Setting a System's Root Password With a Finish Script (Solaris 9 Installation Guide)

Solaris 9 Installation Guide

Setting a System's Root Password With a Finish Script

After the Solaris software is installed on a system, the system reboots. Before the boot process is completed, the system prompts for the root password. Until someone types a password, the system cannot finish booting.

A finish script that is named set_root_pw is saved in the auto_install_sample directory. The finish script shows how to set the root password automatically, without prompting. set_root_pw is shown in Example 24–4.

Example 24-4 Setting the System's Root Password With a Finish Script

	 #!/bin/sh
	 #
	 #       @(#)set_root_pw 1.4 93/12/23 SMI
	 #
	 # This is an example Bourne shell script to be run after installation.
	 # It sets the system's root password to the entry defined in PASSWD.
	 # The encrypted password is obtained from an existing root password entry
	 # in /etc/shadow from an installed machine.
 
	 echo "setting password for root"
 
	 # set the root password
 PASSWD=dKO5IBkSF42lw
	 #create a temporary input file¹
 cp /a/etc/shadow /a/etc/shadow.orig²
 
	 mv /a/etc/shadow /a/etc/shadow.orig
 	nawk -F: '{
         if ( $1 == "root" )³
           printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,passwd,$3,$4,$5,$6,$7,$8,$9
      else
		        printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,$2,$3,$4,$5,$6,$7,$8,$9
      }' passwd="$PASSWD" /a/etc/shadow.orig > /a/etc/shadow
 #remove the temporary file
 rm -f /a/etc/shadow.orig⁴
 # set the flag so sysidroot won't prompt for the root password
 sed -e 's/0 # root/1 # root/' ${SI_SYS_STATE} > /tmp/state.$$⁵
  mv /tmp/state.$$ ${SI_SYS_STATE}

Sets the variable PASSWD to an encrypted root password that is obtained from an existing entry in a system's /etc/shadow file.
Creates a temporary input file of /a/etc/shadow.
Changes the root entry in the /etc/shadow file for the newly installed system by using $PASSWD as the password field.
Removes the temporary /a/etc/shadow file.
Changes the entry from 0 to a 1 in the state file so that the user is not prompted for the root password. The state file is accessed by using the variable SI_SYS_STATE, which has a value currently of /a/etc/.sysIDtool.state. To avoid problems with your scripts if this value changes, always reference this file by using $SI_SYS_STATE. The sed command that is shown here contains a tab character after the 0 and after the 1.

Note -

If you set the system's root password with a finish script, users might attempt to discover the root password from the encrypted password in your finish script. Ensure that you safeguard against users who might try to determine the root password.