Forum Discussion

SKMangal's avatar
SKMangal
Level 3
12 years ago

How to recover root password (root disk is encapsulated and mirrored)

Hi Team,

I have forgotten root password.

I need to know the procedure to recover root password.

My server has Veritas volume manager and root disk is encapsulated and mirrored.

Note: I can't use the below procedure because server goes in panic mode as root disk is encapsulated and mirrored.

Sun Sparc System
----
1. Break signal from ILOM to bring system in OK system.

2. insert solaris DVD

3. boot cdrom -s (Single user mode)

4. Identify boot disk

eeprom boot-device

format <find c#t#d# format of boot disk>

example disk@0,0:a --a--slice 0

now run fsck on root disk.

fsck /dev/rdsk/c1t0d0s0

5.mount /dev/rdsk/c1t0d0s0 /a

6. TERM=vt100; export TERM

7. echo $TERM

8. vi /a/etc/shadow

9. remove root password by removing the data between 1st and 2nd collon for root username.

10. cd /
umount /a

11. reboot

12. root password is blank so just press ENTER to login.

13. more /etc/shadow

14. passwd (to change root passward).

15. logout and login with new passward.

 Please provide the well tested and standard procedure for my environment.

Thanks in advance.

Regards,

SK Mangal

 

 


 

 

 

  • As Mike mentioned, when you boot from CD it shouldn't start volume manager processes.

    However, you will have issues when you go to reboot from disk after changing the password, as the shadow file will not be in sync between the two mirrors, so this could cause corruption.

    If you're purely trying to recover the root password and have access to perform vxvm operations, it would probably be easiest to:

    - detach/remove rootmirror plexes in rootdg

    - boot from cd to reset root password on rootdisk

    - boot from disk

    - recreate/reattach rootmirror to rootdg

    If you don't have access to perform vxvm operations, then you'll need to unencapsulate - see the following technote:

    TECH157465: 3 ways to unencapsulate (including manual unencapsulation)

    http://www.symantec.com/business/support/index?page=content&id=TECH157465

    You will need to reencapsulate once you've booted back onto disk.

  • On which command does the server panic as I can't see why having root disk encapsulated and mirrored would make a difference as you are booting from CD, so no volume manager processes will be started.

    I think the slice for root is normally still on the label, even though disk is encapulated, so I can't think why you shouldn't be able to mount it.  But when you do boot back normally, you will have to resync the mirror as it will be out of sync.

    Mike

  • As Mike mentioned, when you boot from CD it shouldn't start volume manager processes.

    However, you will have issues when you go to reboot from disk after changing the password, as the shadow file will not be in sync between the two mirrors, so this could cause corruption.

    If you're purely trying to recover the root password and have access to perform vxvm operations, it would probably be easiest to:

    - detach/remove rootmirror plexes in rootdg

    - boot from cd to reset root password on rootdisk

    - boot from disk

    - recreate/reattach rootmirror to rootdg

    If you don't have access to perform vxvm operations, then you'll need to unencapsulate - see the following technote:

    TECH157465: 3 ways to unencapsulate (including manual unencapsulation)

    http://www.symantec.com/business/support/index?page=content&id=TECH157465

    You will need to reencapsulate once you've booted back onto disk.

  • Maybe this is taken for granted already that you have checked this, but I'll go ahead and mention it anyway:

    It is quite common these days to have sudo set up for your system administrators, and if you do have this set up then you do not need to know the root's password, you only need to know one of your system administrator passwords (or work with them) and follow the procedure:

     

    1. log in as a system admin who is set up to run the sudo command (has an entry in the sudoers file)

    2. sudo to root:    sudo su -

    3. enther that system admin's password

    4. now you are running with root priviledges, so just change root's password.

    If you do have sudo set up, this is a very easy fix for your situation.

    If you did not have sudo set up, you should probably consider doing this on all your servers in the future.

     

    Hope that helps...

     

  • Hi Mike, Thanks for the response. After Step 10, when we reboot the system, the system may be going in cyclic reboot or panic mode because there is different password in root and root-mirror disks. I have come across a procedure where it is done in other way(Rebooting wihtout veritas environment) . http://www.linuxmisc.com/3-solaris/a73c709b615f83d3.htm http://www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=TECH71339 Can you kindly check and provide your valuable comments. Thanks in Advance. Regards, Shailendra Kumar Mangal

  • Hi Lee, Thanks for the response. How shall we have the access to perform VxVM operations if we are not able to login to root? Can you please explain? Thanks in Advance. Regards, Shailendra Kumar Mangal
  • Hi, I am not aware about sudo setup. Can you kindly explain me on it or provide any link to check further. I think, we do not have such kind of set up in our environment. Thanks Regards, Shailendra Kumar Mangal
  • I think this may work - its a long time since I have done this sort of stuff:

     

    If you touch etc/vx/reconfig.d/state.d/install-db this will stop volume manger from starting, but if VM does not start I think the system will not boot normally as /etc/system and /etc/vfstab will contain references to /dev/vx/dsk. not /dev/cXtXdXsX, but I think system may boot to single user mode so that you can fix the mirror as your link sugests.
    If this doesn't work, then when you boot from CD you can revert /etc/system and /etc/vfstab back to before system was encapulated (there should be /etc/*.prevm files) and then you can boot without VM on the underlining slices (see http://www.symantec.com/business/support/index?page=content&id=TECH157465 and then you can re-encapsulate and mirror from g_lee post)  and then after this you can re-encapsulate and mirror
     
    Mike

     

  • Mangal (since we're picking names at random),

    You might have access to vxvm operations if you used a third-party product that allowed you to switch to root / run certain commands as root (eg: sudo per kjbss's suggestion, or another proprietary product such as CA access control / seos / sesu, TAM, etc).

    If you were using either of these solutions you may have access to change the password as kjbss mentioned depending on how it has been configured (or you may not, eg: you may only have access to run certain commands, not including passwd).

    As it sounds like neither of these options apply to your configuration, refer to the technote in my initial reply for the steps to unencapsulate.

  • The steps in the first link ( http://www.linuxmisc.com/3-solaris/a73c709b615f83d3.htm ) won't work, as it only touches install-db - as Mike pointed out, it neglects the required modifications to system and vfstab.

    The system will break out of boot as it won't be able to access the /dev/vx devices; it may let you modify the files, but depending on how far it gets through it may not and/or may cause other issues as it's an interrupted boot rather than a clean boot to single user.

    ie: avoid doing this, likelihood of messing up the configuration is high unless you are very familiar with what you're doing, which does not appear to be the case.

    The second link you've mentioned (TECH71339 http://www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=TECH71339 ) would work, as it's effectively a cut-down version of the steps from TECH157465 - however TECH157465 mentions various other steps/considerations/precautions that might be relevant for your environment, and it also has the steps required to reencapsulate once you've booted from the disk / fixed the password issue.

  • Hi Shailendra,


    In simple terms sudo is a facility that allow you to run a command  with root or other user privilege , provided that  you have configure so.
    If you run commands with sudo or if you switch to other users with sudo, you need to provide your password rather that root or other users password.
    If  sudo is setup for you and want to know what are the things you can do  via sudo facility, give
    sudo -l
    if sudo command is in your search path, then it will ask for your password and list  the commands you can run via sudo
    if not it simply returns no command found error, then you need to find out the path of the sudo command

    For more details look at man sudo or google it

     

    -Girish Puppala