How to Break/Recover Solaris root Password ?

Lingesh

11 years ago

Every organization may have their own way to secure the root passwords for their servers. According to their security polices ,Unix administrators need to change the servers root’s password on routine basis.But sometimes due to human error, there may be chance to loose root password.Unless some of the normal user had sudo root access, you need to recover the root password by booting the system in to failsafe mode. Here we will see how to recover the Solaris SPARC and Solaris X86 server root password recovery with step by step.

Note:This procedure is applicable to Solaris 10 SPARC/X86.

Recovering root password on Solaris SPARC server:

1.Bring the server to OK prompt.
If the server is up and running then login to server console,you can initiate the reset or send break signal to bring the server to OK prompt.

2.Boot the OS in failsafe mode from OK prompt.
#ok boot -F failsafe
3.Once the server is booted up in failsafe mode,then mount the root disk in /mnt .
If you don’t know the root disk,then execute format command and check one by one.
#mount /dev/dsk/c1t1d0s0 /mnt

4.Take a backup of /mnt/etc/passwd & /mnt/etc/shadow file before removing the root password from it.

# cp -p /mnt/etc/passwd /mnt/etc/passwd.13092013

# cp -p /mnt/etc/shadow /mnt/etc/shadow.13092013

5.Now remove the encrypted password entry for root from /mnt/etc/shadow file using vi editor.You may need to set term to edit the file.(For bash shell — >#export TERM=vt100)

Before Modifications:

#grep root /a/etc/shadow

root:XD9erIqDGXYM.:12192::::::

After Modifications:

#grep root /a/etc/shadow

root::12192::::::

6. Update the boot archive to ensure boot archive is up to date.

# bootadm update-archive -R /mnt

Creating boot_archive for /mnt

updating /a/platform/sun4u/boot_archive

7. Reboot your system using init command.

# init 6

Recovering root password on Solaris X86 server:

Solaris X86 servers doesn’t have OK prompt like SPARC machines.As an alternative ,it has grub boot loader to boot the server in to failsafe mode.

1.Reboot the server in failsafe mode.

2.By default , Solaris x86 will ask for mounting the root filesystem.

3.You can see that system is booted in RAM disk.

4.If not asking ,you can mount it using cxtxdxsx name if its UFS root filesystem.

5.If its ZFS ,then you need to stretch little bit to mount the root filesystem.
i . Import the rpool forcefully
zpool import -f rpool

ii. Modify the mountpoint (Dataset name can be found using zfs list for root)
zfs set mountpoint=/a rpool/ROOT/s10x_u9wos_14a

iii.Mount the root dataset
zfs mount rpool/ROOT/s10x_u9wos_14a

6.Take a backup of /a/etc/passwd & /a/etc/shadow file before removing the root password from it.

# cp -p /a/etc/passwd /a/etc/passwd.13092013

# cp -p /a/etc/shadow /a/etc/shadow.13092013

7.Go to /a/etc/ directory and edit shadow file like below.

Before Modifications:

#grep root /a/etc/shadow

root:XD9erIqDGXYM.:12192::::::

After Modifications:

#grep root /a/etc/shadow

root::12192::::::

8.Reboot the system
#init 6

You may face some issue to edit the shadow file.Set the term as vt100 and use vi commands to navigate and delete the password. Typical arrows will not work to navigate it.

Hope now you are familiar to recover Solaris root password without any trouble.
Thank you for reading this article. Please leave a comment if you have any doubt.