Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 08 Jan 2009 16:14:51 -0500
From:      Lowell Gilbert <>
To:        "Bert-Jan" <>
Subject:   Re: Login accounts don't work after update to 7.1
Message-ID:  <>
In-Reply-To: <> (Bert-Jan's message of "Wed\, 7 Jan 2009 13\:47\:43 +0100 \(CET\)")
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
"Bert-Jan" <> writes:

> Hi Folks,
> I just updated one of my servers from 7.0-RC1 to 7.1-RELEASE.
> During the first freebsd-update install, before rebooting, I was surprised
> to find that it was going to change my /etc/passwd (deleting all my
> accounts, keeping only the built-in accounts) and /etc/pwd.db and
> /etc/spwd.db. I was quite suspicious so I made copies of them.

freebsd-update should merge master.passwd, and re-generate all of those
files from there.  What did you do with master.passwd?  

Note that backup copies of master.passwd are kept in /var/backup.  None
of the other files, because they're generated from there.

> After rebooting the machine came back online perfectly. I checked
> /etc/passwd but there were no changes yet. Then, as the docs says, I ran
> freebsd-update install again and it took quite a while. *Then* my
> /etc/passwd was changed, so I replaced it with the spare copy I made. Of

That spare copy doesn't help at all; /etc/passwd is only there as a
convenience to users, and isn't consulted by the system for anything.

> course I had to test it now so I exitted from root back to my own account,
> and you guessed it: I can't su anymore:
> $ su -
> su: who are you?
> I started up a second session and found my own account doesn't work
> anymore either. So all I have now is an open session with my own account.
> I should probably also have copied the two db files back and of course I
> should have left my running root session open and started another one. Not
> a very bright moment..

Does the root account itself have a password?  If you installed a
generic password file, it may be unprotected, and you could log in (but
not su, as that requires you first be logged in as a wheel user, of
which you may have none left) as root without a password if you have a
local terminal (a serial console, for example), and fix things from there.

> Is there a way I can recover the server from this ?
> Of course I can put in a cd and change some passwords, but the server is
> in a datacenter and I don't really have the time to go there and fix it.
> I'm looking for a remote solution.

I guess you don't have any out-of-band access to the machine, then.  You
may be stuck with having to go to it physically, then.

> It's probably not much help but there's one jail running on it that's
> still working fine. I can login and su on that one, but I don't know if I
> can use it to repair the main system.

I sure hope that won't help.  That would defeat the point of jails,
wouldn't it? ;-)

Lowell Gilbert, embedded/networking software engineer, Boston area

Want to link to this message? Use this URL: <>