Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 08 Jan 2009 16:14:51 -0500
From:      Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To:        "Bert-Jan" <info@bert-jan.com>
Cc:        freebsd-questions@freebsd.org, cperciva@freebsd.org
Subject:   Re: Login accounts don't work after update to 7.1
Message-ID:  <44k595qz3o.fsf@be-well.ilk.org>
In-Reply-To: <20af5b6d6703bc7b2575a763e7c70822.squirrel@admin.bert-jan.com> (Bert-Jan's message of "Wed\, 7 Jan 2009 13\:47\:43 %2B0100 \(CET\)")
References:  <20af5b6d6703bc7b2575a763e7c70822.squirrel@admin.bert-jan.com>

next in thread | previous in thread | raw e-mail | index | archive | help
"Bert-Jan" <info@bert-jan.com> writes:

> Hi Folks,
>
> I just updated one of my servers from 7.0-RC1 to 7.1-RELEASE.
>
> During the first freebsd-update install, before rebooting, I was surprised
> to find that it was going to change my /etc/passwd (deleting all my
> accounts, keeping only the built-in accounts) and /etc/pwd.db and
> /etc/spwd.db. I was quite suspicious so I made copies of them.

freebsd-update should merge master.passwd, and re-generate all of those
files from there.  What did you do with master.passwd?  

Note that backup copies of master.passwd are kept in /var/backup.  None
of the other files, because they're generated from there.

> After rebooting the machine came back online perfectly. I checked
> /etc/passwd but there were no changes yet. Then, as the docs says, I ran
> freebsd-update install again and it took quite a while. *Then* my
> /etc/passwd was changed, so I replaced it with the spare copy I made. Of

That spare copy doesn't help at all; /etc/passwd is only there as a
convenience to users, and isn't consulted by the system for anything.

> course I had to test it now so I exitted from root back to my own account,
> and you guessed it: I can't su anymore:
>
> $ su -
> su: who are you?
>
> I started up a second session and found my own account doesn't work
> anymore either. So all I have now is an open session with my own account.
> I should probably also have copied the two db files back and of course I
> should have left my running root session open and started another one. Not
> a very bright moment..

Does the root account itself have a password?  If you installed a
generic password file, it may be unprotected, and you could log in (but
not su, as that requires you first be logged in as a wheel user, of
which you may have none left) as root without a password if you have a
local terminal (a serial console, for example), and fix things from there.

> Is there a way I can recover the server from this ?
> Of course I can put in a cd and change some passwords, but the server is
> in a datacenter and I don't really have the time to go there and fix it.
> I'm looking for a remote solution.

I guess you don't have any out-of-band access to the machine, then.  You
may be stuck with having to go to it physically, then.

> It's probably not much help but there's one jail running on it that's
> still working fine. I can login and su on that one, but I don't know if I
> can use it to repair the main system.

I sure hope that won't help.  That would defeat the point of jails,
wouldn't it? ;-)

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org/~lowell/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44k595qz3o.fsf>