freebsd-update upgrade -r 12.0-BETA[12] does not execute pwd_mkdb. If we are using ntpd on 11.2-RELEASE or before, freebsd-update upgrade adds ntpd/ntpd to user/group but does not execute pwd_mkdb. So we must execute 'pwd_mkdb -p /etc/master.passwd' by hands.
This bug makes upgrading the system with source impossible since `make installworld’ now checks for the presence of the ntpd user (with uid tool). Running the command given in comment #1 prior to installworld fixes it.
This still seems to be an issue with upgrades using freebsd-update. I updated to, if I recall correctly, 12.0-RC1 several weeks ago and got an error on boot "pid file /var/db/ntp/ntpd.pid: Permission denied". The directions above fixed it. I skipped RC2 and updated to RC3 today from RC1 and got the error again. I have another system I've been updating via source, and I haven't had this issue on the source-based system.
I also encountered this issue doing a binary upgrade and it can cause a bit of trouble: If pwd_mkdb is not run, ntpd will still run as root since the user ntpd is unknown. On the very first start, the rc.d script will move the drift file to /var/db/ntp and also place the .pid file there. Both files will be owned by root at this point. If you now run pwd_mkdb to create user ntpd, the daemon won't be properly started next time since user ntpd cannot write to the drift and the .pid file. This can be solved by simply removing the files or fixing the permissions but it may be worth noting this in the release notes or upgrade instructions.
Google first led me to the same bug reported in bug #234014 - providing a back reference to make it easier to resolve both at the same time. This is still an issue in 12.0-RELEASE when upgrading an 11.x system with freebsd-update. The proposed solution (pwd_mkdb) resolved the issue for me. I wanted to add a few odd coincidences caused by this bug, maybe it helps someone. I use openntpd instead of the system ntpd and I have _ntp user on my system. The above bug manifested when I tried to setup synth (ports-mgmt/synth) with the following mtree error: raised REPLICANT.SCENARIO_UNEXPECTED : /usr/sbin/mtree -p /usr/obj/synth-live/SL09/var -f /etc/mtree/BSD.var.dist -deqU mtree file requires /var/db/ntp to have the following ownership: ntp uname=ntpd gname=ntpd However, my system had _ntp:ntpd owning /var/db/ntp. I don't know if this is an earlier change (though openntpd doesn't seem to be using /var/db/ntp), something done during the upgrade (maybe due to finding _ntp user and using that user instead of ntpd) or the default permissions for the directory created by the upgrade. Issuing an errata since this is present in -RELEASE and freebsd-update is a supported upgrade option seems like a good idea.
A commit references this bug: Author: emaste Date: Mon Jan 21 19:04:38 UTC 2019 New revision: 343270 URL: https://svnweb.freebsd.org/changeset/base/343270 Log: freebsd-update: Update /etc/passwd after password db changes Add -p to pwd_mkdb in order to ensure password db changes are also included in /etc/passwd. PR: 165954, 232921, 229487 Submitted by: Gerald Aryeetey <aryeeteygerald_rogers.com> Reviewed by: jilles MFC after: 1 month Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D18827 Changes: head/usr.sbin/freebsd-update/freebsd-update.sh