Normally, after I've added or removed a user, I get security(8) output (mailed to root, via a cron job scheduled for 1:30 AM), containing: - diffs of previous and current /etc/group, /etc/master.passwd and /etc/passwd files - sha265 checksums of the previous and current /etc/spwd.db and /etc/pwd.db
At 1:30 this morning, the output arrived with only checksums for the *.db files. I haven't changed anything that would be stored in the *passwd or group files. Basically, I'd like to know if there are any known, "innocent" causes for this. One user was added and removed between the last two times security(8) ran; hours before this unexpected output (with "userdel -rp false" and groupdel). I haven't updated the system or any programs since the third of February (this is the snapshot from that day, with chromium browser and dependencies). there's not much on pwd.db in the manpages. I ran pwd_mkdb -c on both *.db files, and for each one I got: pwd_mkdb: corrupted entry pwd_mkdb: at line #1 pwd_mkdb: ...: Inappropriate file type or header Yet, I added and removed a user (same way as before), then got the checksums with sha256. The checksums didn't change, so whatever the "corruption" is, it's consistent.
