Skip to main content

How do i restore default permission for “root” directories on Solaris

Q. How do i restore default permission for “root” directories on Solaris?
A
. As a sysadmin we get lots of issues from users saying we are unable allowing to login to the machine. It throws the error message "module /usr/lib/security/pam_authtok_get.so.1 writable by group" which occurs b'cos user had changed the group & permission for whole "root" directories using sudo command.

Error Message:techserver console login: root
techserver login: open_module: module /usr/lib/security/pam_authtok_get.so.1 writable by group
techserver login: load_modules: can not open module /usr/lib/security/pam_authtok_get.so.1
techserver login: open_module: module /usr/lib/security/pam_authtok_get.so.1 writable by group
techserver login: load_modules: can not open module /usr/lib/security/pam_authtok_get.so.1
techserver su: load_modules: can not open module /usr/lib/security/pam_dhkeys.so.1

Machine will not allow untill you restore the ownership and group of root files

Before:

#root@techserver:root [/sbin/sh] ls -l /etc/passwd
-rw-r--r-- 1 root sys 1722 Jan 22 2005 /etc/passwd
After:
#root@techserver:root [/sbin/sh] chmod 444 /etc/passwd
#root@techserver:root [/sbin/sh] ls -l /etc/passwd
-r--r--r-- 1 root sys 1722 Jan 22 2005 /etc/passwd/etc/passwd
you can't change each file permission & ownership for whole root directories

/etc/shadow
/usr/bin/login passwd and su
check /etc/pam.conf perms.

So I tried restoring the ownership and group for root files running "pkgchk"
Start the machine with single user mode using cdrom in maintenance mode & mount your devices
Here's an example...use your own devices but you'll need to mount "usr" and "var" under "/a"

"mount -F ufs /dev/dsk/c0t3d0s0 /a" to mount root to /a {Root Partition}
"mount -F ufs /dev/dsk/c0t3d0s1 /a/var" to mount var to /a/var {/var Partition}
"mount -F ufs /dev/dsk/c0t3d0s6 /a/usr" to mount usr to /a/usr {/usr Partition}

once you are done with mounting the partition
# pkgchk -R /a -fv
That should run the pkgchk on /a it will take time to restore the ownership & permission.
Once it is done you will be able to login to the machine.

Related: How to boot system in emergency mode
Feedbacks: We appreciate your feedback and suggestions about our website bala@techgyaan.org
Check out . Follow @techgyaan



Comments

Popular posts from this blog

Download of the Day!

Amarok 2.0.2 has released Amarok is an open source alternative music player for iTunes. Amarok supports Linux, Unix, MacOSX and windows Operating system. It is smiliar to iTunes just drag & drop the songs to play list. Amarok also lets you listen to internet radio ( mp3 streaming ) including music from last.fm . Features Automatic cover Lyrics download Dynamic playlists Visualizations and Podcasting. These are only some of the great new features of Amarok 2. Give it a try! Download here An least but not last - Amarok will also synchronize your music to your iPod. For the more technical users a scripting interface allows you to extend the functionality of Amarok. Print Page Feedbacks: We appreciate feedbacks and suggestions about our website info@techgyaan.org

How to install WebLogic 8 on Solaris 10

Lets start the installation Login to solaris box use sudo command to install the application. $ ./server814_solaris32.bin Extracting 0%……………………………………………………………………………………….100% Unable to instantiate GUI, defaulting to console mode. Welcome: ——– ————— This installer will guide you through the installation of WebLogic Server 8.1 SP4. Type “ Next” or enter to proceed to thenext prompt. If you want to change data entered previously, type “Previous”. You may quit the installer at any time by typing “ Exit”. Enter [Exit][Next]> BEA Systems License Agreement: —————————— BEA SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT USE OF SOFTWARE ORDERED FROM BEA SYSTEMS, INC. (”BEA”) IS PROVIDED ONLY UNDER LICENSE FROM BEA. PLEASE READ THE FOLLOWING LICENSE CAREFULLY AND INDICATE YOUR ACCEPTANCE BY CLICKING THE ACCEPTANCE BOX. CERTAIN CAPITALIZED TERMS ARE DEFINED IN SECTION 11. 1. LICENSE TERMS a. Workshop Free Use. The terms of this Section 1(a) are applicable to you if you h...

Sysadmin Daily Commands

Some of these commands are used by unix/linux administrator in his/her day-to-day activities  cat to concatenate files to standard output chgrp to change file group ownership chmod to change file access permissions chown to change file owner and group cp to copy files and directories date to print or set the system data and time dd to convert and copy a file df to report filesystem disk space usage dmesg to print or control the kernel message buffer echo to display a line of text hostname to show or set the system's host name kill to send signals to processes ln to make links between files login to begin a session on the system ls to list directory contents mkdir to make directories mknod to make block or character special files more to page through text mount to mount a filesystem mv to move/rename files ps to report process status pwd to print na...