From owner-freebsd-questions@FreeBSD.ORG Fri Jan 9 08:45:28 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E63C106564A for ; Fri, 9 Jan 2009 08:45:28 +0000 (UTC) (envelope-from info@bert-jan.com) Received: from bert-jan.com (bert-jan.com [81.23.226.10]) by mx1.freebsd.org (Postfix) with ESMTP id A9D0F8FC1F for ; Fri, 9 Jan 2009 08:45:27 +0000 (UTC) (envelope-from info@bert-jan.com) Received: (qmail 16173 invoked by uid 99); 9 Jan 2009 09:45:25 +0100 Received: from static.kpn.net ([194.123.221.29]) (SquirrelMail authenticated user postmaster@bert-jan.com) by admin.bert-jan.com with HTTP; Fri, 9 Jan 2009 09:45:25 +0100 (CET) Message-ID: <9d5014697dd38400633bdcdd89c9e875.squirrel@admin.bert-jan.com> In-Reply-To: <44k595qz3o.fsf@be-well.ilk.org> References: <20af5b6d6703bc7b2575a763e7c70822.squirrel@admin.bert-jan.com> <44k595qz3o.fsf@be-well.ilk.org> Date: Fri, 9 Jan 2009 09:45:25 +0100 (CET) From: "Bert-Jan" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.16 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: Login accounts don't work after update to 7.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 08:45:28 -0000 > "Bert-Jan" writes: > >> Hi Folks, >> >> I just updated one of my servers from 7.0-RC1 to 7.1-RELEASE. >> >> During the first freebsd-update install, before rebooting, I was >> surprised >> to find that it was going to change my /etc/passwd (deleting all my >> accounts, keeping only the built-in accounts) and /etc/pwd.db and >> /etc/spwd.db. I was quite suspicious so I made copies of them. > > freebsd-update should merge master.passwd, and re-generate all of those > files from there. What did you do with master.passwd? I didn't do anything with it. I didn't know about it (linux experience talking here, only been using freebsd for a year or so). Now that I'm looking at it all the accounts are there, so it was successfully merged indeed. > > Note that backup copies of master.passwd are kept in /var/backup. None > of the other files, because they're generated from there. > >> After rebooting the machine came back online perfectly. I checked >> /etc/passwd but there were no changes yet. Then, as the docs says, I ran >> freebsd-update install again and it took quite a while. *Then* my >> /etc/passwd was changed, so I replaced it with the spare copy I made. Of > > That spare copy doesn't help at all; /etc/passwd is only there as a > convenience to users, and isn't consulted by the system for anything. I noticed, but after logging out as root unfortunately. > >> course I had to test it now so I exitted from root back to my own >> account, >> and you guessed it: I can't su anymore: >> >> $ su - >> su: who are you? >> >> I started up a second session and found my own account doesn't work >> anymore either. So all I have now is an open session with my own >> account. >> I should probably also have copied the two db files back and of course I >> should have left my running root session open and started another one. >> Not >> a very bright moment.. > > Does the root account itself have a password? If you installed a > generic password file, it may be unprotected, and you could log in (but > not su, as that requires you first be logged in as a wheel user, of > which you may have none left) as root without a password if you have a > local terminal (a serial console, for example), and fix things from there. Yes, root has a password. The account I was still logged in with is a wheel user but trying a second session showed I couldn't login with that account anymore either. I really made a mess of it :) > >> Is there a way I can recover the server from this ? >> Of course I can put in a cd and change some passwords, but the server is >> in a datacenter and I don't really have the time to go there and fix it. >> I'm looking for a remote solution. > > I guess you don't have any out-of-band access to the machine, then. You > may be stuck with having to go to it physically, then. Yes, I have been there the day before yesterday, the same day I screwed it up. I logged in as root and didn't even get a password prompt. It was obviously reset to the default password database. I fixed the logins by copying the backups I made of /etc/pwd.db and /etc/spwd.db back. Everything returned to normal. It reminded me that freebsd-update had told me it wanted to change things in both those files, but since they're binary it didn't show me a diff. My error thus was that I logged out as root before restoring those. Very nasty, having to drive to the datacenter (about 100km from my home) just to copy two files. But now I know for sure this won't happen to me again :) I do find it strange though, that freebsd-update replaced those files, even though it tells you it's going to change them. What is the proper way to handle this ? Can I run a command after the update finishes that regenerates the account databases from the master.passwd ? I checked the history and *I* never touched it during the update, so it was merged like it should. > >> It's probably not much help but there's one jail running on it that's >> still working fine. I can login and su on that one, but I don't know if >> I >> can use it to repair the main system. > > I sure hope that won't help. That would defeat the point of jails, > wouldn't it? ;-) Yes indeed ;) Thanks for the explanations. I still have a lot to learn of freebsd, having been a Slackware Linux user for about 7 years, I've started my first freebsd server about a year ago. So far I like it very much. Keeping the whole system updated with freebsd-update and the whole ports system is just a breeze. Sometimes like this things get screwed up, but the same has happened to me several times with Linux, so no hard feelings :) > > -- > Lowell Gilbert, embedded/networking software engineer, Boston area > http://be-well.ilk.org/~lowell/ >