Root/User Password reset itself out of nowhere

I don't actually need any help right now anymore but I couldn't let this go and I wanted to post just in case it happens to anyone else, as well as get some council on wtf just happened. Sorry if this is actually a normal or benign thing to happen. My user account suddenly stopped accepting my password mid-session while I was trying to install something (never installed it). Of course the first thing I thought was that I'm typing too fast and messing up the inputs however I wrote it out slowly over and over. It got to the point where I wrote it in plain text in a text editor to copy and paste over, thinking I must be having a brain fart. It still rejected it.

So thinking it's some sort of serious RAM or cache issue I rebooted my computer... and couldn't log back in! At this point I was quite worried, heart racing in fact. Root user was also not working. Completely locked out of my computer. I managed to chroot in using a live USB of Manjaro and then reset the root password. I then logged in as root on the non-live system and set the user password back to what I always use.

I'm honestly bewildered at what just happened and still a little concerned actually in case it was some kind of attack although I understand that's incredibly unlikely. The last few things I were doing of note were

  • Playing DOS games (Star Trek 25th Annivesery)
  • Trying to set up Open Morrowind
  • Using pacui's 'maintain system' feature

Posting my specs just in case they're relevant
Screenshot from 2020-06-10 01-20-10

By any chance, did you allow this to replace your shadow file with shadow.pacnew?

1 Like

Hmm, it might have but I'm really not sure. This is the latest log entry about such a thing
[2020-05-31T17:45:25+0100] [ALPM] warning: /etc/shadow installed as /etc/shadow.pacnew

Is the shadow.pacnew file still in /etc?

1 Like

Not with .pacnew, no.

1 Like

Then that's what happened, your (configured) shadow file was overwritten/replaced with the (blank) shadow.pacnew.

The reason I suspect this is because of a post that @frpenguin made yesterday; I don't use PacUI, but this post mentions that the "Maintain System" category can "allow pacdiff to change all the configs" and since a shadow.pacnew came through in Arch a couple of weeks ago, I figured it probably just hit Manjaro.

I think this is probably what happened here. You should never replace your shadow, passwd, gshadow, or group files with pacnew files.

3 Likes

I see. I never knew this. I've used the maintain system option plenty of times and never had that issue before - it always seemed to help my system in fact. I'm surprised something like that can happen from such a thing. Well I won't be using that anymore.

Thanks a lot for the feedback. I'm just glad it's something like this and not a security issue.

1 Like

I think it's more a case of being sure of what you're allowing PacUI's "Maintain System" to do, rather than just letting it do its thing automatically without paying attention.

I've never used it, but I imagine it has several options availble for dealing with pacnew files, one of which is to replace the original file with the pacnew. That's one to pay attention to.

3 Likes

I have done that - once - replaced my shadow file with a .pacnew - never again :man_facepalming:

1 Like

So is there a fix?
I just did this :frowning:

You can try following the steps that worked for frpenguin, or you can try using the pwconv command.

Perhaps someone else can provide a more detailed response; I've never had to reset a shadow file, so I have no first-hand experience.

Here's a very old tutorial on using pwconv; I'm not vouching for it, just pointing it out. I see that there are a number of YouTube videos on the subject, too.

I got it from my live session

sudo manjaro-chroot -a

When in chroot

passwd <username>

Rebooted, all fine.

1 Like

It all comes from not reading the fir-kin manual. Pacui maintenance is an advanced tool - and I blatantly overwrote stuff. My fault... but I'll just stick with Topgrade for my updates and not worry so much about maintenance.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by