Articles & Tutorials

Resetting a lost root password on a Sun Solaris Machine (Sparc & x86)
By Tony Trus

All too often, an IT department faces the burden of having to reset a password on a server that was kept secret by a former employee. While there are plenty of great utilities that can do this on Windows NT/2000/XP (Winternals Locksmith for example), there are no unlocking/resetting programs for Solaris. The reason for this is simple: Proprietary partition types keep Linux bootdisks from being able to mount a Solaris box and 3rd party companies are not allowed to create a Solaris bootdisk to distribute due to licensing and copyright infringement.

Well now that you have heard the bad news, the good news should be much easier to digest. You can put that purchase order back in your pocket for buying a tool to reset that Solaris box and follow the instructions below to guide you step by step through the process of resetting that password in-house. It is highly advisable to have someone familiar with any form of unix/linux and can use the built in editor “vi” available on site or by phone when you plan to perform these steps.

Instructions for Solaris on Sparc Platform

Insert the Sparc solaris Install CD into the machine’s CD-ROM

Reboot machine if box is on and booted

When machine begins to boot, hold down the “stop” button and press the letter “a”. Keep typing “a” every 2-3 seconds until the boot process halts and you are taken to a prompt that says “ok”

type “boot cdrom –s” (boots you to single user mode)

Once in single user mode, you should set a few things. One of the first things you should try is hitting the backspace key. Does it work? If not, type “stty erase [press backspace key you want to use]”

Now that backspace works, lets set up our terminal emulation. Type “export TERM;TERM=vt100”

If you have gotten this far, you are 75% done!

Next, we must look at your available disks to determine which one should get mounted. Change directories to /dev/dsk by typing “cd /dev/dsk”

Next, type “ls” to list the contents of the /dev/dsk directory. In most cases, the boot device will be c0t0d0s0. If you see this device in the list, try mounting it.

To mount the disk, type “mount /dev/dsk/c0t0d0s0 /a”

Three possibilities can occur from the mount command
1) mount fails because device does not exist or is of unknown type
2) mount fails because the partition was not cleanly unmounted (also known as dirty) and a file systems check must be issues prior to issuing the mount command
3) mount succeeds and you are returned to the prompt with no errors or warnings.

If scenario 1 happens, keep trying other items such as c0t0d1s0 or c0t1d0s0 until it gives you scenario 2 or 3. If scenario 2 occurs, simply type “fsck /dev/dsk/c0t0d0s0” (or whatever partition it is) to check and correct inconsistencies. After running the fsck command, try issuing the mount command again and it should work.

If you have gotten to this point, you are only moments away from resetting that root password.

Now that you have mounted your partition, lets change directories to it by typing “cd /a”

Now type “ls” and see if you have found the right partition. If you have, you will see a subfolder called “etc”. If not, unmount that partition and try another. Most likely you will have gotten it the first time around though. Type “cd /a/etc”

99% of Solaris machines put the encrypted password into /a/etc/shadow and not in /a/etc/passwd so I as the writer of this document will assume that your password exists in shadow. Type “vi /a/etc/shadow” and if the correct terminal type is set, you will see a bunch of users and a first line that looks similar to this:

root:s3fSGda2hDljk:0:3:whatever:/:/bin/sh

For those who are curious, here is what each of the fields are:
username:password:uid:gid:gcos-field:home-dir:login-shell

The important thing is the 13 characters (or more if using MD5 encryption) to the right of root:

To reset the password, simply remove those 13 characters and save file. The file is read only so you will have to use the vi override command “:w!”

So now the new line should look like this:

root::0:3:whatever:/:/bin/sh

Exit out of vi after saving and type “init 6”

Your Solaris box should now be password free for login root. Make sure to change that password immediately upon reboot so that your machine will be secure.

Instructions for Solaris on Sparc Platform
Unlike the Sparc platform, Solaris for X86 must sit on windows based architecture so there is no stop key on the keyboard and there is no PROM where you can specify low level parameters and boot sequences. The Device Configuration Assistant (DCA) portion of the Intel boot process can be interrupted by hitting escape (when prompted). This is the Intel version of the Boot Prom Monitor. From here forward, the reset procedure is identical to the Sparc so you can type “boot cdrom –s” and keep following the instructions above.