232921 – freebsd-update upgrade does not execute pwd_mkdb for ntpd

Bug 232921 - freebsd-update upgrade does not execute pwd_mkdb for ntpd

Summary: freebsd-update upgrade does not execute pwd_mkdb for ntpd

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-bugs mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-11-03 00:15 UTC by Masachika ISHIZUKA
Modified:	2019-03-05 18:30 UTC (History)
CC List:	7 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Masachika ISHIZUKA 2018-11-03 00:15:41 UTC

freebsd-update upgrade -r 12.0-BETA[12] does not execute pwd_mkdb.
If we are using ntpd on 11.2-RELEASE or before, freebsd-update upgrade adds ntpd/ntpd to user/group but does not execute pwd_mkdb.
So we must execute 'pwd_mkdb -p /etc/master.passwd' by hands.

Comment 1 Sylvain Garrigues 2018-11-03 08:29:14 UTC

This bug makes upgrading the system with source impossible since `make installworld’ now checks for the presence of the ntpd user (with uid tool). 

Running the command given in comment #1 prior to installworld fixes it.

Comment 2 Patrick McMunn 2018-12-01 03:11:41 UTC

This still seems to be an issue with upgrades using freebsd-update. I updated to, if I recall correctly, 12.0-RC1 several weeks ago and got an error on boot "pid file /var/db/ntp/ntpd.pid: Permission denied". The directions above fixed it. I skipped RC2 and updated to RC3 today from RC1 and got the error again. I have another system I've been updating via source, and I haven't had this issue on the source-based system.

Comment 3 Michael Laß 2018-12-12 20:58:18 UTC

I also encountered this issue doing a binary upgrade and it can cause a bit of trouble:

If pwd_mkdb is not run, ntpd will still run as root since the user ntpd is unknown. On the very first start, the rc.d script will move the drift file to /var/db/ntp and also place the .pid file there. Both files will be owned by root at this point. If you now run pwd_mkdb to create user ntpd, the daemon won't be properly started next time since user ntpd cannot write to the drift and the .pid file.

This can be solved by simply removing the files or fixing the permissions but it may be worth noting this in the release notes or upgrade instructions.

Comment 4 Nino 2018-12-28 15:19:24 UTC

Google first led me to the same bug reported in bug #234014 - providing a back reference to make it easier to resolve both at the same time.

This is still an issue in 12.0-RELEASE when upgrading an 11.x system with freebsd-update. The proposed solution (pwd_mkdb) resolved the issue for me. 

I wanted to add a few odd coincidences caused by this bug, maybe it helps someone.

I use openntpd instead of the system ntpd and I have _ntp user on my system. The above bug manifested when I tried to setup synth (ports-mgmt/synth) with the following mtree error:

raised REPLICANT.SCENARIO_UNEXPECTED : /usr/sbin/mtree -p /usr/obj/synth-live/SL09/var -f /etc/mtree/BSD.var.dist -deqU

mtree file requires /var/db/ntp to have the following ownership:

ntp             uname=ntpd gname=ntpd

However, my system had _ntp:ntpd owning /var/db/ntp. I don't know if this is an earlier change (though openntpd doesn't seem to be using /var/db/ntp), something done during the upgrade (maybe due to finding _ntp user and using that user instead of ntpd) or the default permissions for the directory created by the upgrade. 

Issuing an errata since this is present in -RELEASE and freebsd-update is a supported upgrade option seems like a good idea.

Comment 5 commit-hook freebsd_committer

2019-01-21 19:05:03 UTC

A commit references this bug:

Author: emaste
Date: Mon Jan 21 19:04:38 UTC 2019
New revision: 343270
URL: https://svnweb.freebsd.org/changeset/base/343270

Log:
  freebsd-update: Update /etc/passwd after password db changes

  Add -p to pwd_mkdb in order to ensure password db changes are also
  included in /etc/passwd.

  PR:		165954, 232921, 229487
  Submitted by:	Gerald Aryeetey <aryeeteygerald_rogers.com>
  Reviewed by:	jilles
  MFC after:	1 month
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:	https://reviews.freebsd.org/D18827

Changes:
  head/usr.sbin/freebsd-update/freebsd-update.sh

Comment 6 commit-hook freebsd_committer

2019-03-05 18:29:45 UTC

A commit references this bug:

Author: emaste
Date: Tue Mar  5 18:29:26 UTC 2019
New revision: 344809
URL: https://svnweb.freebsd.org/changeset/base/344809

Log:
  MFC r343270: freebsd-update: Update /etc/passwd after password db changes

  Add -p to pwd_mkdb in order to ensure password db changes are also
  included in /etc/passwd.

  PR:		165954, 232921, 229487
  Submitted by:	Gerald Aryeetey <aryeeteygerald_rogers.com>
  Reviewed by:	jilles
  Sponsored by:	The FreeBSD Foundation

Changes:
_U  stable/12/
  stable/12/usr.sbin/freebsd-update/freebsd-update.sh

Comment 7 commit-hook freebsd_committer

2019-03-05 18:30:56 UTC

A commit references this bug:

Author: emaste
Date: Tue Mar  5 18:30:43 UTC 2019
New revision: 344810
URL: https://svnweb.freebsd.org/changeset/base/344810

Log:
  MFC r343270: freebsd-update: Update /etc/passwd after password db changes

  Add -p to pwd_mkdb in order to ensure password db changes are also
  included in /etc/passwd.

  PR:		165954, 232921, 229487
  Submitted by:	Gerald Aryeetey <aryeeteygerald_rogers.com>
  Reviewed by:	jilles
  Sponsored by:	The FreeBSD Foundation

Changes:
_U  stable/11/
  stable/11/usr.sbin/freebsd-update/freebsd-update.sh