Solaris 10 Root Shell Recovery
Posted in Solaris, System Administration on 04/03/2009 07:00 am by jmccune
Solaris
Contrary to recommendations from seasoned Unix admins, it’s perfectly acceptable to change the root shell from the bourne shell to something like bash. The most common reason to leave the root shell alone usually goes something like, “you need a valid and statically linked shell defined in /etc/passwd to boot into single user mode if you need to recover your system.”
There’s a really nice list of Solaris root shell misconceptions published at http://www.roble.com/docs/sol_root_shell.html.
Fortunately for me, this isn’t the case in Solaris 10. While setting up a new Solaris 10 system today, I accidentally set root’s shell to /sbin/bash instead of /usr/bin/bash. /sbin/bash doesn’t exist, so I could no longer log into the system.
Luckily, this is a system with a Dell RAC card setup for remote console access. I logged into the RAC and issued a “graceful shutdown” power off command, which Solaris responded to nicely and brought the system entirely down. Once I powered the system back on, it’s simply a matter of booting into single user mode by passing the -s flag to the kernel.
Solaris 10 is smart enough to fall back to /sbin/sh if it can’t invoke the shell defined in /etc/passwd booted into single user mode. So long as you don’t horribly mangle /sbin/sh and the libraries it’s linked to, you’ll be fine changing the root shell to anything you like.
Here’s how it went:
04/03/2009 at 12:27 pm
How often has the traditional shell recommendation actually been useful for you? I’ve run a fair number of Unix servers over the years and it’s been at least a decade since I’ve had a system fail in such a way where a statically linked shell on the root partition could have prevented a reinstall.
04/05/2009 at 7:19 pm
Changing root’s shell on a solaris machine has never bitten me personally, although I’ve never been responsible for anything other than Solaris 10 machines. I have heard first hand accounts regarding the prudence of this recommendation.
Evidently with Solaris 5.9 and earlier, changing the shell might prevent single user mode from working if the shell’s linked libraries aren’t accessible.
04/17/2009 at 4:06 pm
Instead of changing the shell, why not just add a line to ~root/.profile:
exec /usr/bin/bash
If something happens to bash, you’ll just get a ‘command not found’ error.
Cheers,
Brent
04/29/2009 at 7:19 am
@Brent
Thank you for this suggestion. I haven’t run into this method while researching the root shell in Solaris 10, is this a common solution or a best practice as far as you know?
Thanks for contributing,
-Jeff