> On 26 May 2023, at 12:35, bob prohaska wrote: > > > While going through normal security email from a Pi2 > > running -current I was disturbed to find: > > > > Checking for passwordless accounts: > > root::0:0::0:0:Charlie &:/root:/bin/sh > > > > The machine had locked up on a -j4 buildworld since > > sending the mail, so it was taken off the net, power > > cycled and started single-user. > > > > Sure enough, /etc/master.passwd contained a > > null password for root, but the last modification > > to the file was two weeks ago according to ls -l. > > > > Stranger still, when fsck'd and brought up multi-user, > > the normal password was still honored and a null > > password rejected for both regular and root account. > > > > AFAIK, /etc/master.passwd is _the_ password repository, > > but clearly I'm wrong. > > /etc/master.passwd is the source, but the operational database > is /etc/spwd.db. You should check the date on it as well. > You can rebuild it with ?pwd_mkdb -p /etc/master.passwd?.
BUT if infact /etc/master.passwd has been clobbered, BUT /etc/spwd.db still contains the correct data you would not want to do the above, as that would put the null passwd for root into /etc/*pwd.db, and/or possible other accounts. I do not know of a utility that can dump /etc/*pwd.db and recreate a master.passwd file, anyone? > Mike > > > If somebody can tell me what's going on and what to > > check for before placing the machine back on line > > it would be much appreciated. > > > > Thanks for reading, > > > > bob prohaska > > -- Rod Grimes rgri...@freebsd.org
