Last week I have encountered an issue where we were not able to switch as a root user (su - root), as someone unfortunately changed the root password. Now our goal is to reset the root password on Solaris 11 server. NOTE: Solaris 11 having one of the restriction is that root can't be login through console directly, as its consider as a role account. we have to login as normal user and switch to root account. To make the root direct login in console, please refer the post "How to make root console login in Solaris 11".
High Level Plan:
- Boot the server from bootable DVD. (here i'm using X86 server)
- Import the root pool.
- Mount the root pool dataset.
- Edit the shadow file.
- Reboot the server.
Identify the root pool, Most of the time rpool is the default root pool. However, you can verify with the below command, this will show you all available pool details.
# zpool import |grep -i pool: pool:rpool pool:unixrepo #Import the root pool. (below example rpool is our root pool)
# zpool import -f -R /tmp/rpool rpool #Configure root pool dataset as legacy
# zfs set mountpoint=legacy rpool/ROOT/solaris #Mounting rpool dataset on /mnt
# mount -F zfs rpool/ROOT/solaris /mnt #Modifying the Root passwd
# cp /mnt/etc/shadow /mnt/etc/shadow_backup # cp /mnt/etc/passwd /mnt/etc/passwd_backup # TERM=vt100;export TERM # EDITOR=vi;export EDITORRemove the encrypted password entry for root
# vi /mnt/etc/shadow root:$5$hzZlNEsJ$iuZHgU4xIQ72LfnmyPj7jzsyn.kbwdl0Ig4lbztnEQ4:16273::::::13888After removing the encrypted password that line should be like below
# grep -i root /mnt/etc/shadow root::16273::::::13888 #Now umount and set back the mountpoints and export the pool and reboot the server in single user mode.
# umount /mnt # zfs set mountpoint=/ rpool/ROOT/solaris # zpool export rpool # halt
For X86 : Boot from harddisk with single user mode by editing the grub menu with typing "e", then search the line which is start with $multiboot /ROOT and add -s at the end of the line and allow the system to boot from single user mode. here we can change our root passwd and reboot the server.
COOL...You have successfully recovered the root passwd on Solaris 11. Please leave your valuable comments and queries.