Date: Fri, 26 May 2023 13:03:19 -0500 From: Mike Karels <mike@karels.net> To: bob prohaska <fbsd@www.zefox.net> Cc: freebsd-current@freebsd.org Subject: Re: Surprise null root password Message-ID: <945C9B6D-F2A8-4F0D-BDB0-49A3DE870168@karels.net> In-Reply-To: <ZHDt21wFlpJfQKEs@www.zefox.net> References: <ZHDt21wFlpJfQKEs@www.zefox.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26 May 2023, at 12:35, bob prohaska wrote: > While going through normal security email from a Pi2 > running -current I was disturbed to find: > > Checking for passwordless accounts: > root::0:0::0:0:Charlie &:/root:/bin/sh > > The machine had locked up on a -j4 buildworld since > sending the mail, so it was taken off the net, power > cycled and started single-user. > > Sure enough, /etc/master.passwd contained a > null password for root, but the last modification > to the file was two weeks ago according to ls -l. > > Stranger still, when fsck'd and brought up multi-user, > the normal password was still honored and a null > password rejected for both regular and root account. > > AFAIK, /etc/master.passwd is _the_ password repository, > but clearly I'm wrong. /etc/master.passwd is the source, but the operational database is /etc/spwd.db. You should check the date on it as well. You can rebuild it with “pwd_mkdb -p /etc/master.passwd”. Mike > If somebody can tell me what's going on and what to > check for before placing the machine back on line > it would be much appreciated. > > Thanks for reading, > > bob prohaska
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?945C9B6D-F2A8-4F0D-BDB0-49A3DE870168>