Solaris root password recovery
Requirements:
- you will have to use a new password though.
- You need to have physical access to the machine's console
Note the root partition; Solaris 8 uses /dev/dsk/c0t0d0s0
on the Ultra5/10 and Blade 100, /dev/dsk/c0t1d0s0
for Blade 1000.
- Press the STOP and A keys simultaneously, or, on an ASCII terminal or emulator, send a <BREAK> to halt the operating system, if it's running.
- Boot to single-user from CD-ROM
(boot cdrom -s)
or network install/jumpstart server(boot net -s)
. For Solaris 8 use the CD-ROM labeled "Installation". (If it asks you for a promt password, see below.) - Mount the root partition on "/a". "/a" is an empty mount point that exists at this stage of the installation procedure. For example:
#mount /dev/dsk/c0t0d0s0 /a
If the mount command fails and since "/a" always exists, then you either typed in the wrong device, OR the system is seeing the root partition as something else. Do a "ls /tmp/dev/dsk"
and see what is there. "c0t6" things are the CD-ROM, what is left is what one needs to try. On a Blade 1000/2000, choose /dev/dsk/c1t1d0s0
, and execute: #mount /dev/dsk/c1t1d0s0 /a
- Set your terminal type so you can use a full-screen editor, such as vi. You can skip this step if you know how to use "ex" or "vi" from open mode. If you're on a sun console, type
"TERM=sun; export TERM"
; If you are using an ascii terminal or terminal emulator on a PC for your console, set TERM to the terminal type for example:TERM=vt100; export TERM
. - Edit the passwd file,
/a/etc/shadow
(or perhaps in older versions,/etc/passwd
) and remove the encrypted password entry for root. - Type:
"cd /; then "umount /a"
- Reboot as normal in single-user mode
("boot -s")
. The root account will not have a password. Give it a new one using thepasswd
command.
PROM passwords: Naturally, you may not want anyone with physical access to the machine to be able to do the above to erase the root password. Suns have a security password mechanism in the PROM which can be set (this is turned off by default). The man page for the eeprom command describes this feature. If security-mode is set to "command", the machine only be booted without the prom password from the default device (i.e. booting from CD-ROM or install server will require the prom password). Changing the root password in this case requires moving the default device (e.g. the boot disk) to a different SCSI target (or equivalent), and replacing it with a similarly bootable device for which the root password is known. If security-mode is set to full, the machine cannot be booted without the prom password, even from the default device; defeating this requires replacing the NVRAM on the motherboard. "Full" security has its drawbacks -- if, during normal operations, the machine is power-cycled (e.g. by a power outage) or halted (e.g. by STOP-A), it cannot reboot without the intervention of someone who knows the prom password.
References: here.