Root Password Recovery on a Sparc LDOM

If the root password for a Unix system is lost or forgotten, it can be very difficult to regain root access and perform further administration work. Often it will be impossible. You could be lucky – there might be a user account with sudo access, or even a root shell still open on the system somewhere, for example on the system console. If the system is x86, you might be able to boot it from a live CD and restore root access by doctoring the root disk. Otherwise, with most systems (physical and virtual), it will often be a case of rebuilding the system from scratch.

Solaris is a bit different. It has long been possible with Solaris to regain root access by booting the physical system from a Solaris installation CD, mounting the original root disk and removing the root password string from the relevant file, usually /etc/shadow. The same technique works, surprisingly, with SPARC virtual systems, aka LDOMs. Proceed as follows.

1. Copy a Sun installation CD iso to the parent system and export it to the LDOM of interest. The parent system will usually be a SPARC blade or similar. Here, the name of the LDOM is ldom1:

# ldm add-vdsdev /LDOM/ldom1/sol-10-u8-ga-sparc-dvd.iso ldom1-cdrom@primary-vds0
# ldm add-vdisk ldom1-cdrom ldom1-cdrom@primary-vds0 ldom1

2. Stop the LDOM.

# ldm stop ldom1

3. Ensure that the LDOM is not set to auto boot.

# ldm list-variable auto-boot? ldom1
auto-boot?=False

Set the above variable to “False” if it was set to “True”.

4. Start the LDOM

# ldm start ldom1

5. Telnet to the LDOM console from the parent. At the “ok” prompt, look for the cdrom device:

{0} ok show-disks
a) /virtual-devices@100/channel-devices@200/disk@2
b) /virtual-devices@100/channel-devices@200/disk@1
c) /virtual-devices@100/channel-devices@200/disk@0

The cdrom will be the last disk added, ie the one with the highest index number, (a) above.

6. Boot into single-user more mode from the cdrom:

{0} ok boot -s /virtual-devices@100/channel-devices@200/disk@2

7. When the LDOM comes up, it will be already logged in as root. On the LDOM, mount the root disk as /mnt

ldom1# mount /dev/dsk/c0t0d0 /mnt

8. Edit the shadow file and delete the password entry for root

ldom1# vi /mnt/etc/shadow

9. Save the edits and reboot the ldom

ldom1# reboot

10. When he LDOM comes up full-user, login as root (no password will be asked) and set the root password to something appropriate:

ldom1# passwd root

That’s it.

16 thoughts on “Root Password Recovery on a Sparc LDOM

  1. Hi,

    Thanks for such a great article and its of so much use. However I need help, and its related to rebooting the LDOM in Single user mode through ISO file.

    Whenever I try to do is, its throwing an error,
    Giving an error krtld:Unused kernel arguments: ‘/virtual-devices@100/channel-devices@200/disk@2’, and after that booting the system in Single user maintenance mode.

    Can you please help, how we can resolve it

    Thanks in advance, Dinesh Manral

    • Dinesh,

      The system seems to have a problem with the boot command that was used. Please post the exact boot command you used, and the output of show-disks (from the ok prompt) on your system.

      Jim

    • Hi Dinesh,

      try the following boot command
      {0} ok boot /virtual-devices@100/channel-devices@200/disk@2 -s

      It’s also a good idea to check your aliases:
      {0} ok devalias
      That can make the boot command a little more convenient – for example, if the alias for
      /virtual-devices@100/channel-devices@200/disk@2 is ‘cdrom’, you can boot from cdrom into single user mode with the following command:

      {0} ok boot cdrom -s

      BR,
      Tom

  2. Hi,

    I am stuck at 7. When the LDOM comes up, it will be already logged in as root. On the LDOM, mount the root disk as /mnt. A prompt comes up to enter username for system maintenance (control-d to bypass). The root usernamd and pw do not work (working in Solaris11), neither does control-d, control-c, or simply hitting enter to bypass. I do not know any of the other usernames. Can you please help? Thanks

  3. Sorry guys, I don’t know why your Sparc systems came up asking for login. It worked fine when I tested it, before writing the article. Unfortunately I don’t have access to any Sparc systems for testing/investigation. I hope you manage to get a solution.

  4. For Sparc Systems , how to find the root file system , is it always /dev/dsk/c0t3d0s0 or we need to figure it out first; what are the commands to identify the root file system.
    Any help will be greatly appreciated… Thanks!

    • Hi Mohib, I don’t fully understand your question. But the root file system on Solaris (or any unix) can be identified with the shell command

      df -k /

      Hope that is of help.

  5. I don’t know whether it’s just me or if perhaps everybody else
    encountering problems with your website. It appears like some of the written text in your content are running off the screen. Can somebody else please provide feedback and let me know if this is
    happening to them as well? This might be a issue with
    my web browser because I’ve had this happen before. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.