Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

How to recover root password (root disk is encapsulated and mirrored)

Created: 05 Sep 2013 • Updated: 21 Nov 2013 | 10 comments
This issue has been solved. See solution.

Hi Team,

I have forgotten root password.

I need to know the procedure to recover root password.

My server has Veritas volume manager and root disk is encapsulated and mirrored.

Note: I can't use the below procedure because server goes in panic mode as root disk is encapsulated and mirrored.

Sun Sparc System
----
1. Break signal from ILOM to bring system in OK system.

2. insert solaris DVD

3. boot cdrom -s (Single user mode)

4. Identify boot disk

eeprom boot-device

format <find c#t#d# format of boot disk>

example disk@0,0:a --a--slice 0

now run fsck on root disk.

fsck /dev/rdsk/c1t0d0s0

5.mount /dev/rdsk/c1t0d0s0 /a

6. TERM=vt100; export TERM

7. echo $TERM

8. vi /a/etc/shadow

9. remove root password by removing the data between 1st and 2nd collon for root username.

10. cd /
umount /a

11. reboot

12. root password is blank so just press ENTER to login.

13. more /etc/shadow

14. passwd (to change root passward).

15. logout and login with new passward.

 Please provide the well tested and standard procedure for my environment.

Thanks in advance.

Regards,

SK Mangal

 

 

 

 

 

Operating Systems:

Comments 10 CommentsJump to latest comment

mikebounds's picture

On which command does the server panic as I can't see why having root disk encapsulated and mirrored would make a difference as you are booting from CD, so no volume manager processes will be started.

I think the slice for root is normally still on the label, even though disk is encapulated, so I can't think why you shouldn't be able to mount it.  But when you do boot back normally, you will have to resync the mirror as it will be out of sync.

Mike

UK Symantec Consultant in VCS, GCO, SF, VVR, VxAT on Solaris, AIX, HP-ux, Linux & Windows

If this post has answered your question then please click on "Mark as solution" link below

SKMangal's picture

Hi Mike, Thanks for the response. After Step 10, when we reboot the system, the system may be going in cyclic reboot or panic mode because there is different password in root and root-mirror disks. I have come across a procedure where it is done in other way(Rebooting wihtout veritas environment) . http://www.linuxmisc.com/3-solaris/a73c709b615f83d... http://www.symantec.com/business/support/index?pag... Can you kindly check and provide your valuable comments. Thanks in Advance. Regards, Shailendra Kumar Mangal

mikebounds's picture

I think this may work - its a long time since I have done this sort of stuff:

 

If you touch etc/vx/reconfig.d/state.d/install-db this will stop volume manger from starting, but if VM does not start I think the system will not boot normally as /etc/system and /etc/vfstab will contain references to /dev/vx/dsk. not /dev/cXtXdXsX, but I think system may boot to single user mode so that you can fix the mirror as your link sugests.
If this doesn't work, then when you boot from CD you can revert /etc/system and /etc/vfstab back to before system was encapulated (there should be /etc/*.prevm files) and then you can boot without VM on the underlining slices (see http://www.symantec.com/business/support/index?page=content&id=TECH157465 and then you can re-encapsulate and mirror from g_lee post)  and then after this you can re-encapsulate and mirror
 
Mike

 

UK Symantec Consultant in VCS, GCO, SF, VVR, VxAT on Solaris, AIX, HP-ux, Linux & Windows

If this post has answered your question then please click on "Mark as solution" link below

g_lee's picture

The steps in the first link ( http://www.linuxmisc.com/3-solaris/a73c709b615f83d... ) won't work, as it only touches install-db - as Mike pointed out, it neglects the required modifications to system and vfstab.

The system will break out of boot as it won't be able to access the /dev/vx devices; it may let you modify the files, but depending on how far it gets through it may not and/or may cause other issues as it's an interrupted boot rather than a clean boot to single user.

ie: avoid doing this, likelihood of messing up the configuration is high unless you are very familiar with what you're doing, which does not appear to be the case.

The second link you've mentioned (TECH71339 http://www.symantec.com/business/support/index?pag... ) would work, as it's effectively a cut-down version of the steps from TECH157465 - however TECH157465 mentions various other steps/considerations/precautions that might be relevant for your environment, and it also has the steps required to reencapsulate once you've booted from the disk / fixed the password issue.

If this post has helped you, please vote or mark as solution

g_lee's picture

As Mike mentioned, when you boot from CD it shouldn't start volume manager processes.

However, you will have issues when you go to reboot from disk after changing the password, as the shadow file will not be in sync between the two mirrors, so this could cause corruption.

If you're purely trying to recover the root password and have access to perform vxvm operations, it would probably be easiest to:

- detach/remove rootmirror plexes in rootdg

- boot from cd to reset root password on rootdisk

- boot from disk

- recreate/reattach rootmirror to rootdg

If you don't have access to perform vxvm operations, then you'll need to unencapsulate - see the following technote:

TECH157465: 3 ways to unencapsulate (including manual unencapsulation)

http://www.symantec.com/business/support/index?pag...

You will need to reencapsulate once you've booted back onto disk.

If this post has helped you, please vote or mark as solution

SOLUTION
SKMangal's picture

Hi Lee,

Thanks for the response.

How shall we have the access to perform VxVM operations if we are not able to login to root?

Can you please explain?

Thanks in Advance.

Regards,
Shailendra Kumar Mangal

kjbss's picture

Maybe this is taken for granted already that you have checked this, but I'll go ahead and mention it anyway:

It is quite common these days to have sudo set up for your system administrators, and if you do have this set up then you do not need to know the root's password, you only need to know one of your system administrator passwords (or work with them) and follow the procedure:

 

1. log in as a system admin who is set up to run the sudo command (has an entry in the sudoers file)

2. sudo to root:    sudo su -

3. enther that system admin's password

4. now you are running with root priviledges, so just change root's password.

If you do have sudo set up, this is a very easy fix for your situation.

If you did not have sudo set up, you should probably consider doing this on all your servers in the future.

 

Hope that helps...

 

SKMangal's picture

Hi,

I am not aware about sudo setup.

Can you kindly explain me on it or provide any link to check further.

I think, we do not have such kind of set up in our environment.

Thanks

Regards,
Shailendra Kumar Mangal

g_lee's picture

Mangal (since we're picking names at random),

You might have access to vxvm operations if you used a third-party product that allowed you to switch to root / run certain commands as root (eg: sudo per kjbss's suggestion, or another proprietary product such as CA access control / seos / sesu, TAM, etc).

If you were using either of these solutions you may have access to change the password as kjbss mentioned depending on how it has been configured (or you may not, eg: you may only have access to run certain commands, not including passwd).

As it sounds like neither of these options apply to your configuration, refer to the technote in my initial reply for the steps to unencapsulate.

If this post has helped you, please vote or mark as solution

Girish Puppala's picture

Hi Shailendra,

In simple terms sudo is a facility that allow you to run a command  with root or other user privilege , provided that  you have configure so.
If you run commands with sudo or if you switch to other users with sudo, you need to provide your password rather that root or other users password.
If  sudo is setup for you and want to know what are the things you can do  via sudo facility, give
sudo -l
if sudo command is in your search path, then it will ask for your password and list  the commands you can run via sudo
if not it simply returns no command found error, then you need to find out the path of the sudo command

For more details look at man sudo or google it

 

-Girish Puppala