Indeed. I have done a bit of digging around and I think I came very close to assemble the whole “reset password and user accounts” picture. It goes something like this:
The init process reads /etc/inittab (standard Linux behavior)
/etc/inittab points to /etc/init.d/rcS (line 1)
/etc/init.d/rcS calls the script /etc/init.d/enable_var (line 14)
enable_var makes sure that /var is read-writeable, and that the proper folder structure is in place. Important: /var is mounted on flash memory.
/etc/init.d/enable_var calls the script /etc/init.d/update_passwd (line 85)
update_passwd reads the file /var/.passwd (no typo, it is really .passwd, you can check on your FS), makes sure that at least ‘root’, ‘avahi’ and ‘nobody’ are there, and if so replaces /etc/.passwd (again not a typo, it is really .passwd)
we then return to rcS, which then does all kinds of initializations, but nothing related to /etc/.passwd. The last line calls /usr/bin/nasd, and redirects output to /var/log/nasd.log
From there the proverbial trail goes cold. It seems there is no script that does the copy from /etc/.passwd to /etc/passwd. However, if you run ‘grep -r \.passwd /usr’, you get /usr/bin/nasd back. Surprise, surprise.
In summary: remember /var is on flash memory? I think the reason why Drobos are set up this way is because if they need to do support on this thing they can just reflash /var using some external device, and the next time they boot - bam! Root password is reset.
Now, you might be wondering why even have a /etc/.passwd in the first place. That is a very good question. I see no reason why not just copy directly from /var/.passwd directly to /etc/passwd. Who knows?
WARNING: THE INFORMATION BELOW IS DANGEROUS. I HAVE NOT TESTED IT ON MY DROBO FS. FOR ALL I KNOW, IT MIGHT TURN YOUR FS INTO A NICE, EXPENSIVE PAPER WEIGHT. I OFFER NO GUARANTEE ABOUT THIS, PROCEED AT YOUR OWN PERIL.
In any case, the way to “fix” the password reset seems to be simple. First, delete /var/.passwd. The script /var/update_passwd does not overwrite /etc/.passwd if /var/.passwd does not exist. After that, every time you modify /etc/passwd, remember to copy it over /etc/.passwd to replace it.
I have a feeling that if /etc/.passwd does not exist, then nasd won’t try to replace /etc/passwd, so (talking out of my a$$ now) deleting /etc/.passwd should prevent all future password and user account resets.