高手救命～～～Solaris10的root帐户过期了～～～

zhmzhouming

username:password:lastchg:min:max:warn:inactive:expire:flag
这是shadow文件的格式，其中max就是密码存活的最大时间，warn就是提前几天你登陆就会给你告警，提示你修改密码，如果在这几天你没root登陆，对不起，你密码就过期了，这时候只能通过光盘去将max的值修改为-1即可。

yoyosys

楼主只能去机器边上修改了，当时就别设置密码策略

zhoujm1976

11楼，有个疑问，root密码过期一定要光盘改的吗。对于普通用户，过期了确实需要root来改，但是系统本身不会把root自己锁掉的吧。root的id不是0吗，系统怎么把0号给关了。
我有两台240的机器，扔了好半年没登录过，难得登一次提示root密码过期，输入新密码即可啊。

zhmzhouming

原帖由 zhoujm1976 于 2009-11-18 14:35 发表
11楼，有个疑问，root密码过期一定要光盘改的吗。对于普通用户，过期了确实需要root来改，但是系统本身不会把root自己锁掉的吧。root的id不是0吗，系统怎么把0号给关了。
我有两台240的机器，扔了好半年没登录 ...

那是因为在你的密码过期的warn期内，你登陆上去才会让你修改。不信你自己去找台机器，将max处设置为1，然后重启一下，过两天去看看是否还会让你修改密码。

waterfishzz

原帖由 zhmzhouming 于 2009-11-18 13:40 发表
username:password:lastchg:min:max:warn:inactive:expire:flag
这是shadow文件的格式，其中max就是密码存活的最大时间，warn就是提前几天你登陆就会给你告警，提示你修改密码，如果在这几天你没root登陆，对不 ...

谢谢高人指点，看来真的是没什么好办法了，哎……跑机房吧

zhoujm1976

原帖由 zhmzhouming 于 2009-11-18 16:04 发表


那是因为在你的密码过期的warn期内，你登陆上去才会让你修改。不信你自己去找台机器，将max处设置为1，然后重启一下，过两天去看看是否还会让你修改密码。

能确定吗，我这边的主机上root都是从不设warning的，
主机/etc/shadow的root行
rootxxxxx:14529:0:60::::
root密码过期了以后也只要重新登陆修改密码即可的，还从没碰到过root账户因为长久不用密码过期就不能用的。设定了60天密码过期的，可是那些机器都是隔个大半年用一次的。

warning应该是密码到期前做提示的吧，比如warning设了7，就是密码到期前7天之内，用户只要登陆就提示密码即将到期的提示。

此外，min,max这个设定的应该只是密码策略吧，就是强制多少时间密码修改，真正可能导致账户失效是expire字段和inactive字段，但这两个字段和密码都没关系。

东方蜘蛛

http://pagebrin.com/2009/04/sola ... %E6%96%B9%E6%B3%95/
看看这个，可以试试

yoyosys

原帖由 东方蜘蛛 于 2009-11-19 09:46 发表
http://pagebrin.com/2009/04/sola ... %E6%96%B9%E6%B3%95/
看看这个，可以试试

这个方法以前我试过，有时有效果，有时没，不知道为什么？

adambbs

1) Insert the Solaris[TM] 2.x Operating System CD-ROM into the CD-ROM drive.

2) Once the CD-ROM is in the drive, perform a stop-a command.  This brings the system down to the ok prompt.

3) From the ok prompt, perform a single-user boot from the Solaris 2.x installation CD-ROM.

ok  boot cdrom -s

4) At the "#" prompt, try to determine which disk is the system's boot disk (containing the root file system).

There are several Sun architectures and various configurations of the systems when it comes to a boot disk.  As a general rule, most boot disks are attached to controller 0 (c0).  Usually, their SCSI target is either 3 (t3) or 0 (t0).  However, because Sun machines are very flexible, the boot disk could be at a different location.  

NOTE: If your boot disk is MIRRORED using Solaris Disksuite[TM] or Solaris[TM] Volume Manager software, refer also to  < Solution: 202794 > , "Solaris[TM] Volume Manager software and Solstice DiskSuite[TM] software: Mounting metadevices"  This article explains how to mount a metadevice without breaking the integrity of the mirrored data.

5) At the "#" prompt, enter the following:

# eeprom boot-device

The output might appear to be simple, such as "disk" or "disk1," or as a pathname "/iommu/sbus/espdma@4,8400000/...../sd@3,0:a".  Make note of the boot-device. If the boot-device is a pathname, it is beyond the scope of this Technical Instruction to provide the location of the customized boot disk.  However, for most configurations, you can find the location easily.  

6) The "Format" command shows you all available disks:

# format

    Searching for disks...done

    AVAILABLE DISK SELECTIONS:

           0. c0t0d0 <ST34321A cyl 8892 alt 2 hd 15 sec 63>

             /pci@1f,0/pci@1,1/ide@3/dad@0,0

    Specify disk (enter its number):

7) Press <cntrl>d to exit format.

Now, you will have an idea what disks are on the system.  If the boot-device is "disk" and the format shows "c0t0d0" (or on some systems "c0t3d0", then that is a boot device.  If the boot-device shows "disk1" and the format shows "c0t1d0," then that is the boot device.  If format shows multiple disks, then based on what the "eeprom boot-device" command shows, the boot disk would be:

boot-device        format

disk               c0t0d0 or c0t3d0 (machine dependent)

disk1              c0t1d0

disk2              c0t2d0

disk3              c0t3d0 or c0t0d0 (machine dependent)

and so on ....

Because the system was not brought down gracefully (no root password, means having to use the Stop-a keystroke to "crash" the system), you should run "fsck" to clean the root partition (slice).  Fsck also confirms that you selected the proper slice:

   # fsck /dev/rdsk/cXtYd0s0

where the X and Y are determined by the previous procedure . It is also possible to have a root partition that  is not on slice 0 (s0), but, again, that is not a standard configuration. The output of "fsck" will look like this:

** /dev/rdsk/c0t0d0s0

** last mounted on /

** Phase 1 .....

.....

The second line "** Last mounted on /" confirms that this is the correct root fs partition.

9) Answer "y" to any questions fsck asks.  There shouldn't be too many items needing repair.  If there are numerous items needing repair, then there could be a corrupted root fs.

10) After fsck is finished, you can mount the root partition:

# mount /dev/dsk/cXtYd0s0 /a

Again, X and Y are same as for the fsck command.

Example:

# mount /dev/dsk/c0t0d0s0 /a

11) From the root prompt, enter the following command:

# TERM=sun; export TERM

12) Edit the /etc/shadow file:

# vi /a/etc/shadow

The first line of the file is almost always the one you want to modify. The first line looks like this:   

root:c3.yAVmYodWsc:6445::::::

13) Delete every character between the first and second colons in the first line.  

When you finish the process, the first line should look like this:

root::6445::::::

14) After you delete the characters in the first line, enter the following (in the command mode) to perform a write force quit to exit the document and save the changes:

:wq!

15) Unmount the file system, as follows:

# cd /
# umount /a                 

16) Reboot the system:

# reboot

The preceding command  shuts down the system and brings it back up in multi-user mode.

17) At the login window, log in as root. You should get in automatically.

1 Change the root password immediately.

东方蜘蛛

LS的清密码的好文