On 26 May 2023, at 12:35, bob prohaska wrote:
> While going through normal security email from a Pi2
> running -current I was disturbed to find:
>
> Checking for passwordless accounts:
> root::0:0::0:0:Charlie &:/root:/bin/sh
>
> The machine had locked up on a -j4 buildworld since
> sending the mail, so it was taken off the net, power
> cycled and started single-user.
>
> Sure enough, /etc/master.passwd contained a
> null password for root, but the last modification
> to the file was two weeks ago according to ls -l.
>
> Stranger still, when fsck'd and brought up multi-user,
> the normal password was still honored and a null
> password rejected for both regular and root account.
>
> AFAIK, /etc/master.passwd is _the_ password repository,
> but clearly I'm wrong.
/etc/master.passwd is the source, but the operational database
is /etc/spwd.db. You should check the date on it as well.
You can rebuild it with “pwd_mkdb -p /etc/master.passwd”.
Mike
> If somebody can tell me what's going on and what to
> check for before placing the machine back on line
> it would be much appreciated.
>
> Thanks for reading,
>
> bob prohaska
