From owner-freebsd-stable@freebsd.org Thu Aug 22 02:07:40 2019 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2F742DAA87 for ; Thu, 22 Aug 2019 02:07:40 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46DSbb2T9Kz3NjQ for ; Thu, 22 Aug 2019 02:07:38 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-lj1-f177.google.com with SMTP id e24so3981409ljg.11 for ; Wed, 21 Aug 2019 19:07:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=z0GkD0WQ5m59ylxsDyTnxZU3ldAUPqUD4+g9qmtXJU0=; b=sXs0v3cA7J9AdVpTSvYqh6+D2wDmRv8MxOvKYmq2xEq17MmwSoNXH4u5euMcCOYzNG c+wxIsUaQJbnwwb2p1qPFkSqAqOUkwT1hoC7nXKs68AlDm5GUUU5I0mS0/XoJujHViPF Ak+zdZ1mL+jqsLKMHzauvVox9Xn3ksmBq1/jCqHCrQi9EyxVWGs+NE/kn+J6PPMMHb6R j3p/ffsH76BO3HXgByNjjipAslyS9QMAESg/v5NRGfGVZ8XZfsVg/G+XatgFAQkj3Bp9 ys569ZUqzAFrDxtZpv/zohqvgEP1di5i1BOz6JzHoj099g4603tY01SYVUNZBQVkEYeX ynSA== X-Gm-Message-State: APjAAAXsTg21vBe0ClWVdQecpcf3gxNoOSCSf3GIxoh4wEhO1YRmcQ/P 7MKyaYks7+15UKwcBIxDSbGZ5eTTNwAcciGSRClEx+76 X-Google-Smtp-Source: APXvYqy/JqO3tt40Zd/6o1oMe7rLL8/Vd9u3kHejkIX250NSd/AeIBzZBFKs5jL+WPFkG4pv86xC/APKPfy7NZMczoY= X-Received: by 2002:a2e:864c:: with SMTP id i12mr2991225ljj.88.1566439657045; Wed, 21 Aug 2019 19:07:37 -0700 (PDT) MIME-Version: 1.0 References: <208B5647-9D41-4F0E-9111-32CBFF8491D1@samplonius.org> In-Reply-To: <208B5647-9D41-4F0E-9111-32CBFF8491D1@samplonius.org> From: Alan Somers Date: Wed, 21 Aug 2019 20:07:25 -0600 Message-ID: Subject: Re: chsh corrupts /etc/pwd.db To: Tom Samplonius Cc: FreeBSD Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 46DSbb2T9Kz3NjQ X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of asomers@gmail.com designates 209.85.208.177 as permitted sender) smtp.mailfrom=asomers@gmail.com X-Spamd-Result: default: False [-4.26 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.995,0]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[177.208.85.209.list.dnswl.org : 127.0.5.0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-1.27)[ip: (-0.57), ipnet: 209.85.128.0/17(-3.35), asn: 15169(-2.35), country: US(-0.05)]; FORGED_SENDER(0.30)[asomers@freebsd.org,asomers@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[asomers@freebsd.org,asomers@gmail.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Aug 2019 02:07:40 -0000 On Wed, Aug 21, 2019 at 7:22 PM Tom Samplonius wrote: > > > > On Aug 21, 2019, at 2:55 PM, Alan Somers wrote: > > Today I tried to use chsh to change my shell from bash to fish. The > command completed successfully, but new logins continued to use bash! > Investigating, I discovered that /etc/pwd.db and /etc/spwd.db seem to > contain 3-4 entries per user. One of those still refers to my old > > > Berkeley DB files can only have a single index, so users are stored thr= ee times, once by username, once by uid, and once by line number. So that = isn=E2=80=99t corruption. But why was my entry stored four times? > > > shell. Worse, if I try using chsh again, it fails with an "entry > inconsistent" error, and I have to restore the password files from > backup. Has anybody seen something like this before? This is just a > single system, with no NIS or LDAP. > > > You shouldn=E2=80=99t need to restore the files. You should be able to= just regenerate the *.db files from the master.passwd file: > > /usr/sbin/pwd_mkdb -p /etc/master.passwd Ok, that worked. Thanks! > > > Unless, of course your master.passwd file was damaged. But the *.db file= s are really just caches for faster access to user data. The real master f= ile is master.passwd. > > > The ch* tools typically just change master.passwd, and then call pwd_mkdb= to rebuild the *.db files. The pwd.db file from before the snapshot only has three entries. From after, it has four, and one of them has the wrong shell. So it does seem that chsh is corrupting the file. And fortunately the problem is repeatable. Any ideas about how to debug it? -Alan P.S. I failed to mention earlier that this is happening on 12.0-RELEASE-p10 -Alan