SUMMARY:Forgot root passwd

From: P Sharma <>
Date: Mon Dec 17 2001 - 13:17:23 EST
Hi Unix Gurus,
I thank all for the help.

I've forgotten the root password; how can I recover? 
You need to have access to the machine's console. 

1. Note the root partition (e.g. /dev/sd0a or
2. Hit STOP-A or L1-A (or, on an ASCII terminal or
emulator, send a 
) to halt the operating system, if it's running. 
3. Boot single-user from CD-ROM (boot cdrom -s) or
install/jumpstart server (boot net -s) (NB: if it asks
you for a prom 
password, see below.) 
4. Mount the root partition (e.g. /dev/dsk/c0t3d0s0)
on "/a". "/a" is 
an empty mount point that exists at this stage of the
procedure. (mount /dev/dsk/c0t3d0s0 /a) 
5. Set your terminal type so you can use a full-screen
editor, e.g. vi. 
(you can skip this step if you know how to use "ex" or
"vi" from open 
mode). If you're on a sun console, type "TERM=sun;
export TERM"; if 
you're using an ascii terminal (or terminal emulator
on a PC) for your 
console, set TERM to the terminal type (e.g.
TERM=vt100; export TERM). 
6. Edit the passwd file (/a/etc/passwd for SunOS 4.x, 
for SunOS 4.x with shadow passwords/C2 security),
/a/etc/shadow for 
Solaris 2.x and remove the encrypted password entry
for root 
7. cd to /; Type "umount /a" 
8. reboot as normal in single-user mode ("boot -s").
The root account 
not have a password. Give it a new one using the
passwd command. 

Thanks to Stefan Voss 

PROM passwords: 

Naturally, you may not want anyone with physical
access to the machine 
be able to do the above to erase the root password.
Suns have a 
password mechanism in the PROM which can be set (this
is turned off by 
default). The man page for the eeprom command
describes this feature. 

If security-mode is set to "command", the machine only
be booted 
the prom password from the default device (i.e.
booting from CD-ROM or 
install server will require the prom password).
Changing the root 
in this case requires moving the default device (e.g.
the boot disk) to 
different SCSI target (or equivalent), and replacing
it with a 
bootable device for which the root password is known.
If security-mode 
set to full, the machine cannot be booted without the
prom password, 
from the default device; defeating this requires
replacing the NVRAM on 
motherboard. "Full" security has its drawbacks -- if,
during normal 
operations, the machine is power-cycled (e.g. by a
power outage) or 
(e.g. by STOP-A), it cannot reboot without the
intervention of someone 
who knows the prom password. 

Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at
or bid at
sunmanagers mailing list
Received on Mon Dec 17 12:19:14 2001

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:30 EST