We had a loss of connection for a few hours today to one site and afterwards (and after a reboot) monitoring reported a changed /etc/passwd and /var/log/userlog shows useradd and groupadd for acme, _flowd, dhcpd, squid, zabbix, root and all admin users happening after said reboot. I tried to find something regarding this topic but couldn't. Is this intended behaviour?
Hi vince,
Yes, and you probably have at least zabbix and acme plugins installed... https://github.com/opnsense/core/blob/master/src/etc/rc.subr.d/recover
We do this to ensure consistency on boot up so the system services will not fail. UFS gave us too many problems with empty files after crashes so that we now write vital files on every boot.
This happened frequently with e.g. dhcpd user missing, breaking DHCP server operation, which wasn't so practical. :)
Cheers,
Franco
Hi franco, thanks for clearing that up! :)