I guess I did something wrong…

Last Friday I was playing around with one of my FreeBSD production servers. On that server I've a number of users for e-mail and other services.

I was playing around as root, because I wanted to update/install some new stuff. But at a certain moment I found out that I was not able to login as a non-root user (nor as root). So first I've changed the root-password and allowed root to login via SSH. Because I had a running session to that box via a screen-session I was able to do so.

But, still needed to figure out what went wrong.

Some while ago, I've start using subversion to make backups of my config-files. And as a standard procedure I make sure I've an up to date version of the config-repository on my laptop and workstation. ;-)

I found out that the next files were modified:

  • /etc/passwd
  • /etc/master.passwd
  • /etc/pwd.db
  • /etc/spwd.db

After having these files restored, normal users were able to login in again :-O

There were also some other files modified, but by using diff and creating a patch file I was able to restore them very quick.

So lessons learned for me about this... is... make sure you've backups, and do read the messages which pops up!