useradd: cannot open shadow password file
其实这个问题也可以使用find命令来辅助处理。
[root@imcc_app ~]# useradd test
useradd: cannot open shadow password file
[root@imcc_app ~]# ls -l /etc/shadow
-r-------- 1 root root 1035 Aug 18 2011 /etc/shadow
[root@imcc_app ~]# lsattr /etc/shadow
----i-------- /etc/shadow
[root@imcc_app ~]# chattr -i /etc/shadow
[root@imcc_app ~]# lsattr /etc/shadow
------------- /etc/shadow
[root@imcc_app ~]# useradd test
useradd: error opening group file
[root@imcc_app ~]# lsattr /etc/group
----i-------- /etc/group
[root@imcc_app ~]# lsattr /etc/passwd
------------- /etc/passwd
[root@imcc_app ~]# lsattr /etc/shadow
----i-------- /etc/shadow
[root@imcc_app ~]# useradd test
useradd: error opening group file
这里使用strace跟踪adduser看看那到底是哪个文件权限不对。
[root@imcc_app ~]# strace --help
strace: invalid option -- -
usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]
[-p pid] ... [-s strsize] [-u username] [-E var=val] ...
[command [arg ...]]
or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...
[command [arg ...]]
-c -- count time, calls, and errors for each syscall and report summary
-f -- follow forks, -ff -- with output into separate files
-F -- attempt to follow vforks, -h -- print help message
-i -- print instruction pointer at time of syscall
-q -- suppress messages about attaching, detaching, etc.
-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs
-T -- print time spent in each syscall, -V -- print version
-v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args
-x -- print non-ascii strings in hex, -xx -- print all strings in hex
-a column -- alignment COLUMN for printing syscall results (default 40)
-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...
options: trace, abbrev, verbose, raw, signal, read, or write
-o file -- send trace output to FILE instead of stderr
-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs
-p pid -- trace process with process id PID, may be repeated
-s strsize -- limit length of print strings to STRSIZE chars (default 32)
-S sortby -- sort syscall counts by: time, calls, name, nothing (default time)
-u username -- run command as username handling setuid and/or setgid
-E var=val -- put var=val in the environment for command
-E var -- remove var from the environment for command
[root@imcc_app ~]# strace -o adduser.out useradd test <--------------使用strace跟踪添加用户
useradd: cannot open shadow password file
[root@imcc_app ~]# ls -l /etc/shadow
-r-------- 1 root root 1035 Aug 18 2011 /etc/shadow
[root@imcc_app ~]# lsattr /etc/shadow
----i-------- /etc/shadow
[root@imcc_app ~]# chattr -i /etc/shadow
[root@imcc_app ~]# lsattr /etc/shadow
------------- /etc/shadow
[root@imcc_app ~]# useradd test
useradd: error opening group file
[root@imcc_app ~]# lsattr /etc/group
----i-------- /etc/group
[root@imcc_app ~]# lsattr /etc/passwd
------------- /etc/passwd
[root@imcc_app ~]# lsattr /etc/shadow
----i-------- /etc/shadow
[root@imcc_app ~]# useradd test
useradd: error opening group file
这里使用strace跟踪adduser看看那到底是哪个文件权限不对。
[root@imcc_app ~]# strace --help
strace: invalid option -- -
usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]
[-p pid] ... [-s strsize] [-u username] [-E var=val] ...
[command [arg ...]]
or: strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...
[command [arg ...]]
-c -- count time, calls, and errors for each syscall and report summary
-f -- follow forks, -ff -- with output into separate files
-F -- attempt to follow vforks, -h -- print help message
-i -- print instruction pointer at time of syscall
-q -- suppress messages about attaching, detaching, etc.
-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs
-T -- print time spent in each syscall, -V -- print version
-v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args
-x -- print non-ascii strings in hex, -xx -- print all strings in hex
-a column -- alignment COLUMN for printing syscall results (default 40)
-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...
