From owner-freebsd-questions@FreeBSD.ORG Thu Jan 8 21:14:53 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC3DC1065796 for ; Thu, 8 Jan 2009 21:14:53 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net [69.17.117.3]) by mx1.freebsd.org (Postfix) with ESMTP id 839008FC14 for ; Thu, 8 Jan 2009 21:14:53 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 184 invoked from network); 8 Jan 2009 21:14:52 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 8 Jan 2009 21:14:52 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id C661450825; Thu, 8 Jan 2009 16:14:51 -0500 (EST) To: "Bert-Jan" References: <20af5b6d6703bc7b2575a763e7c70822.squirrel@admin.bert-jan.com> From: Lowell Gilbert Date: Thu, 08 Jan 2009 16:14:51 -0500 In-Reply-To: <20af5b6d6703bc7b2575a763e7c70822.squirrel@admin.bert-jan.com> (Bert-Jan's message of "Wed\, 7 Jan 2009 13\:47\:43 +0100 \(CET\)") Message-ID: <44k595qz3o.fsf@be-well.ilk.org> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org, cperciva@freebsd.org Subject: Re: Login accounts don't work after update to 7.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2009 21:14:54 -0000 "Bert-Jan" writes: > Hi Folks, > > I just updated one of my servers from 7.0-RC1 to 7.1-RELEASE. > > During the first freebsd-update install, before rebooting, I was surprised > to find that it was going to change my /etc/passwd (deleting all my > accounts, keeping only the built-in accounts) and /etc/pwd.db and > /etc/spwd.db. I was quite suspicious so I made copies of them. freebsd-update should merge master.passwd, and re-generate all of those files from there. What did you do with master.passwd? Note that backup copies of master.passwd are kept in /var/backup. None of the other files, because they're generated from there. > After rebooting the machine came back online perfectly. I checked > /etc/passwd but there were no changes yet. Then, as the docs says, I ran > freebsd-update install again and it took quite a while. *Then* my > /etc/passwd was changed, so I replaced it with the spare copy I made. Of That spare copy doesn't help at all; /etc/passwd is only there as a convenience to users, and isn't consulted by the system for anything. > course I had to test it now so I exitted from root back to my own account, > and you guessed it: I can't su anymore: > > $ su - > su: who are you? > > I started up a second session and found my own account doesn't work > anymore either. So all I have now is an open session with my own account. > I should probably also have copied the two db files back and of course I > should have left my running root session open and started another one. Not > a very bright moment.. Does the root account itself have a password? If you installed a generic password file, it may be unprotected, and you could log in (but not su, as that requires you first be logged in as a wheel user, of which you may have none left) as root without a password if you have a local terminal (a serial console, for example), and fix things from there. > Is there a way I can recover the server from this ? > Of course I can put in a cd and change some passwords, but the server is > in a datacenter and I don't really have the time to go there and fix it. > I'm looking for a remote solution. I guess you don't have any out-of-band access to the machine, then. You may be stuck with having to go to it physically, then. > It's probably not much help but there's one jail running on it that's > still working fine. I can login and su on that one, but I don't know if I > can use it to repair the main system. I sure hope that won't help. That would defeat the point of jails, wouldn't it? ;-) -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/