Wednesday, 23 July 2014

Last week I have encountered an issue where we were not able to switch as a root user (su - root), as someone unfortunately changed the root password. Now our goal is to reset the root password on Solaris 11 server. NOTE: Solaris 11 having one of the restriction is that root can't be login through console directly, as its consider as a role account. we have to login as normal user and switch to root account. To make the root direct login in console, please refer the post "How to make root console login in Solaris 11".

High Level Plan:
  • Boot the server from bootable DVD. (here i'm using X86 server)
  • Import the root pool.
  • Mount the root pool dataset.
  • Edit the shadow file.
  • Reboot the server.
Boot the server from Bootable DVD and Select 3rd option, it will get into the shell prompt

Identify the root pool, Most of the time rpool is the default root pool. However, you can verify with the below command, this will show you all available pool details.
# zpool import |grep -i pool:
Import the root pool. (below example rpool is our root pool)
# zpool import -f -R /tmp/rpool rpool
Configure root pool dataset as legacy
# zfs set mountpoint=legacy rpool/ROOT/solaris
Mounting rpool dataset on /mnt
# mount -F zfs rpool/ROOT/solaris /mnt
Modifying the Root passwd
# cp /mnt/etc/shadow /mnt/etc/shadow_backup
# cp /mnt/etc/passwd /mnt/etc/passwd_backup
# TERM=vt100;export TERM
# EDITOR=vi;export EDITOR
Remove the encrypted password entry for root
# vi /mnt/etc/shadow
After removing the encrypted password that line should be like below
# grep -i root /mnt/etc/shadow
Now umount and set back the mountpoints and export the pool and reboot the server in single user mode.
# umount /mnt
# zfs set mountpoint=/ rpool/ROOT/solaris
# zpool export rpool
# halt 
For X86 : Boot from harddisk with single user mode by editing the grub menu with typing "e", then search the line which is start with $multiboot /ROOT and add -s at the end of the line and allow the system to boot from single user mode. here we can change our root passwd and reboot the server.

For Sparc: From OK prompt just enter boot -s that will allow you to enter single user mode.

COOL...You have successfully recovered the root passwd on Solaris 11. Please leave your valuable comments and  queries.