Solved sudo: error initializing audit plugin sudoers_audit

hbsd

hbsd

Hi
During the update FreeBSD from 13.2 to 13.3 I got a failed merged automatically message and probably did something wrong. The update is done, but apparently I deleted the root user.
The root user no longer exists:

$ sudo su
sudo: unknown user root
sudo: error initializing audit plugin sudoers_audit


I'd be grateful if you tell me how to solve the problem.
 
Your master.passwd file could be corrupt.Try to recover it from backup or failing that, you could try to edit it in single user state.

Before you try that, try sudo vipw and try to fix it by hand. I doubt that will work but it won't hurt to try, to save the hassle of booting into single user.

If your console is set "insecure" in ttys(5), booting single user won't work either. If that's the case your only option may be to boot the install ISO or USB to start a rescue shell.

Unlike Linux where one can break in using grub to change init from systemd to bash, we have no such option in FreeBSD, as the two options we do have are limited by the kernel at boot. More secure but less recoverable from things like this.
 
cy@
I ran sudo vipw in single user mode and got:
sudo: you do not exist in the passd database
I mistakenly deleted the root user in /etc/passwd!
Is there no other way to recover?
If I bootable FreeBSD 13.3 on a usb stick, is it possible without reinstalling? how?
 
Get some inspiration from this thread which is very similar to yours, hope that helps:
forums.freebsd.org

Lost root account during upgrade

When upgrading from 13.2 to 13.3, on my way to 14, I must have messed up an edit of one of the files it asked me to edit and I can't log into root anymore but I can log in as a user. su doesn't work either. I can reboot and get into single user mode with toor. Looked in /etc/master.passwd and...
forums.freebsd.org forums.freebsd.org
 
gotnull Thanks! that was helpful.

I created a root user by:
pw useradd -n root -u 0 -g 0 -o
and now I have root access.

But how do I fix these messages?

photo_2024-07-18_04-25-21.jpg
 
May be I am wrong but to me it looks like you butchered lots of your configuration files (plenty of "unknown user") with the automatically answer "yes" when merging, if I were you I would switch back to the previous state(13.2) by using bectl and then do an update again but this time by taking my time with the merge thing.
 
gotnull said:
if I were you I would switch back to the previous state(13.2) by using bectl
Click to expand...
Thank you but my file system is UFS.

I wish I could recover /etc/passwd file. I changed this file by mistake, if it was possible to return to the default mode, these error messages would not be displayed.
 
Grrr that's too bad, indeed I didn't think you were using UFS.
Unfortunately I don't have any good advice, sorry mate.
 
There should be a backup of the master.passwd in /var/backups, you can generate a passwd file from that too.
 
SirDice said:
There should be a backup of the master.passwd in /var/backups, you can generate a passwd file from that too.
Click to expand...
There's two files (master.passwd.bak and master.passwd.bak2) in /var/backups.

I have master.passwd in /etc/ but don't know how to generate a passwd file from that and it seems that was ruined too.
 
master.passwd(5)
Code: 
The passwd file is generated from the master.passwd file by pwd_mkdb(8)

Code: 
     -p    Create a Version 7 style password file and install it into
           /etc/passwd.
Code: 
EXAMPLES
     Regenerate the password database after manually editing or replacing the
     password file:

            /usr/sbin/pwd_mkdb -p /etc/master.passwd
pwd_mkdb(8)
 
# /usr/sbin/pwd_mkdb -p /etc/master.passwd
I did thia but nothing changed.

now I have a problem. Internet connection does not work. how can I solve this?
sorry to bother you...

IMG_20240718_180737.jpg
 
You may have likely deleted root from master.passwd and it was propagated to passwd. You will need to boot single user to edit the master.passwd (vipw) to add it back in again. Failing that you'll need to boot from install media, mount your rootfs somewhere and add it.
 
cy@ said:
You may have likely deleted root from master.passwd and it was propagated to passwd. You will need to boot single user to edit the master.passwd (vipw) to add it back in again. Failing that you'll need to boot from install media, mount your rootfs somewhere and add it.
Click to expand...
Yeah passwd.master didn't changed and I deleted manually and everything ruined 😥
If my internet connection is fixed, I will not change something else.I ran vipw in single use mode even with sudo but it says:
vipw: pw_tmp(): Read-only file syatem.
 
hbsd said:
Yeah passwd.master didn't changed and I deleted manually and everything ruined 😥
If my internet connection is fixed, I will not change something else.I ran vipw in single use mode even with sudo but it says:
vipw: pw_tmp(): Read-only file syatem.
Click to expand...
"mount -orw -u /" will fix that.
 
You must log in or register to reply here.
Back
Top