From owner-freebsd-questions@freebsd.org Mon Jul 27 09:58:27 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 78F2C37C9F1 for ; Mon, 27 Jul 2020 09:58:27 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BFZxv2Zqpz4lBt for ; Mon, 27 Jul 2020 09:58:27 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: matthew/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 1C8E51C82B for ; Mon, 27 Jul 2020 09:58:27 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from PD0786.local (unknown [IPv6:2001:8b0:151:1:ded:1bf7:34f9:2ddd]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 7948CF70D for ; Mon, 27 Jul 2020 09:58:24 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/7948CF70D; dkim=none; dkim-atps=neutral Subject: Re: how to reset login in freebsd if the password is expired To: freebsd-questions@freebsd.org References: <1595842242103.79959@citrix.com> <1595842414286.43801@citrix.com> From: matthew@FreeBSD.org Message-ID: <3a7c5322-4e29-a839-cab1-a724fd2bd87f@infracaninophile.co.uk> Date: Mon, 27 Jul 2020 10:58:24 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <1595842414286.43801@citrix.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jul 2020 09:58:27 -0000 On 27/07/2020 10:33, Jiang Xu wrote: > I set the root login to be expired in 90 days, and we forget to > update the password of the login, and the password is expired, and > now we can not login in on it? but we can access the disc with attach > it to another instance, is there any way to reset the expired > password? First of all, as you have discovered, setting the root password to expire is not a good idea. In some ways, the root account is your account of last resort for regaining access to or control of the system, so don't implement policies that would ever deny that. See the passwd(5) manual page. The 7th column in the master.passwd file is the account expiry time. If you can mount your drive on a second machine, then edit `master.passwd` and set that field to `0` for the root account. It should look something like this: root:$1$XXXXXXXCENSOREDXXXXXXXXXXXXXX:0:0::0:0:Charlie &:/root:/bin/csh ^ this field Then, assuming you've temporarily mounted the disk at /mnt so the file you're editing is /mnt/etc/master.passwd, you need to run: pwd_mkdb -d /mnt/etc -p /mnt/etc/master.passwd After that, replace the drive in the original machine and reboot. You can also do this without taking the drive out of the original machine by booting into single user mode, but in that case you will need to remount the root partition read-write: mount -u / -o rw and obviously in this case the root partition will be mounted in the usual location, so adjust paths in `pwd_mkdb` appropriately. Cheers, Matthew