09/04/96 Recovering After Losing the Root Password SPECIAL NOTICES Information in this document is correct to the best of our knowledge at the time of this writing. Please send feedback by fax to "AIXServ Information" at (512) 823-4009. Please use this information with care. IBM will not be responsible for damages of any kind resulting from its use. The use of this information is the sole responsibility of the customer and depends on the customer's ability to eval- uate and integrate this information into the customer's operational environment. +----------------------------------------------------------+ | | | NOTE: The information in this document has NOT been | | verified for AIX 4.1. | | | +----------------------------------------------------------+ PROCEDURE This guideline was written under the assumption that you have the key to your RISC System/6000 and that you know how to use a UNIX editor. The vi editor is assumed in these steps. 1. Turn the key to the Service position. 2. With bootable media OF THE SAME VERSION AND LEVEL AS THE SYSTEM, boot the system. +----------------------------------------------------------+ | | | WARNING: If you boot a 3.2 system with 3.1 media, or | | boot a 3.1 system with 3.2 media, then you will not be | | able to use the standard scripts (getrootfs or | | /etc/continue) to bring your workstation into full main- | | tenance mode. | | | | Moreover, performing the scripts on a 3.1 system with | | 3.2 boot media may actually remove some files and | | prevent your system from booting successfully in normal | | mode until missing files (/etc/mount and /etc/umount) | | are replaced on the disk. | | | +----------------------------------------------------------+ NOTES: a. For information on BOSboot diskettes, refer to InfoExplorer or order fax #2462 from 1-800-IBM-4FAX (or 415-855-4FAX outside the U.S. from a fax machine phone). Recovering After Losing the Root Password 1 09/04/96 b. If booting from diskettes, when you see LED c07, insert the next diskette. This may be the optional display extensions diskette (required for AIX 3.2.5) or the display diskette. c. If you have AIX 3.2.5, used a fddi network install, and selected that option for the install device, you will need the communications extensions diskette. If this diskette is not available, you can build it from another system with fddi installed or call your branch office for assistance. Follow the prompts to the installation/maintenance menu. 3. Choose the maintenance shell (option 5 for AIX 3.1, option 4 for AIX 3.2). 4. Determine the hdisk# to use with the getrootfs or /etc/continue command. If you have only one disk, then "hdisk0" is the proper hdisk# to use. If you have more than one disk, do the following: o FOR AIX 3.2.4 OR LATER: Run getrootfs The output indicates the disk that should be used with getrootfs in the next step. o FOR AIX 3.1 TO 3.2.3E: Run lqueryvg -Atp hdisk# | grep hd5 for each hdisk# (hdisk0, hdisk1, etc.) until you get output that looks like: 00005264feb3631c.2 hd5 1 The exact output you get will be different but will follow the form large_number.x hd5 1 You may find more than one disk has this output. These will all be disks which belong to the rootvg volume group. You may use any of the disks identi- fied to be in rootvg in the following step. 5. Now access the rootvg volume group by running /etc/continue (for AIX 3.1) or getrootfs (for AIX 3.2). ("#" is the number of the fixed disk, determined in step 4.) For AIX 3.1 only, run /etc/continue hdisk# Recovering After Losing the Root Password 2 09/04/96 For AIX 3.2 only, run getrootfs hdisk# If you get errors indicating that a physical volume is missing from the rootvg, run diagnostics on the physical volumes to find out if you have a bad disk. Do not con- tinue with the rest of the steps in this document. If you get other errors from getrootfs or /etc/continue, do not continue with the rest of the steps in this docu- ment, 6. For AIX 3.2.4 or greater, enter the following command: ODMDIR=/dev/objrepos 7. Set the TERM variable to match the terminal you are using. To do this, you must know the terminal type, such as "hft" or "ibm3151". To set the TERM variable, enter the following, replacing "" with the appropriate value: TERM= export TERM (Setting TERM to the correct terminal will allow vi to work properly.) 8. Edit the file /etc/passwd: vi /etc/passwd 9. Remove the exclamation mark from the root entry. The original entry looks like this: root:!:0:0::/:/bin/ksh The modified entry should look like this: root::0:0::/:/bin/ksh Save the /etc/passwd file: :wq 10. Edit the file /etc/security/passwd vi /etc/security/passwd 11. Use the line delete function of your editor and remove the line(s) under the root stanza. Recovering After Losing the Root Password 3 09/04/96 root: password = 2hzANCGzF1/GY lastupdate = 746199169 The modified entry should look like: root: (one blank line here) daemon: (next entry here) password = * The modified entry should look like this: root: Save the /etc/security/passwd file: :wq | NOTE: WARNING - If you have password restrictions, | maxage, minage, minalpha ...etc as defined in the | /etc/security/login.cfg file set to non-zero values, the | modified root stanza should look like: | root: | flags = NOCHECK | Leave NOCHECK flag in passwd file until you have suc- | cessfully re-booted your system, logged in as root and | set a new passwork for the root user using the passwd | command. 12. With the key in Normal position, issue the reboot command: sync;sync;sync;reboot 13. Log in as root and issue the "passwd" command to get a new root password. Recovering After Losing the Root Password 4 09/04/96 READER'S COMMENTS Please fax this form to (512) 823-4009, attention "AIXServ Informa- tion". You may also e-mail comments to: elizabet@austin.ibm.com. These comments should include the same customer information requested below. Use this form to tell us what you think about this document. If you have found errors in it, or if you want to express your opinion about it (such as organization, subject matter, appearance) or make sug- gestions for improvement, this is the form to use. If you need technical assistance, contact your local branch office, point of sale, or 1-800-CALL-AIX (for information about support offer- ings). These services may be billable. Faxes on a variety of sub- jects may be ordered free of charge from 1-800-IBM-4FAX. Outside the U.S. call 415-855-4329 using a fax machine phone. When you send comments to IBM, you grant IBM a nonexclusive right to use or distribute your comments in any way it believes appropriate without incurring any obligation to you. NOTE: If you have a problem report or item number, supplying that number may help us determine why a procedure did or did not work in your specific situation. Problem Report or Item #: Branch Office or Customer #: Be sure to print your name and fax number below if you would like a reply: Name: Fax Number: ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ END OF DOCUMENT (lost.password.cmd) Recovering After Losing the Root Password 5