There are times when the root password of a Solaris system is lost and needs to be reset. The root account is the administrative account on any Unix-based operating system including Solaris. Without it, it is impossible to perform many of the administrative tasks on it.
This can happen when a key employee leaves the company without disclosing the root password to management. A new employee or contractor who comes in subsequently will need to break into the Solaris system and reset the password.
Booting the Solaris CD
The first step is to get a Solaris CD or DVD. There is no need to be particularly picky about what version of the OS is on the disc. Any Solaris disc will work since they all are able to mount the UFS filesystem. This means there is no need to match the version of Solaris on the disc with the system. For example, booting a Solaris 2.5.1 disc to get back into a Solaris 10 system will work.
Once a suitable CD or DVD has been found, it is time to boot the server. Press the STOP key (if on a Sun keyboard) or send the break signal (if on a PC or dumb terminal) at the moment when the system displays a system information banner which includes the amount of physical memory. The "ok" prompt should appear once the STOP or break signal has been received.
When the "ok" prompt comes up, type the following:
boot cdrom -s
This command will boot the CD or DVD into command line mode. There will be no request for a password. The root prompt will show up once the CD or DVD has finished loading the operating system into memory.
Mounting the Filesystem From a Solaris CD
Once the CD has finished booting, the next step is to mount the filesystem containing the root partition. Hopefully, you know which disk and partition has the root file partition. However, you can use the format command to figure out which partition might be the right one to mount.
Once you think you have figured out which partition to mount, type the following.
mount /dev/dsk/c0t0d0s0 /a
Replace the zeros in the command with the actual numbers for the partition. In particular, the number after the s represents the slice or partition on a hard drive. The rest of the numbers help the system identify which disk it is:
- c is for the controller
- t is for the LUN
- d is for the disk number.
It's common for the LUN and the disk number to be zero.
On a CD and DVD booted Solaris OS, almost everything is read-only. The two notable exceptions which you use to mount a filesystem are /a and /mnt. This means you can mount another partition or disk if necessary. For the purposes of restoring the root password, you only need one of them
Changing the Root Password
With the vi editor, open the /etc/shadow file on the disk. For the example above, the /etc/shadow file is actually located at /a/etc/shadow which takes the mount point into account. Remove the encrypted root password by removing everything in the second field for line that has the user root. The delimiter is the colon. Below is an example of the root user in the /etc/shadow file:
root:4Tksowe32:12863::::::
In this case, remove "4Tksowe32" but keep the colons surrounding the encrypted password. After removing the encrypted password, save the file in vi and exit. This changes the root password from whatever it was before to a blank password.
Halt and Reboot Solaris
Finally, it is time to boot the system. Halt the system with the command "halt" then remove the CD or DVD once the system has returned to the ok prompt. Then type "reset" at the "ok" prompt to boot the server.
You should be able to log into the server as user root with a blank password. Then change the root password with the "passwd" command. Keep in mind that most systems will not allow you to log in as root over the network, so you will want to perform this last step at the console.
If you are unfamiliar with any of the above commands or are unfamiliar with Solaris, read the Solaris OE Guide for New System Administrators which is a guide for new sysadmins produced by Sun Microsystems (now owned by Oracle).
