Softpanorama
May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Solaris root password recovery

News Role engineering Recommended books Recommended Links Blueprints Solaris privileges sets How-to
user_attr prof_attr exec_attr auth_attr policy.conf    
Reference   sudo vs RBAC ACLs usage is roles Profile Shells Humor Etc

You need to have physical access to the machine's console.

Note the root partition Solaris uses:

Press the STOP and A keys simultaneously, or, on an ASCII terminal or emulator, send a <BREAK>) to halt the operating system, if it's running.

Boot single-user from CD-ROM (boot cdrom -s) or network install/jumpstart server (boot net -s). For CD media use the CD-ROM labeled "Installation". I prom pssword is set you need to know it

Mount the root partition on "/a". "/a" is an empty mount point that exists at this stage of the installation procedure. For example:

#mount /dev/dsk/c0t0d0s0 /a

If the mount command fails and since "/a" always exists, then you either typed in the wrong device, OR the system is seeing the root partition as something else.

Do a "ls /tmp/dev/dsk" and see what is there. "c0t6" things are the CD-ROM, what is left is what one needs to try. On a Blade 1000/2000,  choose /dev/dsk/c1t1d0s0, and execute: #mount /dev/dsk/c1t1d0s0 /a

Set your terminal type so you can use a full-screen editor, such as vi. You can skip this step if you know how to use "ex" or "vi" from open mode.

Edit the passwd file, /a/etc/shadow (or perhaps in older versions, /etc/passwd) and remove the encrypted password entry for root.

Type: "cd /; then "umount /a"

Reboot as normal in single-user mode ("boot -s"). The root account will not have a password. Give it a new one using the passwd command. PROM passwords: Naturally, you may not want anyone with physical access to the machine to be able to do the above to erase the root password. Suns have a security password mechanism in the PROM which can be set (this is turned off by default). The man page for the eeprom command describes this feature.

If security-mode is set to "command", the machine only be booted without the prom password from the default device (i.e. booting from CD-ROM or install server will require the prom password). Changing the root password in this case requires moving the default device (e.g. the boot disk) to a different SCSI target (or equivalent), and replacing it with a similarly bootable device for which the root password is known. If security-mode is set to full, the machine cannot be booted without the prom password, even from the default device; defeating this requires replacing the NVRAM on the motherboard. "Full" security has its drawbacks -- if, during normal operations, the machine is power-cycled (e.g. by a power outage) or halted (e.g. by STOP-A), it cannot reboot without the intervention of someone who knows the prom password.

 

Recommended Links

Top Visited
Bulletin Latest Past week Past month
Google Search


how do I restablish shells Password recovery under Solaris 8.


1.      Put the installation CD into the CDROM drive and turn the machine on
2.      while booting, press the  Stop  and  A  key simultaneously; the Stop key
is at the top left on Sun Keyboards, or Send a CTRL-BREAK (CTRL-C) to the system if connecting thru the console; serial port.
3.      Either way, you should get {ok} prompt
4.      type  boot cdrom  s  and hit return without the quotes.
5.      The machine will be booting in a single user mode off of the cdrom
6.      When you get the hash prompt #, type cd /tmp and hit Enter
7.      Issue the command  mkdir /mnt  without the quotes and hit Enter. If any
errors, use the  p option; e.g., mkdir  p /tmp/mnt.
8.      Issue the command  mount /dev/dsk/c0t0d0s0 /tmp/mnt  and hit Enter. This will mount the old root / partition which is allows to modify the shadow file.
9.      If any errors with mount, run the command fsck /dev/rdsk/c0t0d0s0  y
without the quotes which should fix the disk problems. Mount using step 8
command.
10.     Issue the command  cd /tmp/mnt/etc and hit enter
11.     Now you should be able to see the shadow file which you can edit or copy from the old version; you saved a copy right?
12.     If you don t have the old password, just make the 2nd field blank
13.     If you need to change the shell, edit password file.
14.     Run fsck on other partitions as well such as /dev/rdsk/c0t0d0s7, etc.
15.     halt and restart the machine, e.g., init 6, or shutdown  g 0 y, or reboot, etc.
You should be able to login as before or just hit the enter for password.

 

Resetting root password

SUMMARY Solaris root password recovery

Solaris, password, secure, Sparc, root

KarKomaOnline - Lost Solaris password

Let's start by inserting the Solaris installation CD-ROM and then shutting down the system. Press...
     Stop-A

This will bring you the OK prompt. Now type:

     boot cdrom -s

and after a few minutes you will automatically be logged in as root in single user mode. It is possible that you get messages from your system claiming that some partitions were not cleanly unmounted. If this is the case check the partition as follows (assuming that your root partition is mounted on /dev/dsk/c0t0d0s0):

     fsck -y /dev/dsk/c0t0d0s0

Now mount your root partition...

     mount /dev/dsk/c0t0d0s0 /a

and edit /a/etc/shadow. Find root's entry in this file and remove the second field (encrypted root password) so it looks like...

     root::98765::::::

After making your change, save the file and reboot the system.

     reboot

You are now able to log into the system without a password for root. So now use the passwd command to set root's password.

Etc

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg  : C++ Humor : ARE YOU A BBS ADDICT? : Object oriented programmers of all nationsC Humor : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humorPseudoScience Related Humor : Networking Humor  : Shell Humor: Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : The Most Comprehensive Collection of Editor-related Humor : Microsoft plans to buy Catholic Church : Education Humor : IBM HumorAssembler-related HumorVIM Humor Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor : Best Russian Programmer Humor : Russian Musical Humor : The Perl Purity TestPolitically Incorrect Humor : GPL-related Humor : OFM Humor : IDS Humor : Real Programmers Humor : Scripting Humor : Web Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor :

The Last but not Least

Copyright © 1996-2013 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine. This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting hosting of this site with different providers to distribute and speed up access. Currently there are two functional mirrors: softpanorama.info (the fastest) and softpanorama.net.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: January 15, 2013