options: trace, abbrev, verbose, raw, signal, read, or write
-o file -- send trace output to FILE instead of stderr
-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs
-p pid -- trace process with process id PID, may be repeated
-s strsize -- limit length of print strings to STRSIZE chars (default 32)
-S sortby -- sort syscall counts by: time, calls, name, nothing (default time)
-u username -- run command as username handling setuid and/or setgid
-E var=val -- put var=val in the environment for command
-E var -- remove var from the environment for command
[root@imcc_app ~]# strace -o adduser.out useradd test <--------------使用strace跟踪添加用户
useradd: error opening shadow group file
[root@imcc_app ~]#
[root@imcc_app ~]# ls -ltr
total 128
-rw-r--r-- 1 root root 5145 Jan 2 2011 install.log.syslog
-rw-r--r-- 1 root root 39091 Jan 2 2011 install.log
-rw------- 1 root root 1647 Jan 2 2011 anaconda-ks.cfg
drwxr-xr-x 2 root root 4096 Apr 18 2011 Desktop
-rw------- 1 root root 37338 May 6 2011 nohup.out
-rwxr-xr-x 1 root root 55 May 9 2011 sudoimccX.sh
-rw-r--r-- 1 root root 16148 May 20 10:25 adduser.out
[root@imcc_app ~]# more adduser.out
。。。。。。。
read(6, "", 4096) = 0
open("/etc/group.32162", O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 7
write(7, "32162\0", 6) = 6
close(7) = 0
link("/etc/group.32162", "/etc/group.lock") = -1 EEXIST (File exists)
open("/etc/group.lock", O_RDWR|O_LARGEFILE) = 7
read(7, "32133\0", 31) = 6
close(7) = 0
kill(32133, SIG_0) = -1 ESRCH (No such process)
unlink("/etc/group.lock") = 0
link("/etc/group.32162", "/etc/group.lock") = 0
stat64("/etc/group.32162", {st_mode=S_IFREG|0600, st_size=6, ...}) = 0
unlink("/etc/group.32162") = 0
open("/etc/group", O_RDWR|O_LARGEFILE) = 7
fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 8
read(8, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 4095) = 331
close(8) = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=746, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f11000
read(7, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 746
read(7, "", 4096) = 0
open("/etc/gshadow.32162", O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 8 <------问题在这了,
write(8, "32162\0", 6) = 6
close(8) = 0
link("/etc/gshadow.32162", "/etc/gshadow.lock") = -1 EEXIST (File exists)
open("/etc/gshadow.lock", O_RDWR|O_LARGEFILE) = 8
read(8, "32133\0", 31) = 6
close(8) = 0
kill(32133, SIG_0) = -1 ESRCH (No such process)
unlink("/etc/gshadow.lock") = 0
link("/etc/gshadow.32162", "/etc/gshadow.lock") = 0
stat64("/etc/gshadow.32162", {st_mode=S_IFREG|0600, st_size=6, ...}) = 0
unlink("/etc/gshadow.32162") = 0
果然,gshadow也设置了权限
[root@imcc_app ~]# lsattr /etc/gshadow
----i-------- /etc/gshadow
[root@imcc_app ~]# chattr -i /etc/gshadow
[root@imcc_app ~]# useradd test
创建用户成功。
[root@imcc_app ~]# chattr +i /etc/shadow
[root@imcc_app ~]# chattr +i /etc/group
[root@imcc_app ~]# chattr +i /etc/gshadow
[root@imcc_app ~]# lsattr /etc/shadow
----i-------- /etc/shadow
[root@imcc_app ~]# lsattr /etc/group
----i-------- /etc/group
[root@imcc_app ~]# lsattr /etc/gshadow
----i-------- /etc/gshadow
[root@imcc_app ~]#
[root@imcc_app ~]# id test
uid=501(test) gid=501(test) groups=501()test
[root@imcc_app ~]#
[root@imcc_app ~]# ls -ltr
total 128
-rw-r--r-- 1 root root 5145 Jan 2 2011 install.log.syslog
-rw-r--r-- 1 root root 39091 Jan 2 2011 install.log
-rw------- 1 root root 1647 Jan 2 2011 anaconda-ks.cfg
drwxr-xr-x 2 root root 4096 Apr 18 2011 Desktop
-rw------- 1 root root 37338 May 6 2011 nohup.out
-rwxr-xr-x 1 root root 55 May 9 2011 sudoimccX.sh
-rw-r--r-- 1 root root 16148 May 20 10:25 adduser.out
[root@imcc_app ~]# more adduser.out
。。。。。。。
read(6, "", 4096) = 0
open("/etc/group.32162", O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 7
write(7, "32162\0", 6) = 6
close(7) = 0
link("/etc/group.32162", "/etc/group.lock") = -1 EEXIST (File exists)
open("/etc/group.lock", O_RDWR|O_LARGEFILE) = 7
read(7, "32133\0", 31) = 6
close(7) = 0
kill(32133, SIG_0) = -1 ESRCH (No such process)
unlink("/etc/group.lock") = 0
link("/etc/group.32162", "/etc/group.lock") = 0
stat64("/etc/group.32162", {st_mode=S_IFREG|0600, st_size=6, ...}) = 0
unlink("/etc/group.32162") = 0
open("/etc/group", O_RDWR|O_LARGEFILE) = 7
fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 8
read(8, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 4095) = 331
close(8) = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=746, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f11000
read(7, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 746
read(7, "", 4096) = 0
open("/etc/gshadow.32162", O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 8 <------问题在这了,
write(8, "32162\0", 6) = 6
close(8) = 0
link("/etc/gshadow.32162", "/etc/gshadow.lock") = -1 EEXIST (File exists)
open("/etc/gshadow.lock", O_RDWR|O_LARGEFILE) = 8
read(8, "32133\0", 31) = 6
close(8) = 0
kill(32133, SIG_0) = -1 ESRCH (No such process)
unlink("/etc/gshadow.lock") = 0
link("/etc/gshadow.32162", "/etc/gshadow.lock") = 0
stat64("/etc/gshadow.32162", {st_mode=S_IFREG|0600, st_size=6, ...}) = 0
unlink("/etc/gshadow.32162") = 0
果然,gshadow也设置了权限
[root@imcc_app ~]# lsattr /etc/gshadow
----i-------- /etc/gshadow
[root@imcc_app ~]# chattr -i /etc/gshadow
[root@imcc_app ~]# useradd test
创建用户成功。
[root@imcc_app ~]# chattr +i /etc/shadow
[root@imcc_app ~]# chattr +i /etc/group
[root@imcc_app ~]# chattr +i /etc/gshadow
[root@imcc_app ~]# lsattr /etc/shadow
----i-------- /etc/shadow
[root@imcc_app ~]# lsattr /etc/group
----i-------- /etc/group
[root@imcc_app ~]# lsattr /etc/gshadow
----i-------- /etc/gshadow
[root@imcc_app ~]#
[root@imcc_app ~]# id test
uid=501(test) gid=501(test) groups=501()test
其实这个问题也可以使用find命令来辅助处理。
1502
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
