Link to home
Create AccountLog in
Avatar of sajmf0408

asked on

Recover root acct

Made an error.  My root passwd expired and I was prompted to change it.  Prior to changing  I logged into root via sudo, went to change the root acct in /etc/shadow to where it would never expire by making a copy of the root line and commenting out the original line. Saved it an tried testing it out not realizing that I didn't leave an extra putty window opened already logged in as root just in case.
Tried to su -  now and receive this:
su: Unknown id: root

Tried to sudo and received this:
-bash-3.2$ /opt/sfw/bin/sudo -s
sudo: pam_authenticate: No account present for user

What can I do to recover the root acct?
Avatar of Zephyr ICT
Zephyr ICT
Flag of Belgium image

Maybe you can restart in single user mode and reset/undo changes this way ... But, what OS/version/system are you running?
Avatar of sajmf0408


Solaris 10
Solaris 10 10/09
I won't be able to do that because I need to be root or I would have to power off the server right.
yes, you can only do that by powering off/rebooting the server yes... You can boot the server with the Solaris 10 CD and choose option 6 (if I recall correctly)
Couldn't I boot to single user mode and log in as root that way?  I didn't change the password yet when it prompted me I just modified the shadow file.  This is what i did (I changed the alphanumeric values, but this is how it looks):
Mmmm if you boot into single user mode, but I think it's called Solaris failsafe archive no? Then you can do that ... Anyway, down time is needed I'm afraid.
That's fine.  I have to do some system patching anyway so this works out.  I can do it all during the same downtime.  I looked up failsafe mode because I used it before.  Does this look right:
Recovering root password on Solaris SPARC server:

1.Bring the server to OK prompt.
If the server is up and running then login to server console,you can initiate the reset or send break signal to bring the server to OK prompt.

2.Boot the OS in failsafe mode from OK prompt.
#ok boot -F failsafe
3.Once the server is booted up in failsafe mode,then mount the root disk in /mnt .
If you don’t know the root disk,then execute format command and check one by one.
#mount /dev/dsk/c1t1d0s0 /mnt

4.Take a backup of /mnt/etc/passwd & /mnt/etc/shadow file before removing the root password from it.
# cp -p /mnt/etc/passwd /mnt/etc/passwd.13092013
# cp -p /mnt/etc/shadow /mnt/etc/shadow.13092013

5.Now remove the encrypted password entry for root from /mnt/etc/shadow file using vi editor.You may need to set term to edit the file.(For bash shell — >#export TERM=vt100)
Before Modifications:
#grep root /a/etc/shadow

After Modifications:
#grep root /a/etc/shadow

6. Update the boot archive to ensure boot archive is up to date.
# bootadm update-archive -R /mnt
Creating boot_archive for /mnt
updating /a/platform/sun4u/boot_archive
7.  Reboot your system using init command.
# init 6
Yep, that seems to be what I remember ... Mounting the root disk and change the file ...

Good luck!
Thanks.  I will tell you how it goes.  By the way I looked at another link and noticed the mountpoint was different.  It's saying to mount to /mnt, then further down reference /a.  Is that right? Below are alternate links i looked up.

mount root to /mnt
Then if you look at step 5 it shows to edit the shadow file by:
grep root /a/etc/shadow
bootadm update-archive -R /mnt

The second link I saw showed this referencing /a:

This one also /a
yeah, it's basically saying the same thing, mount it to /mnt ... The "a" used in the other resource is just a mount point, you could create a folder named "a" under mount and mount the root folder there ... This way you're not mounting to /mnt directly.
Ok.  Just so i don't get confused it's best to use option 2 or 3 since it doesn't require me mounting to /mnt directly correct?
Yeah, it's not about better, you might call it "cleaner" ... In the end it's all the same and once you reboot you won't have any worries about it.
ok.  I will respond with the outcome.
Ok, thanks.
I have on other question: when I go to failsafe mode the instructions state:
mount root disk
fsck -y root disk
shouldn't i leave it unmounted then run fsck?
Normally yes, but if it's not in use/busy it can work when mounted like this ...
ok. Thanks.  I'll be doing this today so I'll have a response later.  Thanks again for your patience and help.
Avatar of Zephyr ICT
Zephyr ICT
Flag of Belgium image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I can fsck our filessystem that's connected to our tape device as well since the system will already be down.