Password file

David J. Orman ormandj at corenode.com
Fri Jul 14 00:45:30 UTC 2006 

1 - SSH daemon changes in 4.11 would be my guess
2 - Changed UID/GID for postfix user. You need to chown/chmod the spool directory/contents properly using the new postfix user account UID/GID
3 - No idea.

Your best bet is going to be reinstall, it'll be much less painful IMO. Secondly, the way you are handling this, is bad. It may have worked for a long time, but it's not the correct way to go about this.

#1 - You should not allow root login via ssh. You should ssh as a normal user and su. This is for all cases, not just automated processes. Bad bad bad.

#2 - Although you didn't explain why, it *seems* as if you're copying the master.passwd file/rebuilding your pwdb to make sure user accounts are synched on the machines? If so - no comment, other then stop right now. In this kind of deployment, where you have multiple servers which need to have synchronized user accounts, you need to setup some kind of directory server (LDAP would be most common - OpenLDAP is a free LDAP server.) Then your servers can do authentication via the LDAP store. Virtual users in postfix can be handled the same way.

Good luck,
David

PS - I cannot strongly enough reiterate, the master.passwd copying deal is *really* not the best way to do this, and remote root logins are a bad idea.

----- Original Message -----
From: Keith Woodworth <kwoody at citytel.net>
Date: Thursday, July 13, 2006 1:19 pm
Subject: Password file

> 
> Ok, Ive done something dumb.
> 
> I did this on another server and its been working fine for over a 
> year.
> A copy of the master.passwd file is copied from server1 to server2. A
> new master.passwd file is built from this copy on server2, so the 
> filesare identical between machines. This happens twice every hour.
> 
> Server2 is a mail machine running postfix for outgoing mail only and
> nothing has ever had a problem with this building of password files.
> 
> FreeBSD 4.10 on both machines.
> 
> I setup a 4.11 machine a while back and its been acting as a master
> nameserver. Now I wanted this to be setup as a secondary mail 
> server for
> outgoing mail as a kind of back up machine.
> 
> So I built Postfix, same version as the current one running, setup 
> root to
> ssh in with no passwd. I copied the master.passwd and passwd files to
> backup copies, copied the master.passwd from server1 and built a new
> passwd file using pwd_mkdb just as I do on the mail machine.
> 
> Now Ive got problems.
> 
> 1) I can not login via ssh, though root can still login, as its 
> setup via
> key login.
> 2) Postfix gives me errors now about permission denied over its spool.
> 3) I'm afraid to restart named as I'm afraid it will be hosed now too.
> 
> I copied the original files back but still get the same errors. Am 
> I hosed
> or is there a way to fix this?
> 
> Ive been doing this on various systems for a while now, but this is 
> thefirst time its buggered on me.
> 
> Any ideas?
> 
> Thanks,
> Keith
> 
> 
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>

More information about the freebsd-isp mailing list