- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Root and Single User Mode
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2006 12:00 PM
10-23-2006 12:00 PM
Here's my problem. I have a system, which is a stand-by system, no one hardly ever logs into this box, including myself. I go to log in with my general user account...disabled because lifetime has expried. Then I try to log in as the root account at the console....disabled because it is administrativetly locked. Tis has happend before and the fix was in the /tcb/files/auth/whatever/
So, I boot down to single user mode, get in (this is a secure server by the way running 10.20) head down to /tcb/files/auth directory and start messing around with my account file and the root account file. To make a long story short, I removed the contents of the root secure file except for the encrypted UID entry and the encrypted password entry because I didn't want to get caught up on password lifetimes, or expirations, or being locked out and now....I'm sure you can guess the outcome. The server won't boot up and I cannot reach single user mode because I keep receiving and error that says
"INIT:Single User Mode"
"su:Your own ID is not known"
And this basically scrolls across the screen until I shut the machine off.
So, I've screwed up the root account, which makes it really hard to do administration and this server was built before my time, however, no one in our Software Compliance department has record of 10.20 CD's being on-site, (really sucking to be me right now.)
These servers (the production and the stand-by)are about to be upgraded to 11.0 in the next month and a half, which will give it new hardware and a new OS, so it is really nothing to stress over since I didn't muck up the production server. My whole deal is that I screwed it up so I want to fix it or at least know how.
I've tried different commands at the IPL prompt, but they all want to go into single user mode. (hpux -is, hpux -lm, .....) Okay, now dumb question time. Is there a way to get to the operating system underneath single user mode? Is there a command that breaks the boot sequence. Not the 10 second location but once the system actually starts booting the primary path...I remember that there was something like CTRL+SHIFT+|(pipe) that I learned from an HP Technician way back when. I tried that but it didn't work. It could be because of the type of keyboard I have and I need to use some other combination??? Is anybody familiar with this?
Your response is appreciated.
Celeste Gainey
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2006 12:36 PM
10-23-2006 12:36 PM
Re: Root and Single User Mode
If you don't want to go that route or it isn't an option, I guess you could put the disk on another box (10.20 or 11.0.. 11i even), then import the volume as something like vg00fix. After imported activate the vg and fsck/mount lvol3. Once mounted get in there and fix tcb entry for root.
Hope this helps,
-denver
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2006 12:39 PM
10-23-2006 12:39 PM
Re: Root and Single User Mode
Other option if you have a unused disk. Connect this unused disk to this system and load any version of HPUX and mount the old original root disk and edit and fix the files
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2006 12:42 PM
10-23-2006 12:42 PM
Re: Root and Single User Mode
A couple of options come to mind
easiest - boot from the recovery CD supplied with the OS and set up root account correctly
easy - boot from a make tape recovery/make net recovery and select the recovery option
potentially more involved - use a make tape recovery/make net recovery from a similar system, and select the recovery option instead of the install OS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2006 02:38 PM
10-23-2006 02:38 PM
SolutionI would give it a try. Or else would open the system take the disk to another server and try importing this rootvg and fix it.
Best of luck...
Regds,
Kaps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2006 03:28 PM
10-24-2006 03:28 PM
Re: Root and Single User Mode
I tried using some ignite boot tapes we had created back in March of '05 but kept receiving an IPL checksum error when attempting to boot from it. Thought about relocating the disk and importing but the production server was the only other server avaiable.
So, I ended up loading a HP-UX 11i CD into this server (Thanks Rapil, I just assumed that I would need a 10.20 CD but 11i worked just fine). I launched the Recovery Shell and ran thru the instructions at the bottom of this post. You all probably know this but in case someone else has the same problem one day.
After going through the steps I was able to cd to /ROOT and put the /tcb/files/auth/r/root file back into place...(yes Rapil, I did make a backup..whew!)
I reboot and was releived when the machine actually booted. I did receive however "account locked in commercial security database". So I took it back down to single user mode and executed /usr/lbin/modprpw -k on my account and roots account.
She's running like nothing ever happend. I love UNIX and I learned so much through this experience. Thanks again guyz!
===========================
1.) run the recovery shell
2.) skip networking when prompted
3.) select 'recover and unbootable HP-UX system'
4.) verify the device file used for /
5.) recover the bootlif/os partitions
6.) verify the path to the bootlif
7.) verify the boot string (mine was 'hpux' - it took me a while to figure out how to find this info)
7.) run fsck
8.) mount the root disk and exit to a shell
9. execute 'loadfile chroot'
10.) execute 'chroot /ROOT /sbin/sh'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2006 03:53 PM
10-24-2006 03:53 PM
Re: Root and Single User Mode
I have had root get disabled on machines several times and have never had to resort to rebooting to reactivate it. You may get the message that the account is locked, but it should still log you in.
I know I'm a little late to the party here, but hopefully someone finds this useful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2006 05:57 AM
10-25-2006 05:57 AM
Re: Root and Single User Mode
If your /etc/security exists but no referance to "console", then even at console you would not be able to log in as root.
Matthew From Boston
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2006 06:03 AM
10-25-2006 06:03 AM
Re: Root and Single User Mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2006 06:04 AM
10-25-2006 06:04 AM
Re: Root and Single User Mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2006 09:58 AM
10-25-2006 09:58 AM
Re: Root and Single User Mode
=====
# cd /etc
# ll securetty
-rw-r--r-- 1 root sys 8 May 29 2004 securetty
# cat securetty
console
#
=====
securetty is in place and populated with 'console'. However I could not log into the console machine as root. At first I received "account is disabled", then I received " account locked in commercial database." I directed this console question/issue our network guyz to see what their view is. I don't personally do any of the hardware or cabeling but was under the impression that our servers were connected directly to the LAN. However the behavior I saw when trying to access this server was not one of a console.
Thanks Patrick and Matthew. All information is helpful information.
================================
1st response:
"The NICs on these servers is plugged directly into the equipment in the server room that formulate our network/LAN. When you say 'console' I picture a terminal hooked to a serial port."
My response:
"So, technically, these are not consoles?"
2nd response:
"I guess they are not technically consoles. At least by my understanding of what one is. However definitions change sometimes. To answer your question there is nothing between the server and the LAN."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2006 01:24 PM
10-25-2006 01:24 PM
Re: Root and Single User Mode
You probably know this already but editing the /tcb files is never recommended. You can fix a locked root account (logged in on the console) using the passwd command. It will properly handle the fields in the /tcb database files. Some of the fields are not optional (as you've seen).
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2006 03:11 PM
10-25-2006 03:11 PM
Re: Root and Single User Mode
Yes, I found out the hard way that these fields below are required for the system to be able to boot.
name:
u_name:
u_uid:.
u_pwd:
chkent: <--I took this out, whis basically ends the database entry for each user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2006 04:28 PM
10-25-2006 04:28 PM
Re: Root and Single User Mode
If this is the case and you were to just plug a console into the serial port, you would not necessarily have a console automatically. You would have to manually set to console path to the hardware path / hardware address of the serial port.
I know people on the forums have talked about how to do that. I believe this thread could help in that respect, specifically Andrew Rutter's response:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1069837