> "Bert-Jan" <i...@bert-jan.com> writes: > >> Hi Folks, >> >> I just updated one of my servers from 7.0-RC1 to 7.1-RELEASE. >> >> During the first freebsd-update install, before rebooting, I was >> surprised >> to find that it was going to change my /etc/passwd (deleting all my >> accounts, keeping only the built-in accounts) and /etc/pwd.db and >> /etc/spwd.db. I was quite suspicious so I made copies of them. > > freebsd-update should merge master.passwd, and re-generate all of those > files from there. What did you do with master.passwd?
I didn't do anything with it. I didn't know about it (linux experience talking here, only been using freebsd for a year or so). Now that I'm looking at it all the accounts are there, so it was successfully merged indeed. > > Note that backup copies of master.passwd are kept in /var/backup. None > of the other files, because they're generated from there. > >> After rebooting the machine came back online perfectly. I checked >> /etc/passwd but there were no changes yet. Then, as the docs says, I ran >> freebsd-update install again and it took quite a while. *Then* my >> /etc/passwd was changed, so I replaced it with the spare copy I made. Of > > That spare copy doesn't help at all; /etc/passwd is only there as a > convenience to users, and isn't consulted by the system for anything. I noticed, but after logging out as root unfortunately. > >> course I had to test it now so I exitted from root back to my own >> account, >> and you guessed it: I can't su anymore: >> >> $ su - >> su: who are you? >> >> I started up a second session and found my own account doesn't work >> anymore either. So all I have now is an open session with my own >> account. >> I should probably also have copied the two db files back and of course I >> should have left my running root session open and started another one. >> Not >> a very bright moment.. > > Does the root account itself have a password? If you installed a > generic password file, it may be unprotected, and you could log in (but > not su, as that requires you first be logged in as a wheel user, of > which you may have none left) as root without a password if you have a > local terminal (a serial console, for example), and fix things from there. Yes, root has a password. The account I was still logged in with is a wheel user but trying a second session showed I couldn't login with that account anymore either. I really made a mess of it :) > >> Is there a way I can recover the server from this ? >> Of course I can put in a cd and change some passwords, but the server is >> in a datacenter and I don't really have the time to go there and fix it. >> I'm looking for a remote solution. > > I guess you don't have any out-of-band access to the machine, then. You > may be stuck with having to go to it physically, then. Yes, I have been there the day before yesterday, the same day I screwed it up. I logged in as root and didn't even get a password prompt. It was obviously reset to the default password database. I fixed the logins by copying the backups I made of /etc/pwd.db and /etc/spwd.db back. Everything returned to normal. It reminded me that freebsd-update had told me it wanted to change things in both those files, but since they're binary it didn't show me a diff. My error thus was that I logged out as root before restoring those. Very nasty, having to drive to the datacenter (about 100km from my home) just to copy two files. But now I know for sure this won't happen to me again :) I do find it strange though, that freebsd-update replaced those files, even though it tells you it's going to change them. What is the proper way to handle this ? Can I run a command after the update finishes that regenerates the account databases from the master.passwd ? I checked the history and *I* never touched it during the update, so it was merged like it should. > >> It's probably not much help but there's one jail running on it that's >> still working fine. I can login and su on that one, but I don't know if >> I >> can use it to repair the main system. > > I sure hope that won't help. That would defeat the point of jails, > wouldn't it? ;-) Yes indeed ;) Thanks for the explanations. I still have a lot to learn of freebsd, having been a Slackware Linux user for about 7 years, I've started my first freebsd server about a year ago. So far I like it very much. Keeping the whole system updated with freebsd-update and the whole ports system is just a breeze. Sometimes like this things get screwed up, but the same has happened to me several times with Linux, so no hard feelings :) > > -- > Lowell Gilbert, embedded/networking software engineer, Boston area > http://be-well.ilk.org/~lowell/ > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"