passwd: permission denied

Randolph D. Dach rdach at shaw.ca
Mon Nov 1 21:20:23 PST 2004


On Mon, 01 Nov 2004 14:41:06 +0100
"Matthias B." <msbREMOVE-THIS at winterdrache.de> wrote:

> On Sun, 31 Oct 2004 17:53:59 -0700 "Randolph D. Dach" <rdach at shaw.ca>
> wrote:
> 
> > On Sun, 31 Oct 2004 22:12:48 +0100
> > "Matthias B." <msbREMOVE-THIS at winterdrache.de> wrote:
> > 
> > > On Sun, 31 Oct 2004 11:08:11 -0700 "Randolph D. Dach" <rdach at shaw.ca>
> > > wrote:
> > > 
> > > > 
> > > > Hope someone out there has some ideas????
> > > 
> > > Run passwd under strace and search the output for your "Permission
> > > Denied" error. 
> > > 
> > > MSB
> > > 
> > 
> > tks Matthias  
> > 
> > I ran it with strace to produce this output
> 
> [snip]
> 
> There's no Permission denied (EACCES) error in the dump, so it seems that
> the message is either bogus or not related to a failing syscall but a more
> high level problem.
> 
> 
> > now I can't figure out which file passwd is trying to write to that must
> > be missing 
> 
> Why do you think that the problem is a missing file? The  "Permission
> denied" message certainly does not point in that direction.
> 
> To eliminate broken NLS support (shadow.mo and gconv-* are related to NLS)
> as a factor, you can rebuild shadow with the --disable-nls configure
> option.
> 
> You're saying that you left all of the PAM files as is. That may be the
> problem. It would make sense for PAM to be shipped with a deny-all
> configuration. In the strace-output I see PAM accesses /etc/pam.d/passwd
> and /etc/pam.d/other. These files would be a good place to start looking.
> But from what you're saying you don't seem to actually need PAM for
> anything. You should just delete all files installed by PAM and then
> recompile shadow.
> 
> MSB
> 
> p.s: In case you haven't noticed: By posting the strace output you have
> disclosed your encrypted root password. You should be more careful when
> posting data related to security-sensitive operations/packages.
> 

I didn't realize that the encrypted password was in there but that can be changed.

I solved the problem I deleted all the pam related files except for libpam.so.0 and libpam_misc.so.0 which for some strange reason shadow's 
passwd, su, login commands needed to work even though i tried compiling shadow without any pam related commands.   tks for all your help




More information about the blfs-support mailing list