From nobody Sat May 27 17:36:18 2023
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QT8913VhGz4V4jX
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Sat, 27 May 2023 17:36:21 +0000 (UTC)
	(envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QT8910b0Wz3wlv
	for <freebsd-current@FreeBSD.org>; Sat, 27 May 2023 17:36:20 +0000 (UTC)
	(envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Authentication-Results: mx1.freebsd.org;
	none
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1])
	by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 34RHaIZH025654;
	Sat, 27 May 2023 10:36:18 -0700 (PDT)
	(envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: (from freebsd-rwg@localhost)
	by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 34RHaI1H025653;
	Sat, 27 May 2023 10:36:18 -0700 (PDT)
	(envelope-from freebsd-rwg)
From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Message-Id: <202305271736.34RHaI1H025653@gndrsh.dnsmgr.net>
Subject: Re: Surprise null root password
In-Reply-To: <ZHFqzf9A90L9NfJb@www.zefox.net>
To: bob prohaska <fbsd@www.zefox.net>
Date: Sat, 27 May 2023 10:36:18 -0700 (PDT)
CC: freebsd-current@FreeBSD.org
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Rspamd-Queue-Id: 4QT8910b0Wz3wlv
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

> It turns out all seven hosts in my cluster report
> a null password for root in /usr/src/etc/master.passwd:
> root::0:0::0:0:Charlie &:/root:/bin/sh
> 
> Is that intentional?

No, but I suspect your build/update procedures are infact telling
the system to do this.  Someone else pointed out etcupdate, which
iirc you are using, with the update of "thiers all" infact would
overwrite /etc/master.passwd.  I do not know that etcupdate has
the smarts to know that if it overwrites /etc/master.passwd it
needs to run a pwd_mkdb -p /etc/master.passwd.  etcupdate infact
does have the smarts to run a pwd_mkdb.

Hum, it also has some special casing of PREWORLD_FILES, which 
is /etc/master.passwd and etc/group.  Perhaps something in that
process went wrong.

-- 
Rod Grimes                                                 rgrimes@freebsd.org