Lost Root Password SCO Unix

For Linux, see /Linux/lostlinuxpassword.html

This is just a duplication of the "lost root password" material in the FAQ, but it's such a common search here that I've put it here also.

If you have lost your root password on SCO Unix, the following procedures will help you. These MAY help you if you lost the root password on some other OS, but only conceptually: the specific procedure to recover (change, really) the root password will be different.

For Unixware 2.12, http://aplawrence.com/Bofcusm/2438.html adds some useful info.

For Linux, see Linux/lostlinuxpassword.html

How do I reset the root password if I forget it? (part 1)

People do manage to lose their root password. Maybe you inherited the machine, so you never knew it. Maybe you or somebody else accidentally changed it and don't know what you typed. Well, a lost root password is annoying, but hopefully it isn't the end of the world.

This procedure will work for Xenix, and for Unix as well if you are using a very relaxed security level (one which stores encrypted passwords directly in /etc/passwd). If you're using a higher security level on Unix, look for part 2 below.

Boot the system from your emergency boot diskettes (if you didn't make these and keep them up to date, shame on you, but you should be able to use N1/N2 instead, and see the entry on crashing out of these diskettes below).

Lost your N1 disk too? Well, on some versions you'll find an image and a Windows tool to make it on your CD. See Floppy Basics too.

If not, see if How can I download a boot disk? helps.

Next,

mount /dev/hd0root /mnt
 

; this will mount your hard drive's root filesystem on /mnt.

On some v5.0.x systems, /dev/hd0root won't exist. Create it with

mknod /dev/hd0root b 1 42
 

See also http://aplawrence.com/cgi-bin/ta.pl?105094

Edit /mnt/etc/passwd. The first line will be your root line, such as

Edit out the encrypted password (don't touch anything else!) so that the line reads something like

Save the file and shut down. Reboot from the hard drive. Your root password has now been removed, and you can reset it normally.

Also see /Boot/defs.html#bootfloppy.

How do I reset the root password if I forget it? (part 2)

This is another procedure involving manually editing files in the event of a lost root password, and is specific to SCO Unix 3.2v4.0 through 3.2v5.0.7 (and maybe 6). The location of the encrypted passwords depends on the security settings. Look in /etc/passwd, /etc/shadow, and /tcb/files/auth/r/root; one or more of these will be used depending on how you have security configured. Follow the procedure in part 1 above; instead of editing /etc/passwd, edit the appropriate file(s) from the above list, and delete the encrypted password field. Note that formatting is critical; while you can delete the contents of the field, you must not remove separators, and making seemingly minor errors such as leaving blank lines can cause problems. Save, shut down, and reboot. C2 security will complain about what you've done; to make it happy, run /etc/fixmog. You may also want to run /tcb/bin/integrity and /etc/tcbck.

How do I reset the root password if I forget it? (part 3)

This procedure will work for any variant of SCO Xenix or Unix. As above, boot from your emergency boot diskettes and

mount /dev/hd0root /mnt
 

to gain access to your hard drive's root filesystem. Now, run

/mnt/bin/chroot /mnt "/mnt/bin/passwd root"
 

(check the chroot man page for more info on how it works). As before, shut down and reboot. It has been reported that on 3.2v4.2 (and possibly others), this must be done in two steps:

/mnt/bin/chroot /mnt "/bin/su root"
passwd
 

If it doesn't work with the quotes, try it without.

If you don't have luck with anything else, consider installing onto a new hard drive and then mounting your original drive as a secondary.

You probably cannot do this with Linux! See http://aplawrence.com/SCOFAQ/FAQ_scotec1linuxfs.html

See http://aplawrence.com/SCOFAQ/FAQ_scotec6recoverdrive.html for mounting the original drive as a secondary, then proceed with the instructions above.

How do I crash out of the install script?

(if you don't have a boot disk, see How can I download a boot disk?)

On OpenServer Release 5, boot from the boot diskette, and at the Boot: prompt, type

tools
 

This is not an undocumented option to the boot command, but rather a special line in /etc/default/boot on the installation diskette - so you can't use it from anywhere but your installation boot diskette.

Some later CD's have this also. Se Lost Password OSR5 for an example.

See: http://aplawrence.com/cgi-bin/ta.pl?105312

See: http://aplawrence.com/cgi-bin/ta.pl?105094 for breaking out of the installation itself.

To get to your hard drive, you may need to create the appropriate device node:

mknod /dev/root b 1 42
fsck -ofull /dev/root
mount /dev/root /mnt
 

Mike Pope commented:

What I did was to break out to the shell, run divvy and give the filesystems
names.  At that point a device node was created and I was able to proceed.
 

For older SCO Unix/Xenix/ODT releases, wait until the question early in the process that asks you what your keyboard type is. For character-mode installations, this is a regular textual prompt; for ODT, it's a box in a curses-style installation program. How to break out at this point depends on the OS. Under Xenix, press Del. Under Unix, type "shell" and press enter. Under ODT, press Control-A.

