Solaris root password recovery: Difference between revisions

From munkjensen.net/wiki
(Solaris root password recovery)
 
mNo edit summary
 
Line 1: Line 1:
Requirements:
[[Category:Solaris]]Requirements:
# you will have to use a new password though.
# you will have to use a new password though.
# You need to have physical access to the machine's console
# You need to have physical access to the machine's console
Line 17: Line 17:
Naturally, you may not want anyone with physical access to the machine to be able to do the above to erase the root password. Suns have a security password mechanism in the PROM which can be set (this is turned off by default). The man page for the eeprom command describes this feature. If security-mode is set to "command", the machine only be booted without the prom password from the default device (i.e. booting from CD-ROM or install server will require the prom password). Changing the root password in this case requires moving the default device (e.g. the boot disk) to a different SCSI target (or equivalent), and replacing it with a similarly bootable device for which the root password is known. If security-mode is set to full, the machine cannot be booted without the prom password, even from the default device; defeating this requires replacing the NVRAM on the motherboard. "Full" security has its drawbacks -- if, during normal operations, the machine is power-cycled (e.g. by a power outage) or halted (e.g. by STOP-A), it cannot reboot without the intervention of someone who knows the prom password.
Naturally, you may not want anyone with physical access to the machine to be able to do the above to erase the root password. Suns have a security password mechanism in the PROM which can be set (this is turned off by default). The man page for the eeprom command describes this feature. If security-mode is set to "command", the machine only be booted without the prom password from the default device (i.e. booting from CD-ROM or install server will require the prom password). Changing the root password in this case requires moving the default device (e.g. the boot disk) to a different SCSI target (or equivalent), and replacing it with a similarly bootable device for which the root password is known. If security-mode is set to full, the machine cannot be booted without the prom password, even from the default device; defeating this requires replacing the NVRAM on the motherboard. "Full" security has its drawbacks -- if, during normal operations, the machine is power-cycled (e.g. by a power outage) or halted (e.g. by STOP-A), it cannot reboot without the intervention of someone who knows the prom password.


Ps: Dont ask why i post this Geektips© article...
References: [http://www.sunmanagers.org/pipermail/summaries/2004-January/004803.html here].
 
I found it [http://www.sunmanagers.org/pipermail/summaries/2004-January/004803.html here].

Latest revision as of 07:44, 10 June 2015

Requirements:

  1. you will have to use a new password though.
  2. You need to have physical access to the machine's console


Note the root partition; Solaris 8 uses /dev/dsk/c0t0d0s0 on the Ultra5/10 and Blade 100, /dev/dsk/c0t1d0s0 for Blade 1000.

  • Press the STOP and A keys simultaneously, or, on an ASCII terminal or emulator, send a <BREAK> to halt the operating system, if it's running.
  • Boot to single-user from CD-ROM (boot cdrom -s) or network install/jumpstart server (boot net -s). For Solaris 8 use the CD-ROM labeled "Installation". (If it asks you for a promt password, see below.)
  • Mount the root partition on "/a". "/a" is an empty mount point that exists at this stage of the installation procedure. For example: #mount /dev/dsk/c0t0d0s0 /a

If the mount command fails and since "/a" always exists, then you either typed in the wrong device, OR the system is seeing the root partition as something else. Do a "ls /tmp/dev/dsk" and see what is there. "c0t6" things are the CD-ROM, what is left is what one needs to try. On a Blade 1000/2000, choose /dev/dsk/c1t1d0s0, and execute: #mount /dev/dsk/c1t1d0s0 /a

  • Set your terminal type so you can use a full-screen editor, such as vi. You can skip this step if you know how to use "ex" or "vi" from open mode. If you're on a sun console, type "TERM=sun; export TERM"; If you are using an ascii terminal or terminal emulator on a PC for your console, set TERM to the terminal type for example: TERM=vt100; export TERM.
  • Edit the passwd file, /a/etc/shadow (or perhaps in older versions, /etc/passwd) and remove the encrypted password entry for root.
  • Type: "cd /; then "umount /a"
  • Reboot as normal in single-user mode ("boot -s"). The root account will not have a password. Give it a new one using the passwd command.

PROM passwords: Naturally, you may not want anyone with physical access to the machine to be able to do the above to erase the root password. Suns have a security password mechanism in the PROM which can be set (this is turned off by default). The man page for the eeprom command describes this feature. If security-mode is set to "command", the machine only be booted without the prom password from the default device (i.e. booting from CD-ROM or install server will require the prom password). Changing the root password in this case requires moving the default device (e.g. the boot disk) to a different SCSI target (or equivalent), and replacing it with a similarly bootable device for which the root password is known. If security-mode is set to full, the machine cannot be booted without the prom password, even from the default device; defeating this requires replacing the NVRAM on the motherboard. "Full" security has its drawbacks -- if, during normal operations, the machine is power-cycled (e.g. by a power outage) or halted (e.g. by STOP-A), it cannot reboot without the intervention of someone who knows the prom password.

References: here.