restore ALL user processes

Please, help!

How do I restart all the processes for an admin user account after I did a pkill on the entire admin user account?

My CLI input into dom0 Terminal:
sudo pkill -9 -u admin

(see image for example)

Background as to why I ended up here:
I ordered a laptop with Qubes preinstalled on it from Star Labs. I didn’t realize I would have to update default admin stuff such as the admin password and admin name. Updating the password was easy. I haven’t updated the disk encryption password yet as it looks complicated from instructions they sent me. So after making a new regular user, I then decided to change the name. The regular user name was updated no problem. I went to do the same on the admin but ran into the error that process 3120 was still running so the default admin name “star” could not be updated to the new one “[redacted]82”.
Thus, I searched online how to kill a process but stumbled upon how to kill all processes for an entire user and thought that would be easier and less likely to have something mess up.

I went ahead an luckily created a “test” admin user since I needed “sudo” to do this, thinking maybe if I did it from another admin account the 3120 process wouldn’t be running. I tried that. The process error still hit me. So I resorted to the pkill command I saw online.

I then used the “pkill” command, and finally successfully changed the admin user name from “star” to “[redacted]82” yay! All while logged into the “test” admin user account. However, I realized I needed to find out how to “resume” or “restart” all of the admin user processes, yet hoped maybe it would restore itself after a reboot. So I rebooted the entire machine.

To my dismay upon logging into the renamed admin “[redacted]82” only the mouse and wallpaper loaded and absolutely NOTHING else as I couldn’t even right click to get to the GUI dropdown to click on the Terminal. Absolutely nothing NOTHING loaded but the mouse curser (and its movements) along with the default wallpaper.

So now I am here begging how to restore the renamed admin’s processes

  • Yes I searched, but found no clear answer on how to undo an entire “pkill” done on a user/admin account

This is very strange indeed. The admin user “star” no longer exists as it was renamed to [redacted]82, yet “star” still shows in the login drop down option but when hovered over the renaming of that admin user account appears which is [redacted]82. Yet upon clicking the drop down [redacted]82 doesn’t appear in the list of login account menu options while the old “star” does which is [redacted]82 but only appears if hovered over on “star”. Either way, be I enter the same password for “star” or [redacted]82, once logged in NOTHING loads due to the mess I made when trying to rename “star” to [redacted]82, by using the “pkill -9 -u” command.

How do I undo the processes I stopped via the “pkill” on the user “star”/"[redacted]82 (same admin user just old vs new name)

While this is a glitch due to my ignorance over “pkill”, I think this offers potential to further obfuscate from Threat Actors by having the login show a different name than the real login name and home folder directory — but then again I don’t know enough about Xen let alone Qubes to know if having a different user name with a different home dir with a different appearance within the login drop down name menu as it might break some kind of paths I am unaware of … all I am saying is it is a feature worth considering.

Now, if someone can please inform me how to reverse what I did using “pkill” — would deeply appreciate it

I don’t know if it’ll help, but I’d try to rename the user back to star.

Hmmmm, didn’t think of that one. Will try it and get back to you …

Tried what you said, and everything is the same as in everything for that admin user remains killed sadly

But it oddly has the same hover-over now
(this was the only difference upon reverting back to the original name).

I never once thought it had anything to do with the naming, it really is whatever was done by inputting “pkill -9 -u”

Your problem isn’t related to pkill. You have renamed the dom0 user.

Try to fix it with these instructions, you will be able to boot your system as root, so you can fix the mess.

It seems you currently don’t know what user should be used for dom0, you can figure by running grep 1000 /etc/passwd, you could then reset that user password by typing passwd the_username.


“star” aka “[redacted]82” both show the user ID stuff under 1000

I will say I did notice that there is a “group” also named “star”, so I am unsure if Star Labs made admin things on that group or not.

My “star” user as well as the new “test” user I had to make to change “star”, both have the admin groups enabled “wheels” and “qubes” at least I am making the assumption here that those 2 groups “wheels” and “qubes” are the group admin permissions required. However, you’re correct that my “test” admin user does not fall under 1000 ID it falls under currently 1002.

I followed your link to another thread on this forum. I appreciate the help, but must request more hand holding please. I need line by line instructions. I don’t even know what GRUB is, but after some online searches I think it is the boot after the BIOS but before the OS initiates? Is it that little black screen that shows 3 options before booting into the Qubes hard disk password screen?

