test

Trusted Solaris Installation and Configuration

Setting the System's Root Password With Finish Scripts

After Trusted Solaris software is installed on a workstation, the workstation reboots. Before the boot process is completed, the workstation prompts for the root password. This means that until someone enters a password, the workstation cannot finish booting.

The jumpstart_sample directory provides a finish script called set_root_pw that sets the root password for you. This allows the initial reboot of the workstation to be completed without prompting for a root password.

The set_root_pw file is shown below. 

#!/bin/sh
	#
	#       @(#)set_root_pw 1.4 93/12/23 SMI
	#
	# This is an example bourne shell script to be run after installation.
	# It sets the workstation's root password to the entry defined in PASSWD.
	# The encrypted password is obtained from an existing root password entry
	# in /etc/shadow from an installed machine.

	echo "setting password for root"

	# set the root password
	PASSWD=dKO5IBkSF42lw
	#create a temporary input file
cp /a/etc/shadow /a/etc/shadow.orig

	mv /a/etc/shadow /a/etc/shadow.orig
	nawk -F: '{
		if ( $1 == "root" )
		    printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,passwd,$3,$4,$5,$6,$7,$8,$9
		else
		    printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,$2,$3,$4,$5,$6,$7,$8,$9
		}' passwd="$PASSWD" /a/etc/shadow.orig > /a/etc/shadow
#remove the temporary file
	rm -f /a/etc/shadow.orig
	# set the flag so sysidroot won't prompt for the root password
	sed -e 's/0	# root/1	# root/' ${SI_SYS_STATE} > /tmp/state.$$
	mv /tmp/state.$$ ${SI_SYS_STATE}

There are several things you must do to set the root password in a finish script.

Create a Finish Script to Set the root Password

  1. Set the variable PASSWD to an encrypted root password obtained from an existing entry in a workstation's /etc/shadow file.

  2. Create a temporary input file of /a/etc/shadow.

  3. Change the root entry in the /etc/shadow file for the newly installed workstation using $PASSWD as the password field.

  4. Remove the temporary /a/etc/shadow file.

  5. Change the entry from 0 to a 1 in the state file, so that the install team will not be prompted for the root password.

    The state file is accessed using the variable SI_SYS_STATE, whose value currently is /a/etc/.sysIDtool.state. (To avoid problems with your scripts if this value changes, always reference this file using $SI_SYS_STATE.) The sed command shown here contains a tab character after the 0 and after the 1.

    Note -

    If you set your root password by using a finish script, be sure to safeguard against those who will try to discover the root password from the encrypted password in the finish script.