After the Solaris software is installed on a system, the system reboots. Before the boot process is completed, the system prompts for the root password. Until someone types a password, the system cannot finish booting.
A finish script that is named set_root_pw is saved in the auto_install_sample directory. The finish script shows how to set the root password automatically, without prompting. set_root_pw is shown in Example 4–6.
If you set the system's root password with a finish script, users might attempt to discover the root password from the encrypted password in your finish script. Ensure that you safeguard against users who might try to determine the root password.
#!/bin/sh # # @(#)set_root_pw 1.4 93/12/23 SMI # # This is an example Bourne shell script to be run after installation. # It sets the system's root password to the entry defined in PASSWD. # The encrypted password is obtained from an existing root password entry # in /etc/shadow from an installed machine. echo "setting password for root" # set the root password PASSWD=dKO5IBkSF42lw #create a temporary input file cp /a/etc/shadow /a/etc/shadow.orig mv /a/etc/shadow /a/etc/shadow.orig nawk -F: '{ if ( $1 == "root" ) printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,passwd,$3,$4,$5,$6,$7,$8,$9 else printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,$2,$3,$4,$5,$6,$7,$8,$9 }' passwd="$PASSWD" /a/etc/shadow.orig > /a/etc/shadow #remove the temporary file rm -f /a/etc/shadow.orig # set the flag so sysidroot won't prompt for the root password sed -e 's/0 # root/1 # root/' ${SI_SYS_STATE} > /tmp/state.$$ mv /tmp/state.$$ ${SI_SYS_STATE} |
The following describes some of the commands in this example.
The following command sets the variable PASSWD to an encrypted root password that is obtained from an existing entry in a system's /etc/shadow file.
#create a temporary input file |
The following command creates a temporary input file of /a/etc/shadow.
cp /a/etc/shadow /a/etc/shadow.orig |
The following command changes the root entry in the /etc/shadow file for the newly installed system by using $PASSWD as the password field.
if ( $1 == "root" ) |
The following command removes the temporary /a/etc/shadow file.
rm -f /a/etc/shadow.orig |
The following command changes the entry from 0 to a 1 in the state file so that the user is not prompted for the root password. The state file is accessed by using the variable SI_SYS_STATE, which has a value currently of /a/etc/.sysIDtool.state. To avoid problems with your scripts if this value changes, always reference this file by using $SI_SYS_STATE. The sed command that is shown here contains a tab character after the 0 and after the 1.
sed -e 's/0 # root/1 # root/' ${SI_SYS_STATE} > /tmp/state.$$ |