• Welcome to Computer Association of SIUE - Forums.
 

Can't Create New User or edit /etc/passwd

Started by Michael Kennedy, 2003-06-30T03:13:58-05:00 (Monday)

Previous topic - Next topic

Michael Kennedy

Hello.  I'm running Mandrake 9.0 on an i586 system and I'm running into a problem that other people can't seem to help me fix.  I'm trying to run "useradd" so I can create another account on my system, but doing so just nets me this error message:

useradd: unable to open password file

Trying to add a user via linuxconf and Webmin are fruitless as well.  When I open /etc/passwd via "joe" (a text editor) as root I get a message at the top saying it's read only, but the permissions are correctly set so I *should* be able to edit the file as root.

Any attempt to modify something that would be in the file is fruitless (i.e. I can't change my passwords now- passwd gives me a message like it was a success, but the old password still works).

Any help would be appreciated.  I took some precautions to block this box off from the net just in case someone says that I might be hacked since this would be something I would do if hacking a server.

Anyway, any help is appreciated.  Thanks.
"If it ain't busted, don't fix it" is a very sound principal and remains so despite the fact that I have slavishly ignored it all my life. --Douglas Adams, "Salmon of Doubt"

William Grim

Well, I've never really heard of that happening.

Make sure your /etc/passwd is set to 0644 and /etc/shadow is set to 0600.  If you're trying to change your passwd, then you need to make sure /etc/shadow is correct; this is where your encrypted passwords are kept.

If these permissions are set correctly, then there is a fatal error somewhere.  I would say somewhere in the kernel, most likely dealing with the filesystem.  This fatal error could indeed be occuring from a successful hack, because if root was compromised, they could put any kind of kernel module into memory for your file system that they wanted.

Check your logs and see if you notice anything strange.  If it was a hacker, and he/she wasn't very skilled, you'll notice.

Also, if you have more questions, please post all error messages you receive.  Oh, and try editing your passwords with "vipw" as root for now just as a test.
William Grim
IT Associate, Morgan Stanley

Gregory Bartholomew

I seem to recall having a similar problem before where the /etc/passwd file seemed to be read-only for root.  I recall having to use wq! in vim to override the error and write the changes anyway.  I just assumed it was part of some sort of high level security template that I probably applied somewhere along the line.  I never gave it any notice though as I don't often create accounts on the local unix systems anyway (most accounts are in our nis server).
......

bill corcoran

I had a very similar problem a while ago (it was in mdk 9, too).  however, whatever util i was using at the time (probably kuser or userdrake) cited that there was a temporary file left behind from the last time i modified the users, and that's why i couldn't make any more changes.  the error message was something like "user [bla bla] could not be added because the temporary file [bla bla] still exists"  just deleted the temp file manually and went on with my business.
-bill

Michael Kennedy

OK, I'll respond to everyone's suggestions in one post- /etc/shadow is set to 0400 on mine, not 0600.  

Quote[root@mandrake etc]# ls -l shadow
-r--------    1 root     root          859 Jun 10 17:29 shadow
[root@mandrake etc]# chmod 600 shadow
chmod: changing permissions of `shadow': Operation not permitted

Soooo, how do I change the permissions?  The OS itself might not be letting me change things OR does my root account not have all it's rights?  Can something be done to stop root from being able to do some root-ish things?

I also have a "shadow-" and "passwd-" file, btw.  I'm not sure what they're for (haven't hit Google on that yet).

Talmai, I'll give that a shot if I can't come up with a more permanent solution.  the odd thing is that the file was last changed on June 10th and I was able to add/remove some accounts before that date, so this did work at one time.  I add accounts on a semi-regular basis, so I need this fixed.  :P

Bill - Any idea what that temp file is called?  I have a .pwd.lock file, but messing with it didn't help things.  Renaming it cause it to pop back into place and other people who've helped with this problem have had the same exact file on their system and had no problems.  I do have a "group.TMP" file, but renaming it and trying again nets me the same result.

I appreciate all help, but I didn't seem to get lucky on this go.  Thanks and any other suggestions are greatly appreciated.
"If it ain't busted, don't fix it" is a very sound principal and remains so despite the fact that I have slavishly ignored it all my life. --Douglas Adams, "Salmon of Doubt"

William Grim

Something else you may want to check out is the file attributes.

In Linux, there is an 'i' option that can be applied to files:
# Begin chattr(1) excerpt:
A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process pessessing the
CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
# End chattr(1) excerpt.

I think you might have set this bit on the file at some point, and it's worth checking out.
chattr -i /etc/shadow && chmod 0600 /etc/shadow will probably do the trick. BTW, I don't use chattr much at all; I generally find it useless. Although, I'm sure it's quite useful if used correctly. So, you might have to do chattr +i /etc/shadow, but it'd make more sense for it to require -i.

Let me know how things go.
William Grim
IT Associate, Morgan Stanley

Michael Kennedy

Thanks a ton- that did it.  I've never even heard of that option, so I don't know how long it would have taken me to figure that out myself.  Apaprently, that was turned on for a few files, since I also has to

chattr -i /etc/group && chattr -i /etc/gshadow

to be able to add the user.  The user is now added and I'm once again a happy camper.  I'm not sure what I did to make them +i, but I'm going to watch things and see what's up.  I'm going to continue to simply log connection attempts to ports 21, 22, and 80 and see if anyone tries to connect (I expect some 80, but nothing else) to look at a possible hack attempt, but I suspect I'm still in good shape.

I think I might make them all +i again just in case it's an OS security thing.  Also, by reading the man page I couldnt seem to tell if there was a way to view what settings might be enabled for each file.  Without anyone writing some sort of script, can you tell if it's easily done?  If some sort of script is needed I can write it myself.

Also, some of the settings like +s looked neat to use so I might look into that command a bit more.  Thanks again Grim.
"If it ain't busted, don't fix it" is a very sound principal and remains so despite the fact that I have slavishly ignored it all my life. --Douglas Adams, "Salmon of Doubt"

William Grim

I'm glad that worked out for you.

I don't know if it's so much a security thing as it is just making sure you don't accidentally screw up by deleting it while you're root.

I think what probably happened is you used some utility at one point to edit the files and exitted it in a way it did not expect, and some poor clean-up code did not release the files again.

I'll have to look into +s; I haven't really read the man pages on chattr yet.
William Grim
IT Associate, Morgan Stanley

Jon

The "immutable" flag may be turned on.
Try  'chattr -i /etc/passwd' and see if that helps
.........

M-Schaff

Quote from: Jon on 2003-07-02T13:44:07-05:00 (Wednesday)
The "immutable" flag may be turned on.
Try  'chattr -i /etc/passwd' and see if that helps

I have kind of the same problem... but to me it also doesn't work with "chattr -i /etc/passwd" any more ideas what i could do?