Solaris root password recovery


SUMMARY: Solaris root password recovery

Andy Ford at
Thu Jan 22 11:23:18 EST 2004

Thank you to Phil Grisedale for this comprehensive recovery method....

------------------- start ----------------
follow these steps you will have to use a new password though.

You need to have physical access to the machine's console.

Note the root partition; Solaris 8 uses /dev/dsk/c0t0d0s0 on the Ultra5/10
and Blade 100, /dev/dsk/c0t1d0s0 for Blade 1000.

Press the STOP and A keys simultaneously, or, on an ASCII terminal or
emulator, send a <BREAK>) to halt the operating system, if it's running.

Boot single-user from CD-ROM (boot cdrom -s) or network install/jumpstart
server (boot net -s). For Solaris 8 use the CD-ROM labeled "Installation".
(If it asks you for a prom password, see below.)

Mount the root partition on "/a". "/a" is an empty mount point that exists
at this stage of the installation procedure. For example: #mount
/dev/dsk/c0t0d0s0 /a

If the mount command fails and since "/a" always exists, then you either
typed in the wrong device, OR the system is seeing the root partition as
something else. Do a "ls /tmp/dev/dsk" and see what is there. "c0t6" things
are the CD-ROM, what is left is what one needs to try. On a Blade 1000/2000,
choose /dev/dsk/c1t1d0s0, and execute: #mount /dev/dsk/c1t1d0s0 /a

Set your terminal type so you can use a full-screen editor, such as vi. You
can skip this step if you know how to use "ex" or "vi" from open mode. If
you're on a sun console, type "TERM=sun; export TERM"; If you are using an
ascii terminal or terminal emulator on a PC for your console, set TERM to
the terminal type for example: TERM=vt100; export TERM.

Edit the passwd file, /a/etc/shadow (or perhaps in older versions,
/etc/passwd) and remove the encrypted password entry for root.

Type: "cd /; then "umount /a"

Reboot as normal in single-user mode ("boot -s"). The root account will not
have a password. Give it a new one using the passwd command.

PROM passwords: Naturally, you may not want anyone with physical access to
the machine to be able to do the above to erase the root password. Suns have
a security password mechanism in the PROM which can be set (this is turned
off by default). The man page for the eeprom command describes this feature.
If security-mode is set to "command", the machine only be booted without the
prom password from the default device (i.e. booting from CD-ROM or install
server will require the prom password). Changing the root password in this
case requires moving the default device (e.g. the boot disk) to a different
SCSI target (or equivalent), and replacing it with a similarly bootable
device for which the root password is known. If security-mode is set to
full, the machine cannot be booted without the prom password, even from the
default device; defeating this requires replacing the NVRAM on the
motherboard. "Full" security has its drawbacks -- if, during normal
operations, the machine is power-cycled (e.g. by a power outage) or halted
(e.g. by STOP-A), it cannot reboot without the intervention of someone who
knows the prom password
--------- end -----------------

Thank you to all that replied



-----Original Message-----
From: sunmanagers-bounces at
[mailto:sunmanagers-bounces at]On Behalf Of Andy Ford
Sent: 19 January 2004 07:02
To: sunmanagers at
Subject: Solaris root password revovery

I have a Solaris box where I have lost the root password. I have another
account on the box so I can still log in.

Can I recover the root password without a full rebuild??



perl -e 'print qq^;@) [###]^^qq^z\.MY{eLQ9^'
in:control developer, Telindus, RG27 9HY
DDI: +44 1256 709211, GSM: +44 7810 636652
sunmanagers mailing list
sunmanagers at

perl -e 'print qq^;@) [###]^^qq^z\.MY{eLQ9^'
in:control developer, Telindus, RG27 9HY
DDI: +44 1256 709211, GSM: +44 7810 636652
sunmanagers mailing list
sunmanagers at