Why does my system upgrade do this?

I am upgrading my most important machine: my firewall. Going from FreeBSD 13.5-RELEASE-p14 to FreeBSD 14.4-RELEASE.
Running freebsd-update I get a message about master.passwd needs editing. I get this screen that I assume is vipw that updater runs:

Code:
<<<<<<< current version
#
root:$6$uMFqWKxi5p/9F8L9$H29ynQdXS2KQ25wnTC0KGe4*********G2Jau7E64uZM5T8VyXnFdU4GJJrPJB/2zC2rOshqm0nhVncUeOQd/:0:0::0:0:Charlie &:/root:/bin/csh
=======
root::0:0::0:0:Charlie &:/root:/bin/sh
>>>>>>> 14.4-RELEASE
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
I parsed users for brevity.

What is the proper path here?
I assume the super long version is encrypted password. But why is it trying to be changed? If I use new setting it will fail. I have been here before.
On other systems. It hurt me some. Why does this part bomb on me. It seemed to be a v13 to v14 upgrade thing....

So I need to keep my original setting and comment out the new changes right?? I have backed up everything twice over.

EDIT: changed text to obfuscate password.
 
Yes, you want to keep your old line - with the password in it.

I'm assuming it's to do with the move from root shell going from csh to sh but that's just a guess.

So delete all of these:
Code:
<<<<<<< current version
#
=======
root::0:0::0:0:Charlie &:/root:/bin/sh
>>>>>>> 14.4-RELEASE

Discussion on the move to sh:

 
Exactly it is trying to change the shell too.
Thanks this got me so many times. I lost all root on one box. Was really hard to recreate. Fresh start worked best.
Cannot do that on my critical infrastructure.
 
I had to stall out again:
Code:
The following changes, which occurred between FreeBSD 13.5-RELEASE and
FreeBSD 14.4-RELEASE have been merged into /etc/master.passwd:
--- current version
+++ new version
@@ -1,6 +1,5 @@
-#
 root:$6$uMFqWKxi5p/9F8L9$H29ynQdXS2KQ25wnTC0KGe4**********G2Jau7E64uZM5T8VyXnFdU4GJJrPJB/2zC2rOshqm0nhVncUeOQd/:0:0::0:0:Charlie &:/root:/bin/csh
 toor:*:0:0::0:0:Bourne-again Superuser:/root:
 daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
 operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
 bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
Does this look reasonable (y/n)? y

The following changes, which occurred between FreeBSD 13.5-RELEASE and
FreeBSD 14.4-RELEASE have been merged into /etc/passwd:
--- current version
+++ new version
@@ -1,6 +1,6 @@
-root:*:0:0:Charlie &:/root:/bin/csh
+root:*:0:0:Charlie &:/root:/bin/sh
 toor:*:0:0:Bourne-again Superuser:/root:
 daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
 operator:*:2:5:System &:/:/usr/sbin/nologin
 bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
 tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
Does this look reasonable (y/n)? n

Trying to change my shell again this time without allowing changes in /etc/passwd
 
Trying to change my shell again this time without allowing changes in /etc/passwd
I can't remember facing that, but I know one upgrade I had to let it (the upgrade) do its thing and then manually change file(s) before reboot.

But that might be a bit too exciting for a firewall upgrade. And quite possibly not recommended to directly edit /etc/passwd.
 
That is probably what I need to do. If I leave it in a state of shell imbalance it probably fails. Manually edit to avoid single mode ops.

Its backed up and master.password is the controller for the encrypted password I think.
 
I'm definitely not recommending any course of action - this was a definite pain point of the process from 13.x to 14.x and I can't remember exactly what I did.

Definitely pays to be cautious - a stitch in time saves nine and all that. Upgrade in haste, repent at leisure.
 
Big picture though losing shell is minor compared to losing all root account/password. Single mode uses no shell. Easy edits.

I am going to sleep on it. No rush at all.
 
You can safely ignore whatever it's trying to do to /etc/passwd, that file is not important, its a relic from the past[*]. It will get regenerated again from /etc/master.passwd (where the actual accounts live). Just make sure /etc/master.passwd is properly merged.

[*] Nothing from the base OS will use it or rely on it. Maybe if you have some really ancient application that reads /etc/passwd directly but those were rare back in the day, they're practically non-existent nowadays.
 
  • Like
Reactions: mer
Back
Top