Resetting Root Password under Solaris
The following document explains how to change an unknown root password on a Solaris system. Use this only for disaster recovery purposes. Please be sure to read the Notes section below if you run into any problems.
1.Physical access to the Solaris machine
2.CD or DVD drive
1.Power-on the system and interrupt the boot sequence with Stop-a
2.Insert the Solaris Installation CD or the Solaris Operating System DVD
3.At the OK prompt type boot cdrom -sw 1
4.Once the system is booted in single-user mode, run format to view the listing of local hard drives.
5.Mount the primary boot disk under a temporary mountpoint:
mount /dev/dsk/c0t0d0s2 /mnt 2
6.Configure display and the text editor:
ksh stty erase export VISUAL=vi export TERM=vt100
7.Open the shadow file in the vi editor and remove the password hash for the root account (highlighted in red in the example below). Save the shadow file, exit vi and reboot the system:
vi /mnt/etc/shadow root:ZWwIYJKH4UAII:6445:::::: root::6445:::::: 3 :wq! reboot
8.Allow the system to bootup normally. Login as root without password. Use passwd command to set a new root password. 4
1.It may be important to use the correct release of the Solaris Installation CD-ROM. Some systems require specific drivers only found in certain releases. For example, a SunBlade 1500 may only boot from Solaris 9 CD or DVD dated 4/04, 9/04 or later. It may not boot from a Solaris 10 DVD dated 3/05, failing with an error: boot: cannot open kernel/sparcv9/unix. Strange but true, so it always helps to keep around a collection of Solaris installation CDs.
2.When booting from CD-ROM, make sure to use boot cdrom -s or boot cdrom -sw (not boot cdrom or boot -s cdrom). This will get you to the OS prompt forgoing the installation routine.
3.If you do boot cdrom -sw, and you have the correct disk in the drive, and the system still doesn’t boot, check the boot device alias: from the OK prompt run devalias and look at the cdrom line. The physical address for the device is rather confusing, but do you best to check whether it makes sense. It probably should have the word cdrom in it.
4.When editing the shadow file, make sure you vi the /mnt/etc/shadow and not the /etc/shadow. This is a simple thing but working under stress does not improve ones attention to detail.