From owner-freebsd-questions@FreeBSD.ORG  Sat Dec 20 11:31:19 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7B64F16A4CE
	for <freebsd-questions@Freebsd.org>;
	Sat, 20 Dec 2003 11:31:19 -0800 (PST)
Received: from integraonline.com (mail-3.integraonline.com [206.163.82.92])
	by mx1.FreeBSD.org (Postfix) with SMTP id 3DAAC43D7D
	for <freebsd-questions@Freebsd.org>;
	Sat, 20 Dec 2003 11:31:00 -0800 (PST)
	(envelope-from markmc@tisimaging.com)
Received: (qmail 27216 invoked from network); 20 Dec 2003 17:44:17 -0000
Received: from unknown (HELO Eeyore)
	(?pbs?davidk.tisimaging.com@199.107.164.126)
	by 0 with SMTP; 20 Dec 2003 17:44:17 -0000
From: "Mark McConnell" <markmc@tisimaging.com>
To: freebsd-questions@Freebsd.org
Date: Sat, 20 Dec 2003 09:44:17 -0800
MIME-Version: 1.0
Message-ID: <3FE419F1.7851.51B6193@localhost>
Priority: normal
X-mailer: Pegasus Mail for Windows (v4.12a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Subject: bad root shell
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Dec 2003 19:31:19 -0000

An error in a pw* script inserted a non-existent shell into the 
password database, effectively locking out root.

I used a fixit disk to correct the problem, using this procedure:

1. mount boot drive to /mnt

2. provide myself with a working mkdb and vi (for chpass):
# mkdir /usr/sbin /usr/bin
# ln -s /mnt/usr/sbin/pwd_mkdb /usr/sbin/pwd_mkdb
# ln -s /mnt/usr/bin/vi /usr/bin/vi

3. link pwd.db, spwd.db, group, passwd, master.passwd, ex:
# rm /etc/group /etc/spwd.db
# for i in `ls /mnt/etc/` ; do ln -s /mnt/etc/$i /etc/$i ; done

4. run mkdb
# /usr/sbin/pwd_mkdb master.passwd

5. Using chpass to change root's shell from `badshell' to csh
# chpass root
:s/badshell/\/bin\/csh/

All of this appears to do work without errors:
# pw usershow -u root
root:*:0:0::0:0:Charlie &:/root:/bin/csh

However, when I log in as root, I am still locked out with the 
message:
$ su
Password: ********
badshell:  No such file or directory

I am still stupid.  I am still locked out.  /etc/passwd and 
/etc/master.passwd no longer show the badshell.  My configuration 
appears to be deeply broken.  Why does my procedure fail?  

Mark
--
Mark McConnell - Portland, OR
Technical Imaging Systems
markmc@tisimaging.com
503-546-0517
mkmcconn@hevanet.com
503-257-7591