From owner-freebsd-security@freebsd.org Sun Feb 28 11:12:35 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 46ECB56803C for ; Sun, 28 Feb 2021 11:12:35 +0000 (UTC) (envelope-from lehel@maxer.hu) Received: from mail.maxer.hu (mail.maxer.hu [178.238.210.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DpLMk2Z7zz3j3S for ; Sun, 28 Feb 2021 11:12:33 +0000 (UTC) (envelope-from lehel@maxer.hu) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=maxer.hu; s=maxer01; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Q+7v5sB2iRnEA9SwfgM16sFmJ86VmUuY+G72uqDQDMI=; b=SpiL9eli4QFV1iMrpGci9uDiy5 fpskqmP8S6G4LX2t3uOot19UfzwzLu/kl5QeTgme2oFMPhigfv/zuzABAQ9kl/BY6fBTAcnA3XNzk 84KtbEvsfuCFtOlvSb3WQHDBaVaTimhMmJIxZLQIHA/V67CLVTMBq8NxThALqZFBrz6Y=; Received: from host-109-110-150-129.kabelszat2002.hu ([109.110.150.129] helo=aurora) by mail.maxer.hu with esmtpsa (lehel@maxer.hu) (cypher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1lGJzs-0004H2-Ok; Sun, 28 Feb 2021 12:12:24 +0100 Date: Sun, 28 Feb 2021 12:12:23 +0100 From: Lehel Bernadt To: Gareth de Vaux Cc: FreeBSD-security@freebsd.org Subject: Re: user account disappeared Message-ID: <20210228111223.z2gogfincelvaw7q@aurora> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="hs3mjxui4v6e5rdf" Content-Disposition: inline In-Reply-To: X-Warning: client sent invalid HELO hostname X-Rspamd-Queue-Id: 4DpLMk2Z7zz3j3S X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=maxer.hu header.s=maxer01 header.b=SpiL9eli; dmarc=none; spf=pass (mx1.freebsd.org: domain of lehel@maxer.hu designates 178.238.210.95 as permitted sender) smtp.mailfrom=lehel@maxer.hu X-Spamd-Result: default: False [-5.10 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[178.238.210.95:from]; R_DKIM_ALLOW(-0.20)[maxer.hu:s=maxer01]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:178.238.210.0/24]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[maxer.hu]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; SPAMHAUS_ZRD(0.00)[178.238.210.95:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[maxer.hu:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:29278, ipnet:178.238.208.0/21, country:HU]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[FreeBSD-security]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Feb 2021 11:12:35 -0000 --hs3mjxui4v6e5rdf Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 28, 2021 at 10:58:08AM +0200, Gareth de Vaux wrote: >On Sat 2021-02-27 (18:12), J. Hellenthal wrote: >> Looks like your master passwd db is out of sync. >> >> Command is mkpwdb or something similar then run init q >> >> Personally it would seem someone got ahold of master.passwd and doesn???= t know how it works or a port upgrade failed to complete properly updating = the db > >I'm the only one with root on the machine, and it doesn't look like ports = changed any users >looking at my backups of /etc/passwd. The only change in that area was whe= n I changed the passwd >with passwd(1) of a different user. So passwd(1) or something similar is b= uggy? FreeBSD gets the user data from the bdb format database files pwd.db &=20 spwd.db. These are generated from /etc/master.passwd. So first, regenerate the db files by running "pwd_mkdb -p /etc/master.passwd" Now check if the user is really there: "db_dump185-5 -p /etc/pwd.db | grep lostuser" (the right dump command might be named differently on your system; check ev= ery=20 db_dump* to see which one works) If the user still doesn't appear, check if libc's nsswitch is configured=20 correctly: "grep passwd: /etc/nsswitch.conf" this should say "files" or "compat" "getent passwd lostuser" this should list lostuser's entry in passwd(5) format --hs3mjxui4v6e5rdf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEYzGLyHPLsHj6GHOaqfkkbRQqsLoFAmA7epcACgkQqfkkbRQq sLoJFhAAhpIlJ950Am5EIMSYnBxX8ky0G7ASiLNkks8nrhe1yNjNghkp/GIZ3PyD ZKkvDMbJo/WbZO17iINmVCfMQl8fKJhVeJKSq/fSV9+d3q3gNq20xl8SoDaNu18i 6F581dNP4jqqM3wjDUChdHgrzUe6OR5ffUiHFyfDW3DXKYR/2rpzv2NQrL7pDu12 I1XmHpHIVK1qrjG7j8SHE2Tzr5g9jp/4PRK39p5OCPEDh9hZjD4MskTz7TEDdKdi hyKuV2lIegP/CMH7OptmYbBfZtECQ1geobspysIbA/X5lukZ7DqFWOZvg1WNfhg2 sqCjp1lxNrpctb06KRcu5hT1Qha5x4kfYLO4dbbsxy8ipy1ZcbxAOWrnLevqzUrd Rd0df71L0V3JvOiiW3M6smapevYWa2lFHjN6UHTa1925K/HzoEe5oqXzmWG2sbMd +6jlkIGJ0kpDyJA7KsGq0kHGhj7uyvMVtHf7lpnw0gq3s1UJG7GyAenurS8DImZ2 3etiZ13Bjkn2ltQ1EBRocYHinQVRGe4/N5E2zuNv7W4vvstLDVQ9fOuPdxI/5w7T WL0oo2uz+nEtrej05h1hLzRUCwI4cXA9fJQSPR6tnvyM/McI0K5vQc3FCFRVjsFM WuwYp5M16H/SfL3E9bJHc7zjz6+korjm90x4pmnCcqf282EY1uk= =OzPR -----END PGP SIGNATURE----- --hs3mjxui4v6e5rdf--