# Corrupt password file(s)



## sprock (May 4, 2014)

Hello,

On a FreeBSD 10.0-RELEASE-p1 machine I edited my full user name in /etc/master.passwd and /etc/passwd and ran `pwd_mkdb -u myuser master.passwd` which reported no errors, then `pwd_mkdb -u myuser passwd` which reported an error on line 3  of the file ("inappropriate format").  That line is for the root user. I then ran (from memory) `pw show -n root` and pasted the result back into /etc/passwd.  The pwd_mkdb command then reported the error on line 4.

To cut a long story short, I ran (from memory) `pwd show -a >> /etc/passwd.`. I then ran `pwd_mkdb /etc/passwd` which reported no errors. However, I cannot now either log in as root nor `su root`.  I am still logged in to the machine as my user.  I am reluctant to log out. I looked in /var/backups, which is empty (the machine has never been left running overnight). Can someone please tell me how I may recover from this situation?  I have the FreeBSD 10 bootonly installation CD.

Thanks,

Sprock


----------



## fonz (May 4, 2014)

If the format is incorrect, you probably accidentally removed one or more colons.
Although I don't know off the top of my head what is or isn't on the bootonly CD, you can probably mount it and copy working versions of /etc/master.passwd, /etc/passwd, /etc/pwd.db and /etc/spwd.db from there. Make sure to mv or cp your current files first.
You probably won't do what you just did again any time soon  Do not edit the files directly. Use vipw(8) or pw(8). That's what they're for.



			
				sprock said:
			
		

> `pwd show -a >> /etc/passwd.`


I suspect that was a typo: you probably meant pw, not pw*d*. In any case, see #3 above.


----------



## sprock (May 4, 2014)

Thanks for your help. I presume you mean boot the CD rather than mount it?

Thanks,

sprock


----------



## fonz (May 4, 2014)

sprock said:
			
		

> I presume you mean boot the CD rather than mount it?


Either. After all, if you boot the CD you'll have to mount the root partition in order to replace the files. Mounting the CD is perhaps even somewhat safer because if you get stuck (e.g. because you can't find the necessary files on the CD) at least you won't be locked out of your system.

Edit: I'm quickly grabbing a bootonly ISO to see what's on there.

Followup edit: the four files you need are in /etc on the CD. So, assuming you mounted the CD on /mnt:

```
# cd /etc
# cp pwd.db pwd.db.oops
(same for spwd.db, passwd and master.passwd)
# cp /mnt/etc/*pwd.db /mnt/etc/*passwd .
```
Mind the trailing space and dot in the last command!


----------



## kpa (May 4, 2014)

Do not touch /etc/passwd, you only need to edit /etc/master.passwd and pwd_mkdb(8) takes care of the rest.


----------



## sprock (May 4, 2014)

Thank you @fonz and @kpa.  

I mounted the CD, copied the necessary files to /etc, generated a root password and a user password with passwd.  I could not figure out from the pw man page how to re-create some of the users (e.g. avahi-daemon) that were created during the installation of a port.  Having backed up the edited, working copy of master.passwd I entered the information manually.  I understand that was probably very risky.  However I was lucky and `pwd_mkdb -C` allowed me to test each edit.  A final `pwd_mkdb /etc/master.passwd` re-generated the *.db files and `pwd_mkdb -p /etc/master.passwd` re-generated /etc/passwd.

As far as I can discern, everything is working normally.

Thanks again.

sprock


----------



## kpa (May 4, 2014)

Sorry, there's actually something missing from my post above. The pwd_mkdb(8) utility needs the -p flag in order to re-create /etc/passwd from /etc/master.passwd. Without the flag it will only update the binary .db files. So this is the way to recover user accounts using a restored /etc/master.passwd:

`pwd_mkdb -p /etc/master.passwd`


----------



## jalla (May 4, 2014)

Note that backup copies of the passw_or_d d_ata_b_ase_ are made by a periodic script. You should always find the last two versions of master.passwd in /var/backups.


----------

