Solved How to setup passwd using custom install to single user mode?

Hey guys,

After months with some virtual machines runing FreeBSD system, in one of those, I have forgotten the password...

Then, searching a bit on the web have some tutorials about log in single user mode and then use passwd to change it.

For my surprise the passwd is not found in single user mode, so I will post how I did the install and if someone can, please point me what I have forgot setup in my custom install.

After CD Boot I use the Live CD then I do the slices manually:

gpart destroy -F ada0
gpart create -s GPT
ada0 gpart show ada0

gpart add -t freebsd-boot -a 4k -b 40 -s 512K -l gptboot0 da0
gpart add -t freebsd-swap -a 4k -b 526336 -s 4G -l swap0 ada0
gpart add -t freebsd-zfs -a 4k -b 9439232 -l zfs0 ada0

Then I load the Modules for ZFS:

kldload /boot/kernel/opensolaris.ko
kldload /boot/kernel/zfs.ko
kldload /boot/kernel/crypto.ko
kldload /boot/kernel/geom_eli.ko
kldload /boot/kernel/aesni.ko

Then I get sure if everything will be aligned to ashift 12 (on my vmware esxi the default setup does not do it):

sysctl vfs.zfs.min_auto_ashift=12
sysctl vfs.zfs.max_auto_ashift=12

So I enable encryption for SWAP:

geli onetime -d -e AES-XTS -l 256 -s 4096 da0p2

Then I setup the boot partition:

gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da0
gpart set -a bootme -i 1 da0

So I do the dataset:

zpool create -O atime=off -o autoexpand=on  -O canmount=on -O checksum=sha256 -O compression=lz4 -O dedup=off -o failmode=wait -O normalization=formKC -O recordsize=128K -O reservation=10G -m none zroot da0p3

zfs create zroot/ROOT
zfs create -o mountpoint=/tmp/mnt/zroot zroot/ROOT/default
zfs create -o exec=on -o mountpoint=/tmp/mnt/zroot/tmp -o setuid=off  zroot/tmp
chmod 1777 /tmp/mnt/zroot/tmp

zfs create -o mountpoint=/tmp/mnt/zroot/usr zroot/usr
zfs create -o setuid=off zroot/usr/home
zfs create zroot/usr/jails
zfs create zroot/usr/local
zfs create zroot/usr/obj
zfs create -o setuid=off zroot/usr/ports
zfs create -o compression=off -o exec=off -o setuid=off zroot/usr/ports/distfiles
zfs create -o compression=off -o exec=off -o setuid=off zroot/usr/ports/packages
zfs create -o exec=off -o setuid=off zroot/usr/src

zfs create -o mountpoint=/tmp/mnt/zroot/var zroot/var
zfs create -o exec=off -o setuid=off zroot/var/audit
zfs create -o exec=off -o setuid=off zroot/var/crash
zfs create -o exec=off -o primarycache=metadata -o setuid=off zroot/var/db
zfs create -o compression=off -o exec=off -o primarycache=metadata -o recordsize=16K -o setuid=off zroot/var/db/mysql
zfs create -o compression=off -o exec=off -o primarycache=metadata -o setuid=off zroot/var/db/mysql_log
zfs create -o exec=on -o setuid=off zroot/var/db/pkg
# Do not set -o readonly=on now, because the directory need be writable to uncompress temporary files of base system in /var/empty
zfs create -o exec=off -o setuid=off zroot/var/empty
zfs create -o exec=off -o setuid=off zroot/var/named
zfs create -o exec=off -o setuid=off zroot/var/log
zfs create -o exec=off -o setuid=off zroot/var/mail
zfs create -o exec=off -o setuid=off zroot/var/run
zfs create -o exec=on -o setuid=off zroot/var/tmp
chmod 1777 /tmp/mnt/zroot/var/tmp

zpool set bootfs=zroot/ROOT/default zroot

cd /tmp/mnt/zroot

tar -xf /usr/freebsd-dist/base.txz -C .
tar -xf /usr/freebsd-dist/kernel.txz -C .
tar -xf /usr/freebsd-dist/lib32.txz -C .

