Last Friday I was playing around with one of my FreeBSD production servers. On that server I've a number of users for e-mail and other services.
I was playing around as root, because I wanted to update/install some new stuff. But at a certain moment I found out that I was not able to login as a non-root user (nor as root). So first I've changed the root-password and allowed root to login via SSH. Because I had a running session to that box via a screen-session I was able to do so.
But, still needed to figure out what went wrong.
Some while ago, I've start using subversion to make backups of my config-files. And as a standard procedure I make sure I've an up to date version of the config-repository on my laptop and workstation.
I found out that the next files were modified:
- /etc/passwd
- /etc/master.passwd
- /etc/pwd.db
- /etc/spwd.db
After having these files restored, normal users were able to login in again
There were also some other files modified, but by using diff and creating a patch file I was able to restore them very quick.
So lessons learned for me about this... is... make sure you've backups, and do read the messages which pops up!