Date: Sat, 27 May 2023 10:22:38 -0700 (PDT) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Mike Karels <mike@karels.net> Cc: bob prohaska <fbsd@www.zefox.net>, freebsd-current@FreeBSD.org Subject: Re: Surprise null root password Message-ID: <202305271722.34RHMcRG025609@gndrsh.dnsmgr.net> In-Reply-To: <945C9B6D-F2A8-4F0D-BDB0-49A3DE870168@karels.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 26 May 2023, at 12:35, bob prohaska wrote: > > > While going through normal security email from a Pi2 > > running -current I was disturbed to find: > > > > Checking for passwordless accounts: > > root::0:0::0:0:Charlie &:/root:/bin/sh > > > > The machine had locked up on a -j4 buildworld since > > sending the mail, so it was taken off the net, power > > cycled and started single-user. > > > > Sure enough, /etc/master.passwd contained a > > null password for root, but the last modification > > to the file was two weeks ago according to ls -l. > > > > Stranger still, when fsck'd and brought up multi-user, > > the normal password was still honored and a null > > password rejected for both regular and root account. > > > > AFAIK, /etc/master.passwd is _the_ password repository, > > but clearly I'm wrong. > > /etc/master.passwd is the source, but the operational database > is /etc/spwd.db. You should check the date on it as well. > You can rebuild it with ?pwd_mkdb -p /etc/master.passwd?. BUT if infact /etc/master.passwd has been clobbered, BUT /etc/spwd.db still contains the correct data you would not want to do the above, as that would put the null passwd for root into /etc/*pwd.db, and/or possible other accounts. I do not know of a utility that can dump /etc/*pwd.db and recreate a master.passwd file, anyone? > Mike > > > If somebody can tell me what's going on and what to > > check for before placing the machine back on line > > it would be much appreciated. > > > > Thanks for reading, > > > > bob prohaska > > -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202305271722.34RHMcRG025609>