Basic NetBSD Recovery

The Story

Someone online made a custom build of GNU coreutils for NetBSD 9. The files are all put under /usr/gnu so I thought it would be safe to untar using root user in my NetBSD 9 system.

I did that. After a while, I noticed that anything using pam(8) stopped working. This means I cannot su or login as root otherwise, which means I lack the permission to use shutdown(8).

The problem was that the files in the tar file had "unusual" UID and GID, namely 1001 for both. Untaring had the side-effect of changing the owner and group of /usr. PAM was not happy about the fact that /usr has wrong owner and/or group.

I pressed the power button, I get messages that are usually printed out during shutdown.

This means that the usual steps of ensuring filesystem integrity during shutdown is executed and data loss is unlikely, which is good.

The Recovery

Power on the machine again.

You guessed it. Pressing "2" would let NetBSD boot into single user mode.

It asked for a shell. The default /bin/sh would be fine for recovery purpose so I pressed Return.

A root shell will appear without requiring the root password. This is something we could investigate later, if we do not want anyone with physical access to get root privilege without a password.

The / file system is mounted read-only at this point, as we can see from the output of mount(8).

How do we remount read-write? Notice that the man page says the following:

-u The -u flag indicates that the status of an already mounted file system should be changed.

-w The file system object is to be read and write.

So maybe we could try mount -u -w /, it works!

To save 2 keystrokes, we could write it as mount -uw /.

To fix my original problem, I ran chown root:wheel /usr.

TL; DR

• Press "2" in NetBSD boot menu to enter single user mode.
• Use mount -uw / to remount / as read-write.
• Using default install, NetBSD 9 doesn't require root password for single user mode.