If you don't see that on a 3.2v4.2, you'll see:

1. Initial Install
2. Update
3. Exit
 

and THAT is where you'll type "shell".

On the old systems, you haven't got much until you get the hard drive mounted. No "ls" for example, so "echo /dev/*" is the best you can do. Once the drive is mounted, you can do "/mnt/bin/ls" etc.

Roberto Zini:

See also http://aplawrence.com/cgi-bin/ta.pl?110414

How can I generate and save a debug logfile for an SCO OpenServer 5 installation or upgrade (not strictly related but worth reading :-)

Click here to add your comments




Tue Jul 12 09:53:41 2005: Subject: lost_root_password   anonymous


Currently I am facing this problem (lost my root password). I have another server of same unix installation , so I made a bootable floppy from there and tried to boot the other server. It came up to the # prompt. but it is giving one error at the time of booting ie no root disk controller found. Because of that the mount command is not taking. what should I do in this case? I am in deep trouble now. If you can please help me , please send a mail to bindu_joel@yahoo.com



Tue Jul 12 10:20:22 2005: Subject:   TonyLawrence


You need a kernel on the boot media that has a driver for your disk.

The Supertar's boot media can use btld's: see http://aplawrence.com/Unixart/supertarxfer.html



Thu Sep 21 06:55:48 2006: Subject:   anonymous


No if your on unix and your problem is the root password simple go to terminal
and it should be:
passwd root



Thu Sep 21 11:38:01 2006: Subject:   TonyLawrence


Huh?

You'd need to be logged in as an account with privilege to change root's password - and if root is the only user with that priviulege (as it often is), you can't do this.




Sat Jan 27 21:21:04 2007: Subject:   bruceg2004


I've got a few tips to add to this page;

I had an issue this morning, where something really must have hit our building with something. What? I have no clue. I lost our connection to the Internet, and a drive on our SCO box. The drive is 1 of 3 in a RAID-5, so I set the drive as defunct, and restarted the machine. SCO came up normally, and everything seemed fine.

Then, I went to login with an account that has a UID of 0, like root, and is root, except for some environment variables, pointing to the db, and some additional binaries in the PATH. *BOTH* root, and this 'covroot' account, would not let me login!! I could login as a regular user, but not anything that could do very much, like start the db. So, I came here, and refreshed my memory on how to recover the root password.

Oh, I forgot to mention, my boot floppies, the first set did not work!! I am not surprised, as I have come to not ever trust a floppy disk again. I have had too many go bad. I don't know if it is poor manufacturing, or some external factors which cause them to go bad, but I am serious when I say this, in my experience over the past 7 or 8 years, I have had about 30-40% of them fail on me. So, when I made the SCO boot floppies, I made TWO sets. Sure enough, my first set failed miserably. So, if you are making boot disks, make TWO sets, and TEST THEM BOTH! I did test them both, when I made them 4 or 5 years ago, so it is time to make some fresh ones.

I was able to boot with my second set, and mounted to root disk. Woohoo!! I was getting somewhere. So, I tried to use vi, and it would not let me! I kept getting a terminfo database not found error, so I called Tony. This is where many years of experience comes in handy, folks. Tony quickly suggested using 'ed', but could not find that on the disk, or my mounted root disk, specifying the full path, so Tony came up with a great second idea! Use 'sed' -- Sure, why not? It is an editor, so I just did the search and replace function of 'sed', searching for the string that was in both /mnt/tcb/files/auth/r/root and in /mnt/etc/shadow and made backups of the files as they were first, and then piped the output from 'sed' to a new file, copy it back over the shadow, and root files, and.... .... Pressed the POWER button.

Did anyone catch my mistake? In my glory of being so excited that Tony yet again saved me, by suggesting 'sed', since I had no other editiors at my disposal, I forgot to un-mount the root HD. Time to get that set of floppies ready for another spin in the drive.

So, I did the same thing again, (after waiting for several minutes for the floppies to dump their bits into RAM) and brought the system back up, was able to press enter, when the prompt came up asking to press ctrl-d or enter the root password for maintenance mode, and was in. I ran
/etc/fixmog, logged in as the application user, and started the db, and all was well.

So, in summary, I would say for any SCO admin, should you find yourself in this situation:

1) Make those boot disks, make another set, and test them both. Place in a static proof bag.
2) Don't forget, you can always use 'sed' as an editor. It is not pretty, and can take a while, but it is an editor none the less.
3) Don't forget to unmount the root disk, after you make changes, so the can properly be commited!!

I still have no idea, why just the users with UID of 0 where affected. No clue. Maybe something happened when one of my drives decided it was through living, and wanted to take a little bit or two into the place where HD's that die go, or maybe something else? I dunno. It really is not logical, but this is not the first time I have had to fix a problem, that has no logical explanation. I am sure someone out there that has more experience than me, may be able to offer and explanation.

