BSD: Recovering root access when stupidity strikes
because that would also stop you from doing clever things."
Having spent the past 16 years using UNIX and Unix-like systems exclusively on my own machines, and learning as I go the whole way, I can assure you that I've fitted myself for dunce caps more times than I can possibly remember. (Also, I'm a casual user without a background in IT or computer science, so I imagine my stupid-to-clever ratio is especially out of proportion.)
Even though I feel I know my way around UNIX well enough to do what I need to do on any given day, there are times when it's too late before realizing that something truly cringworthy has just occurred. Just yesterday, I wanted to change the shell from ksh to ksh93 for some reason that now escapes me.
At first I entered the following:
# chsh -s /usr/localbin/ksh93
This elicited a warning message saying something to the effect that the shell in question isn't a valid root shell. (I didn't take notes, so I'm going on memory.) In my under-caffeinated state, I assumed that the problem was that I had forgotten to append my username to the end of the command, so I entered a modified version, with an assist from the convenient-but-dangerous up arrow:
# chsh -s /usr/localbin/ksh93 username
It wasn't until I tried logging back in and couldn't access either my personal account nor my root account that I realized that "localbin" should have been "local/bin" in the above commands. Also, OpenBSD (and presumably its FreeBSD and NetBSD siblings) doesn't fall back to /bin/sh or some other usable shell when confronted with the above abomination, so in this particular situation I first needed to reboot in single user mode (by entering boot -s at the "Boot >" prompt.
For the next steps, I bounced around various pages and found a solution that worked from a FreeBSD article, namely:
# mount -ruw /
# mount -a
which mounts the whole shebang from /etc/fstab with read-write access. (Safe to say this is a pan-BSD solution.) From there I was able to change the shells for my personal and root accounts back to ksh just as I usually would:
# chsh -s /bin/ksh username
# chsh -s /bin/ksh root
I should note here that while there's nothing remotely enjoyable about any act of stupidity, in the UNIX world it presents an opportunity for growth and learning, whether in terms of the end solution itself, or in improving your ability to look for solutions in general. In this particular case, because I had some sensitive data that wasn't backed up elsewhere, I dug in and chased the solution down, rather than simply boot bsd.rd and reinstall the system from scratch for the nth time(!).
Beyond getting the system operational again, I came out of this ordeal with a much better grounding in system recovery. (Excluded from the above chain of events was the hours I spent approaching the problem from angles circuitous and utterly fruitless, including futzing around with the passwd and master.passwd files, only to arrive at a solution that patched a sizable gap in my BSD 101 knowledge. And while the fix proved to be simple enough, it took awhile to come around to the realization that it was possible to gain full root privileges in single user mode.)
And so perhaps the lesson to be taught by famously persnickety systems like UNIX (particularly the genetic descendants of AT&T UNIX in the BSD family) is that a solution can almost always be found with enough patience and sleuthing. Eventually, you may even work your way to a certain level of cleverness, one facepalm at a time.
All Rights Reserved. Drawn by John Lasseter.