How can I rescue my passwd file after corrupting it (and why does it still work) ?

Matthew Seaman m.seaman at infracaninophile.co.uk
Sun Nov 22 08:14:18 UTC 2009 

George Sanders wrote:
> 
> I do some automated account creation on a FreeBSD 6.x system ... and unbeknownst to me, the '/' filesystem was completely full when I did my last account creation, resulting in:
> 
> /: write failed, filesystem is full
> pwd_mkdb: /etc/pwd.db to /etc/pwd.db.tmp: No space left on device
> pw: passwd file update: No space left on device
> pwd_mkdb: corrupted entry
> pwd_mkdb: at line #187
> pwd_mkdb: /mnt/etc/master.passwd: Inappropriate file type or format
> 
> My situation is now as follows:
> 
> passwd and master.passwd have a lot of lines missing, and one or two mangled lines toward the end.  So a LOT of user accounts are gone.
> 
> BUT, all of those missing accounts still work.
> 
> So ... 
> 
> 1) why do all of the accounts that are missing from both passwd and master.passwd continue to work properly (they can authenticate and log in over SSH and so on) ?
> 
> 2) how can I get back to healthy ?
> 
> I suspect that somehow my (s)pwd.db files are still healthy ... is it possible to reconstruct complete passwd/master.passwd files using the existing (s)pwd.db files ?

There's a backup copy of master.passwd, groups and aliases stored in /var/backups
every time any of those files are changed -- the backups are created by the
overnight periodic cron jobs, so you should be able to restore yesterday's status
quo.

Otherwise, you can sort of reconstruct the missing entries from yor master.passwd
file by using pw(8) -- eg:

% pw user show -n matthew
matthew:*:1001:1001::0:0:Matthew Seaman:/home/matthew:/bin/tcsh

prints out the master.passwd entry for the user account but *without* the
password crypt-text.  You can use:

  % pw user show -a 

to get a list of all users.  This should use spwd.db rather than the original
flat files -- it will enumerate all users from LDAP or NIS if your machine is
configured to use those.  Unfortunately, you will have to merge in the crypted
password strings by hand or else get all your users to set new passwords.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20091122/9f85cd7c/signature.pgp

More information about the freebsd-questions mailing list