Please help me in a way you would a n00b, because I am a complete n00b at this. I am only succumbing to dealing with setting up Qubes as a “daily driver” since I am in the process of recovering from a brutal persistent targeted Cyber Attack against me whereby I am now forced to replace all my gear and harden every point of my communications. So I am not here as a budding novice, I am here out of sheer necessity and am unable to pay professionals since everything was stolen from me already during that attack which robbed me of over $100K of what I had planned to live off of until I regained an income source. So please don’t think I want to ask for free tailored baby hand holding advice, it is just my situation has placed me in a position to have to do so

Thank you so much!

I am about to reread the post you linked to try to understand it. But it would be helpful to just post a line by line detailed steps as if I don’t even know when to place “sudo” in front of a command type level of experience (lowest level of experience treat me in that way)

I wanted to clarify,

I have to change the name to the default admin because

  1. “star” seems to ship on all Star Labs laptops thus a Threat Actor could if breaking through other layers of privacy and security realize this is the “admin” to attack to breach my computer
  2. “star” also as an admin user name and “star” as a group name as well gives away for a Threat Actor to better guess the hardware stack that my bare metal is running on
    (this is a security issue because “star” hints at Star Labs and Star Labs has only a small selection of specs they build their computers on thus narrowing the possibility for a Threat Actor to “guess” when tailoring an attack to oh say perform a HeartBleed chain attack on the processor or perform a RowHammer attack on the RAM installed etc etc

While it is difficult to cross from VM into Dom0, it is not impossible and from what I hear has indeed been accomplished by various Threat Actors over the years. If at any point someone has enough to poke around but not enough to yet finish a hack fully, it is wise to not hand them info on a silver platter by announcing via a user name and user group name what maybe the main admin account and what make and model of the machine is all of which sadly IMHO is being announced so long as “star” remains the name of the main admin and admin group

I hope people helping are now able to better understand the reasoning behind my madness here

I think you would save a lot of time by reinstall Qubes OS. You may want to ask Star Labs if they do any tweak to the system (I suppose they don’t) to apply these changes again.

1 Like

Changing the dom0 username doesn’t add up to your security because attacker can know your dom0 username only when he’s already in dom0 and at this point it’s already game over.


Okay so what about stopping any info from being picked up in scans on the LAN or remotely? Does it help at all even a lil bit?

sys-net handles all these requests, and logged in users aren’t leaking on the network

no, the user name can only be seen on the physical screen

1 Like

:dancer:t2: UPDATE:

@solene was partially correct, it had absolutely NOTHING to do with stopping the processes using “pkill -9” command!

However, it also had nothing to do with renaming the admin user account either. It was HOW that admin user account was renamed, as I used the wrong command and/or method and/or order of input operations. I found this out as I started following @solene’s instructions where I paused at “vipw” because when it listed all the info I finally realized what had broken. Due to using “usermod -l ” command a new folder was inserted within the Home Directory path and THAT is what broke everything no matter what I attempted to try to do.

However, as of 3 hours ago I finally figured out how to repair all of the damage AND even successfully rename the admin user account in a more proper way that retains the integrity of the Home Directory file path tree structure!

1st I had to delete the Home Directory path for that admin user (luckily I had already created a secondary admin user btw so to work on this). Unlike the regular test user I tried this first on, when I did it to the admin version it had a different process where I spent about a half an hour answering “y” as yes to delete every single file in it’s Home Directory tree branches lol

After that I then got to “userdel” to delete the “star” admin user account. I checked all this by doing various steps along the way for example one way I check to proof my work was “id ” and another way was “cat /etc/passwd”.

Once everything was confirmed deleted, I then created a new User Group with the ID of the default admin “1000” for “groups”.

Once that was done I then found a combo input command to set the UID and GID upon creating the user (all with the same name I tried during the botched rename btw, so I would know if everything was deleted or not assuming I would have hit an error had it not all been deleted but it was all good to go yay). That command was, “useradd -u 1000 -g 1000 ”. Once that was done I then had to add that freshly remade user to the admin groups “qubes” and “wheel”.

Lastly I then gave it a password


Proof of Newbie Accomplishment

1 Like

So I just tortured myself for nothing lol dang. I did learn some things, thanks for guiding me half way to the answer


1 Like

Congratulations :clap: good job, really

1 Like