Operating System - HP-UX
1830865 Members
2638 Online
110017 Solutions
New Discussion

unlock root account without bringing down the system

 
SOLVED
Go to solution
hpuxhelp
Regular Advisor

unlock root account without bringing down the system

Is there a way to do this ?
14 REPLIES 14
Patrick Wallek
Honored Contributor
Solution

Re: unlock root account without bringing down the system

The 2 ways I can think of:

1) You have an id that has root-like access (via restricted SAM or sudo) and can run the appropriate commands to unlock root.

2) You already have root logged in somewhere else.

If the above 2 fail, the only other thing I can think of is to reboot the system and go into single-user mode and modify /tcb/files/auth/r/root and modify the line u_pwd so that it looks like:

u_pwd=:

This is why I am a firm believer in modifying roots default security settings so that you are allowed something like 99 invalid password tries before the account gets locked.
Patrick Wallek
Honored Contributor

Re: unlock root account without bringing down the system

Oops.....I hit submit and realized you just needed to reactivate the account, not clear out the passwd. Once in single user mode, you should then be able to do the modprpw command to reactivate root.

Apparently I'm still in Christmas Holiday mode.
Jeff Schussele
Honored Contributor

Re: unlock root account without bringing down the system

Hi Patrick....

Don't think this user is running the system Trusted.
See their earlier post:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x60d27680e012d71190050090279cd0f9,00.html

What they need to do is run
passwd -d root
Unfortunately they HAVE to be root or root-equiv to do so.

Dido - If you don't have another root-level user, the ability to rlogin from another system OR another root session available somewhere, you'll have to reboot to single user mode to reset the root account. This is of course deliberate - you don't want to make it easy - at all - for an avg user to mess with the root account. For obvious reasons....

Good Luck,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
hpuxhelp
Regular Advisor

Re: unlock root account without bringing down the system

hi,
so what you suggest that we do not have to edit the /tcp file once we able to boot to single user and just run
modprpw -l root ?
and this will activate the root account ?
Sridhar Bhaskarla
Honored Contributor

Re: unlock root account without bringing down the system

Hi Dido,

If you are using trusted system,
Did you try login from the console?.
You should be able to get in. Once you login use /usr/lbin/modprpw -k root to enable the account.

If you don't have trusted, you will need to get in into single user mode.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Jeff Schussele
Honored Contributor

Re: unlock root account without bringing down the system

OK - so you ARE running the system in Trusted mode?
If so proper command would be:

modprpw -k root

If NOT trusted - use:

passwd -d root

You can easily tell the diffference. If trusted there will be the /tcb/files/auth directory structure in place. If not Trusted it won't be there.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Patrick Wallek
Honored Contributor

Re: unlock root account without bringing down the system

If you KNOW what the root passwd is, then yes, just run the 'modprpw' command to reactivate it.

If you do NOT know the root passwd, then you need to reactivate root and also change the passwd to something you know, whic MAY require you to modify the /tcb/files/auth/r/root file since the passwd command asks for the old passwd when you change a passwd.
Sridhar Bhaskarla
Honored Contributor

Re: unlock root account without bringing down the system

hmm.. I am confused. Just in case if anyone looks at this thread in future.

Did you say your 'root' account is locked or you lost the password?.

If you lost the password then above suggestions may apply.

If the account is locked and if you knew the password, login from the console will allow to gain root session and then you can run modprpw -k root to enable the account.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
hpuxhelp
Regular Advisor

Re: unlock root account without bringing down the system

hello,
Can't log into the console because of this message "nfs server is still responding"...
therefore we can't get into root...that is where the problem begins
hpuxhelp
Regular Advisor

Re: unlock root account without bringing down the system

the root account was locked...
avsrini
Trusted Contributor

Re: unlock root account without bringing down the system

Hi,
Is it nfs server still "not" responding or
nfs server still responding?.

hit Cntl+C or break key of your console. you should get
the login prompt.

Is your server is booting or
running for sometimes when you
got this error?.

By-the-way what nfs configuration's do you use?.

Can you be little brief?.

Srini.
Be on top.
hpuxhelp
Regular Advisor

Re: unlock root account without bringing down the system

Edit the /etc/rc.config.d/nfsconf
all the nfs_client, server and
everythings to =0
and also stop the rpc binding
nfs.core. Still didn't have an effect...
When issue a bdf...this is where the notification occurs :
nfs server hosta not responding still trying...

** no nfs mount points in the /etc/fstab...
any suggestions??
Martin Johnson
Honored Contributor

Re: unlock root account without bringing down the system

Remember to use /sbin/init.d/[nfs.core|nfs.server|mfs.client] stop to stop nfs. You may have to do a "ps -ef | grep nfs" to see if any nfs processes are still running. Use a "kill -15" to stop the processes. You may need to do a "kill -9" to actually get rid of the processes.

It sounds like someone did an NFS mount and the mountpoint is stale.

HTH
Marty
John Meissner
Esteemed Contributor

Re: unlock root account without bringing down the system

I've unlocked the root account once with another UID 0 (zero) account. One of the applications that we run on a server requires UID 0 (against our better judgement) but It saved us a reboot once.
All paths lead to destiny