Skip to main content

How do i restore default permission for “root” directories on Solaris

Q. How do i restore default permission for “root” directories on Solaris?
A. As a sysadmin we get lots of issues from users saying we are unable allowing to login to the machine. It throws the error message "module /usr/lib/security/pam_authtok_get.so.1 writable by group" which occurs b'cos user had changed the group & permission for whole "root" directories using sudo command.
Error Message:techserver console login: root
techserver login: open_module: module /usr/lib/security/pam_authtok_get.so.1 writable by group
techserver login: load_modules: can not open module /usr/lib/security/pam_authtok_get.so.1
techserver login: open_module: module /usr/lib/security/pam_authtok_get.so.1 writable by group
techserver login: load_modules: can not open module /usr/lib/security/pam_authtok_get.so.1
techserver su: load_modules: can not open module /usr/lib/security/pam_dhkeys.so.1
Machine will not allow untill you restore the ownership and group of root files

Before:
#root@techserver:root [/sbin/sh] ls -l /etc/passwd
-rw-r--r-- 1 root sys 1722 Jan 22 2005 /etc/passwd
After:
#root@techserver:root [/sbin/sh] chmod 444 /etc/passwd
#root@techserver:root [/sbin/sh] ls -l /etc/passwd
-r--r--r-- 1 root sys 1722 Jan 22 2005 /etc/passwd/etc/passwd
you can't change each file permission & ownership for whole root directories

/etc/shadow
/usr/bin/login passwd and su
check /etc/pam.conf perms.

So I tried restoring the ownership and group for root files running "pkgchk"
Start the machine with single user mode using cdrom in maintenance mode & mount your devices
Here's an example...use your own devices but you'll need to mount "usr" and "var" under "/a"

"mount -F ufs /dev/dsk/c0t3d0s0 /a" to mount root to /a {Root Partition}
"mount -F ufs /dev/dsk/c0t3d0s1 /a/var" to mount var to /a/var {/var Partition}
"mount -F ufs /dev/dsk/c0t3d0s6 /a/usr" to mount usr to /a/usr {/usr Partition}

once you are done with mounting the partition
# pkgchk -R /a -fv
That should run the pkgchk on /a it will take time to restore the ownership & permission.
Once it is done you will be able to login to the machine.

Related: How to boot system in emergency mode
Feedbacks: We appreciate your feedback and suggestions about our website bala@techgyaan.org
Check out . Follow @techgyaan



Labels:

Comments

Post a Comment

Popular posts from this blog

Download of the Day!

Amarok 2.0.2 has released Amarok is an open source alternative music player for iTunes. Amarok supports Linux, Unix, MacOSX and windows Operating system. It is smiliar to iTunes just drag & drop the songs to play list. Amarok also lets you listen to internet radio ( mp3 streaming ) including music from last.fm . Features Automatic cover Lyrics download Dynamic playlists Visualizations and Podcasting. These are only some of the great new features of Amarok 2. Give it a try! Download here An least but not last - Amarok will also synchronize your music to your iPod. For the more technical users a scripting interface allows you to extend the functionality of Amarok. Print Page Feedbacks: We appreciate feedbacks and suggestions about our website info@techgyaan.org
Post a Comment
Latest Posts

How to fix Solaris "/lib/svc/method/net-physical "network settings is misconfigured”

Yesterday I came across an issue with the server being unable to access it switched to the  maintenance mode with some a strange message; “ How to fix Solaris "/lib/svc/method/net-physical "network settings is misconfigured”. Dec  9 10:05:59 techgyaansvr svc.startd[7]: [ID 652011 daemon.warning] svc:/network/physical:default: Method "/lib/svc/method/net-physical" failed with exit status 96. Dec  9 10:05:59 techgyaansvr svc.startd[7]: [ID 748625 daemon.error] network/physical:default misconfigured: transitioned to maintenance (see 'svcs -xv' for details) Actual message is that the IP address already exists, but is not configured. We need to clear the network & flush the settings to make it accessible Resolution: Check the service which is disabled #svcs –xv [this command will show you the services which is disabled by system] Take the network interface offline #ifconfig eri0 down [this command will bring the interface down] #ifconfig eri0 unplumb [this co...
1 comment
Latest Posts

Increase your RAM? free of cost…Really Worth It!!!!

A Very useful tip . Please try this and use RAM efficiently. Now this is called a tip of the year! While working with the Task Manager I observed the following. You can also try it out. 1.Start any application, say Word. Open some large documents. 2.Now start the Task Manager processor tab and sort the list in descending order on Memory Usage. You will notice that Winword.exe will be somewhere at the top, using multiple MBs of memory. Note down the number. 3.Now switch to Word and simply minimise it. (Do not use the Minimize All option of the task bar). 4. Now go back to the Task Manager and see where Winword.exe is listed. Most probably you will not find it at the top. You will typically have to Scroll to the bottom of the list to find Word. Now check out the amount of RAM it is using. Compare it with the original. Surprised? The memory utilisation has reduced by a huge amount. 5.So where is the tip of the year? Simple? Minimise each application that you are currently not working on ...
Post a Comment
Latest Posts