Q. How do i restore default permission for directories on Solaris?
A. As a sysadmin we get lots of issues from users saying we are unable to login to the machine.

It throws the error message “module /usr/lib/security/pam_authtok_get.so.1 writable by group” which occurs because user had changed the group & permission for whole “root” directories using sudo command.

Error Message: techserver console login: root
techserver login: open_module: module /usr/lib/security/pam_authtok_get.so.1 writable by group
techserver login: load_modules: can not open module /usr/lib/security/pam_authtok_get.so.1
techserver login: open_module: module /usr/lib/security/pam_authtok_get.so.1 writable by group
techserver login: load_modules: can not open module /usr/lib/security/pam_authtok_get.so.1
techserver su: load_modules: can not open module /usr/lib/security/pam_dhkeys.so.1

Machine will not allow any activity untill you restore the ownership and group of root files

Before:
# root@techserver:root [/sbin/sh] ls -l /etc/passwd
-rw-r–r– 1 root sys 1722 Jan 22 2007 /etc/passwd

After:
# root@techserver:root [/sbin/sh] chmod 444 /etc/passwd
# root@techserver:root [/sbin/sh] ls -l /etc/passwd
-r–r–r– 1 root sys 1722 Jan 22 2007 /etc/passwd/etc/passwd
you can’t change each file permission & ownership for whole root directories

/etc/shadow
/usr/bin/login passwd and su
check /etc/pam.conf perms.

So I tried restoring the ownership and group for root files running “pkgchk
Start the machine with single user mode using cdrom in maintenance mode & mount your devices
Here’s an example…use your own devices but you’ll need to mount “usr” and “var” under “/a”

“mount -F ufs /dev/dsk/c0t3d0s0 /a” to mount root to /a {Root Partition}
“mount -F ufs /dev/dsk/c0t3d0s1 /a/var” to mount var to /a/var {/var Partition}
“mount -F ufs /dev/dsk/c0t3d0s6 /a/usr” to mount usr to /a/usr {/usr Partition}

once you are done with mounting the partition

# pkgchk -R /a -fv

That should run the pkgchk on /a it will take time to restore the ownership & permission.

Once it is done you will be able to login to the machine.

Related: How to boot system in emergency mode


Feedbacks: We appreciate your feedback and suggestions about our website bala@techgyaan.org
Check out . Follow @techgyaan