Thanks again, Tony! This is another reason why I always keep my yearly email support with short phone call support going with Tony. When I first got into this stuff, I used Tony a lot more, and as I have gained experience, I have had to use him less, but when I am in a bind, and somewhere where I have never been, he always comes through. I may have figured out using 'sed' after a few hours of pulling out my hair, but I knew Tony must have been in similar situations a lot more than me, so I decided to call him.

Now, I am here with Verizon, trying to figure out what happened to the T1 line we have.... Sheesh. Not to use a cliche, but "when it rains, it pours".

- Bruce




Sat Jan 27 21:26:43 2007: Subject:   TonyLawrence


May I suggest putting in a cd-rw or dvd-rw and using Microlite Edge to make boot media on there?

Degrades less.. suffers rough handling better..




Sat Jan 27 21:28:26 2007: Subject:   TonyLawrence


BTW, normally you'd just do TERM=vt100;export TERM or TERM=ansi;export TERM but that didn't work either - no idea why..

---

Take Control of Font Problems in Leopard

Take Control of Fonts in Leopard

---

Sat Jan 27 21:34:00 2007: Subject:   bruceg2004


I'll be making the Microlite CD on Monday :-)

Yea, I forgot to mention that setting the TERM did not work. I tired both, and even echo'ed em after I did my export, but nothing worked. O well.

I am going to have to save the boot CD to an image, since this machine has no burner on it. I would bet that the Edge boot CD will have 'vi' on it, which will make life even easier in the future.

And yes, I immediately took another full system backup, as soon as I could. A Nice, fresh, new DDS-4 tape.

- Bruce




Tue Jul 15 17:02:19 2008: Subject: Reset SCO 5.0.7 password - Step by Step   ShaneStewart


The instructions on this page were not appropriate for resetting the root password for SCO 5.0.7. The following is the step by step instructions. I put in an extra space between commands to make the commands more readable. You need to remove the string between the first set of colons on the "root" line.

Boot the system with the emergency boot and root floppies.

mount /dev/hd0root /mnt

cd /mnt/var/opt/K/SCO/Unix/5.0.7Hw/etc

ed shadow
1
c
root:::0:0
w
q

cd /
umount /mnt

Take out the root floppy and reboot your system.



Wed Jul 16 10:32:48 2008: Subject:   TonyLawrence


A little knowledge is a dangerous thing.

The procedure given just above this comment is specific for that person's machine because of how it was initially set up. On most machines, the files in /tcb WILL need to be edited.

Folks: when you have limited experience, please don't make pronouncements about how something is done.



Wed Jul 16 21:25:54 2008: Subject:   ShaneStewart


Sorry, I forgot one line to take the "ed" command out of "change" mode in my previous post. There should have been a period on the lines between the new root command and the "w".

And Tony, I'm sooooo sorry that I put the commands specific for SCO 5.0.7 in you r blog, I guess that I should have just left the wrong information from the "expert" alone. Once again, so sorry.

However, I will repost my correction, which was successful on a customer's system today. Discard it if you like.

If the root password is lost, do the following commands to reset the root
password. The encrypted string in /var/opt/K/SCO/Unix/5.0.7Hw/etc/shadow
must be removed.

Boot the system with the emergency boot and root floppies.

mount /dev/hd0root /mnt

cd /mnt/var/opt/K/SCO/Unix/5.0.7Hw/etc

ed shadow
1 (move to line 1)
c (change the line)
root:::0:0 (remove the password)
. (exit change mode)
w (write)
q (quit)

cd /
umount /mnt

Take out the root floppy and reboot your system.




Wed Jul 16 22:06:38 2008: Subject:   TonyLawrence


Shane, I don't want to give you any grief, but all you are doing is demonstrating your ignorance.

Go back and read Part 2 above.

There's nothing wrong with what you said, but it only covers SOME 5.0.7 systems - in fact, it will NOT apply on most - on most 5.0.0 - 5.0.7 systems you'll need to edit the files in /tcb.





Fri Jul 18 19:30:52 2008: Subject: breaking out of installation script - 506   anonymous


Just tried this on a 506 running on a VM. I'm stuck - I get to the <Installation> prompt, but none of the binaries run:
<Installation> /mnt/usr/bin/vi /mnt/etc/passwd
/mnt/usr/bin/vi: not found

and I know good and well that it's there. What am I missing:



Fri Jul 18 20:29:46 2008: Subject:   TonyLawrence


Going to the shell and mounting /dev/hd0root

---

Learn Mac OS X Command Line

---

Sun Jul 20 03:33:55 2008: Subject: breaking out of install script   nachmanziskind


No, hard disk is mounted (as /dev/root, not /dev/hd0root) and I can see (with echo *; nothing else works) files on it - e.g., data files, which would not be present on an installation disk. Can't fsck, of course,for the same reason I can't vi. Can't chroot, either.

I also tried the symlink location for vi, (var/opt/K/SCO/Unix/*/usr/bin); it's not there.



Sun Jul 20 20:18:05 2008: Subject: breaking out of install script   nachmanziskind


I finally got it. I had to break out of the install disck much later (almost to the point of no return) than I was originally. *Then* the tools get loaded.

Thanks!

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.