If the root password for a Unix system is lost or forgotten, it can be very difficult to regain root access and perform further administration work. Often it will be impossible. You could be lucky – there might be a user account with sudo access, or even a root shell still open on the system somewhere, for example on the system console. If the system is x86, you might be able to boot it from a live CD and restore root access by doctoring the root disk. Otherwise, with most systems (physical and virtual), it will often be a case of rebuilding the system from scratch.
Solaris is a bit different. It has long been possible with Solaris to regain root access by booting the physical system from a Solaris installation CD, mounting the original root disk and removing the root password string from the relevant file, usually /etc/shadow. The same technique works, surprisingly, with SPARC virtual systems, aka LDOMs. Proceed as follows.
1. Copy a Sun installation CD iso to the parent system and export it to the LDOM of interest. The parent system will usually be a SPARC blade or similar. Here, the name of the LDOM is ldom1:
# ldm add-vdsdev /LDOM/ldom1/sol-10-u8-ga-sparc-dvd.iso ldom1-cdrom@primary-vds0
# ldm add-vdisk ldom1-cdrom ldom1-cdrom@primary-vds0 ldom1
2. Stop the LDOM.
# ldm stop ldom1
3. Ensure that the LDOM is not set to auto boot.
# ldm list-variable auto-boot? ldom1
auto-boot?=False
Set the above variable to “False” if it was set to “True”.
4. Start the LDOM
# ldm start ldom1
5. Telnet to the LDOM console from the parent. At the “ok” prompt, look for the cdrom device:
{0} ok show-disks
a) /virtual-devices@100/channel-devices@200/disk@2
b) /virtual-devices@100/channel-devices@200/disk@1
c) /virtual-devices@100/channel-devices@200/disk@0
The cdrom will be the last disk added, ie the one with the highest index number, (a) above.
6. Boot into single-user more mode from the cdrom:
{0} ok boot -s /virtual-devices@100/channel-devices@200/disk@2
7. When the LDOM comes up, it will be already logged in as root. On the LDOM, mount the root disk as /mnt
ldom1# mount /dev/dsk/c0t0d0 /mnt
8. Edit the shadow file and delete the password entry for root
ldom1# vi /mnt/etc/shadow
9. Save the edits and reboot the ldom
ldom1# reboot
10. When he LDOM comes up full-user, login as root (no password will be asked) and set the root password to something appropriate:
ldom1# passwd root
That’s it.
Hi,
Thanks for such a great article and its of so much use. However I need help, and its related to rebooting the LDOM in Single user mode through ISO file.
Whenever I try to do is, its throwing an error,
Giving an error krtld:Unused kernel arguments: ‘/virtual-devices@100/channel-devices@200/disk@2’, and after that booting the system in Single user maintenance mode.
Can you please help, how we can resolve it
Thanks in advance, Dinesh Manral
Dinesh,
The system seems to have a problem with the boot command that was used. Please post the exact boot command you used, and the output of show-disks (from the ok prompt) on your system.
Jim
Hi Dinesh,
try the following boot command
{0} ok boot /virtual-devices@100/channel-devices@200/disk@2 -s
It’s also a good idea to check your aliases:
{0} ok devalias
That can make the boot command a little more convenient – for example, if the alias for
/virtual-devices@100/channel-devices@200/disk@2 is ‘cdrom’, you can boot from cdrom into single user mode with the following command:
{0} ok boot cdrom -s
BR,
Tom
Hi Tom/Jim,
Thanks a lot for the help, and sorry I am late (in fact 1 year :-)). It all sorted out now.
Cheers,
Dinesh Manral
Lol. Well thank you for posting back after a year, and confirming that Tom’s command works.
Thanks a lot
Same thing happened to me. I had to use the devalias rather than the full path.
THank you. I am so totally stealing this to build a work instruction from! Yes, I will cite my source.
Hi,
I am stuck at 7. When the LDOM comes up, it will be already logged in as root. On the LDOM, mount the root disk as /mnt. A prompt comes up to enter username for system maintenance (control-d to bypass). The root usernamd and pw do not work (working in Solaris11), neither does control-d, control-c, or simply hitting enter to bypass. I do not know any of the other usernames. Can you please help? Thanks
same thing for me!
any help?
Sorry guys, I don’t know why your Sparc systems came up asking for login. It worked fine when I tested it, before writing the article. I hope you manage to get a solution.
Isn’t the article about SPARC ?
Yes the article is about SPARC. That’s why I called it “Root Password Recovery on a Sparc LDOM”.
For Sparc Systems , how to find the root file system , is it always /dev/dsk/c0t3d0s0 or we need to figure it out first; what are the commands to identify the root file system.
Any help will be greatly appreciated… Thanks!
Hi Mohib, I don’t fully understand your question. But the root file system on Solaris (or any unix) can be identified with the shell command
df -k /
Hope that is of help.
I don’t know whether it’s just me or if perhaps everybody else
encountering problems with your website. It appears like some of the written text in your content are running off the screen. Can somebody else please provide feedback and let me know if this is
happening to them as well? This might be a issue with
my web browser because I’ve had this happen before. Thanks