With the base system ready then I get inside of the fresh install to setup the things:

chroot /tmp/mnt/zroot
echo 'aesni_load="YES"' >> /boot/loader.conf
echo 'geom_eli_load="YES"' >> /boot/loader.conf
echo 'vfs.root.mountfrom="zfs:zroot/ROOT/default"' >> /boot/loader.conf
echo 'zfs_load="YES"' > /boot/loader.conf
echo 'kern.geom.label.gptid.enable="0"' >> /boot/loader.conf
echo 'zpool_cache_load="YES"' >> /boot/loader.conf
echo 'zpool_cache_type="/boot/zfs/zpool.cache"' >> /boot/loader.conf
echo 'zpool_cache_name="/boot/zfs/zpool.cache"' >> /boot/loader.conf
echo '' >> /boot/loader.conf
echo '# ZFS Tuning for use less Memory' >> /boot/loader.conf
echo '#' >> /boot/loader.conf
echo 'vfs.zfs.prefetch_disable="1"' >> /boot/loader.conf
echo 'vm.kmem_size="512M"' >> /boot/loader.conf
echo 'vm.kmem_size_max="512M"' >> /boot/loader.conf
echo 'vfs.zfs.arc_max="80M"' >> /boot/loader.conf
echo 'vfs.zfs.vdev.cache.size="10M"' >> /boot/loader.conf
echo '' >> /boot/loader.conf
echo '# Disable ZFS prefetching' >> /boot/loader.conf
echo '#' >> /boot/loader.conf
echo '# Increases overall speed of ZFS, but when disk flushing/writes occur,' >> /boot/loader.conf
echo '# system is less responsive (due to extreme disk I/O).' >> /boot/loader.conf
echo '# NOTE: Systems with 4 GB of RAM or more have prefetch enabled by default.' >> /boot/loader.conf
echo 'vfs.zfs.prefetch_disable="1"' >> /boot/loader.conf
echo '' >> /boot/loader.conf' >> /boot/loader.conf
echo '# Decrease ZFS txg timeout value from 30 (default) to 5 seconds. This' >> /boot/loader.conf
echo '# should increase throughput and decrease the "bursty" stalls that' >> /boot/loader.conf
echo '# happen during immense I/O with ZFS.' >> /boot/loader.conf
echo '#' >> /boot/loader.conf
echo '#' >> /boot/loader.conf
echo '# default in FreeBSD since ZFS v28' >> /boot/loader.conf
echo 'vfs.zfs.txg.timeout="5"' >> /boot/loader.conf

echo '' >> /boot/sysctl.conf
echo '# Increase number of vnodes; we've seen vfs.numvnodes reach 115,000' >> /boot/sysctl.conf
echo '# at times. Default max is a little over 200,000. Playing it safe...' >> /boot/sysctl.conf
echo '# If numvnodes reaches maxvnode performance substantially decreases.' >> /boot/sysctl.conf
echo 'kern.maxvnodes=250000' >> /boot/sysctl.conf

