Article 18688 of comp.sys.sun.misc: Path: mri.com!news.aimnet.com!news.sprintlink.net!howland.reston.ans.net!newsfeed.internetmci.com!news.kei.com!nntp.coast.net!swidir.switch.ch!swsbe6.switch.ch!aragorn.unibe.ch!MEMpc104!frala From: frala@mem.unibe.ch (Frank Langlotz) Newsgroups: comp.sys.sun.misc Subject: Re: Help! Need root password Date: Thu, 30 May 1996 10:49:41 LOCAL Organization: University of Bern, Switzerland Lines: 55 Message-ID: References: <4oi100$3v6@alpha.sky.net> <1996May30.033001.7390@zcon.com> NNTP-Posting-Host: mempc104.unibe.ch X-Newsreader: Trumpet for Windows [Version 1.0 Rev B final beta #4] In article <1996May30.033001.7390@zcon.com> szh@zcon.com (Syed Zaeem Hosain) writes: >From: szh@zcon.com (Syed Zaeem Hosain) >Subject: Re: Help! Need root password >Date: Thu, 30 May 1996 03:30:01 GMT >In article <4oi100$3v6@alpha.sky.net>, dan@sky.net ((admin group) dan) writes: >>Syed Zaeem Hosain (szh@zcon.com) wrote: >>: In article <4oblop$t44@the-fly.zip.com.au>, rainbow@zip.com.au (Douglas Garstang) writes: >>: >>: Have you tried booting the system in single-user mode? This will allow >>: you access to the password files to delete the current root password. >>: Assuming, of course, that the prom password has not been assigned! >>: >>: You are right - reloading the OS is overkill if this simple procedure >>: works! :-) >> >>Of course, if there had been a security concious admin previously, single >>user booting may still require the root password. Still, it is not necessary >>to reinstall the OS. Boot from the install cd, and exit the install process >>as soon as you can, mounting manually the / partition to /mnt, then editing >>/etc/shadow to reflect no root password. (all of this assuming solaris 2) >Agreed. I forgot about the above possibility as well. There is one other way that has not been mentioned yet. It requires some programming but has the advantage that the machine needs not to be rebooted. I once had to do it for our server. Requirements: 1. A server on which root's shell has been changed to /sbin/csh (or something similar) 2. Write permission for group sys in /sbin (or any other group that has members other than root) 3. Any filesystem of the server shared with write permission to a client on which root access is still possible The idea is to copy /bin/csh to /sbin/csh and give it r-x access for root using group write permission to /sbin. 1. On the nfs client write a little program (e.g. in C) that does the copying and permission setting 2. Become root and then user sys ("su sys"). 3. Compile the program and move it to the shared filesystem 4. Still being sys set its SUID-bit ("chmod +s copy"). The file now should look like -rwsr-sr-x 1 sys sys 9738 May 30 10:28 copy 5. Log into the server as any user and run the copy program 6. root now should have a valid shell again and the wrong passwd entry can be corrected One might think of doing the same using user permissions. However, files that are created as root on an nfs client become owned by nobody on the server. Frank Langlotz University of Berne Switzerland