echo 'hostname=""' >> /etc/rc.conf
echo 'keymap="us.iso.acc.kbd"' >> /etc/rc.conf
echo 'ifconfig_vmx0=" netmask"' >> /etc/rc.conf
echo '#ifconfig_vmx3f0=" netmask"' >> /etc/rc.conf
echo 'defaultrouter=""' >> /etc/rc.conf
echo 'moused_enable="YES"' >> /etc/rc.conf
echo '' >> /etc/rc.conf
echo '# Setting Firewall ipfw' >> /etc/rc.conf
echo 'firewall_enable="YES"' >> /etc/rc.conf
echo 'firewall_script="/etc/ipfw.rules"' >> /etc/rc.conf
echo 'firewall_logging="YES"' >> /etc/rc.conf
echo '' >> /etc/rc.conf
echo '# Sync Datetime' >> /etc/rc.conf
echo 'ntpd_enable="YES"' >> /etc/rc.conf
echo 'ntpd_sync_on_start="YES"' >> /etc/rc.conf
echo 'ntpd_config="/etc/ntp.conf"' >> /etc/rc.conf
echo ''" >> /etc/rc.conf
echo '# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable' > /etc/rc.conf
echo 'dumpdev="AUTO"' >> /etc/rc.conf
echo '' >> /etc/rc.conf
echo 'zfs_enable="YES"' >> /etc/rc.conf
echo '' >> /etc/rc.conf
echo '# Jails' >> /etc/rc.conf
echo '# jail_enable="YES"  # Enabling Jails' >> /etc/rc.conf
echo '# jail_conf="/etc/jail.conf"  # Config file of Jails' >> /etc/rc.conf
echo '# jail_parallel_start="YES"  # Start Jails at sametime' >> /etc/rc.conf
echo '# jail_list="nsf"  # Jails to get on' >> /etc/rc.conf
echo '' >> /etc/rc.conf
echo '#kern_securelevel_enable="YES"' >> /etc/rc.conf
echo '#kern_securelevel="3"' >> /etc/rc.conf

# Add to ntp.conf private ntpd server
ee /etc/ntp.conf
server iburst
#server iburst

echo 'nameserver' >> /etc/resolv.conf
echo '#nameserver' >> /etc/resolv.conf
echo '#nameserver' >> /etc/resolv.conf
echo '#nameserver' >> /etc/resolv.conf

echo hostname="$HOSTNAME"
hostname -s "$HOSTNAME"

cd /etc/mail

make aliases


passwd root

printf "# Device\t\tMountpoint\tFStype\tOptions\t\tDump\tPass#\n" > /etc/fstab
printf "/dev/ada0p2.eli\t\t\tnone\t\t\tswap\tsw\t\t0\t0\n" >> /etc/fstab


zfs set readonly=on zroot/var/empty
zfs set sync=disabled zroot/var/db
zfs set sync=disabled zroot/var/db/mysql
zfs set sync=disabled zroot/var/db/mysql_log

cd /
zfs unmount -a
zfs set mountpoint=legacy zroot/ROOT/default
zfs set mountpoint=/tmp zroot/tmp
zfs set mountpoint=/usr zroot/usr
zfs set mountpoint=/var zroot/var


After reboot the system is up and working, or at least I was think it...

The fact is till now (almost 1 year) noone of the system using this custom setup got any problem, being updated every month and runing fine.

After this issue of does not be able to setup the password in single user mode, I am worried about what else would be broken because my custom setup?

And offcourse, is possible to fix it or I need reinstall all?

Thanks in advice and forgive me about my bad english (this is not my native language).
For my surprise the passwd is not found in single user mode
That's because the directory where passwd(1) resides (/usr/bin) was not in your $PATH. In this cases you simply specify the full path: /usr/bin/passwd.
If you use /bin/sh when entering single-user mode, modify /root/.profile; or alternatively choose your favorite shell (specifying the full path. I.E. /usr/local/bin/bash).
Also you have to re-mount the root filesystem as read-write in single user mode to be able to set passwords. This is enough for both UFS and ZFS:

mount -u /
Thanks for the reply Maxnix and kpa!!!

I have checked the /root/.profile and have same parameters of an fresh install using the default bsdinstall, the path inside is:


Checking my /usr folder I have found this is empty on the virtual machine where I am trying reset the password, while on an fresh install on single user mode this directory have more directories inside and other files


Yeah I have did that, the complete process I have tried:
mount -u /
mount -a


Paying more attention on console, now I see this message error:

Cannot read termcap database;
using dumb terminal settings.

Would be this the cause of problem?
Since you're using ZFS you have to use zfs mount -a in place of mount -a

Yeah thats it, solved the problem, now my /usr folder is correctly mounted and I can access the passwd

Have not payed attention about ZFS and UFS differences, but now I have changed the password and get back the virtual machine.

Thank you very much guys!!!