Re: [gentoo-user] chage can't open /etc/passwd
On Tuesday 18 September 2007, Albert Hopkins wrote: Note the chage: PAM authentication failed *only* occurs when I run under strace and only then when I run as a user. This is normal, since the suid is ignored when the program is straced. As Norberto said, can you post the full output of strace chage -l marduk run *as root* (ie, not with sudo)? -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Tuesday 18 September 2007, Albert Hopkins wrote: open(/etc/passwd, O_RDONLY) = 3 open(/etc/shadow, O_RDONLY) = 3 chage: can't open password file Since the opens succeed, this must be some other kind of error. Looking at the sources could possibily help here. In chage.c, the message is printed if the function pw_open() returns a nonzero value. Following che chain of function calls, we arrive at commonio_open() (inside commonio.c). That function can fail for various reasons. The file is opened correctly, so the error has to be searched after the fopen(). Excluding failure of the various memory-allocation functions, the other likely possibilities involve some failure during parsing (which here is done manually, not with the usual getpwent() and co.). Double check your /etc/passwd and /etc/shadow for syntactical correctness. I'd ask you to remove sensible information and post them here, but the cleanup could possibly also remove the information that chage's parser doesn't like, so check them on your own. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Tue, 2007-09-18 at 10:14 +0200, Etaoin Shrdlu wrote:
As Norberto said, can you post the full output of strace chage -l
marduk run *as root* (ie, not with sudo)?
By popular demand...
execve(/usr/bin/chage, [chage, -l, marduk], [/* 65 vars */]) = 0
brk(0) = 0x8053000
access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or
directory)
open(/etc/ld.so.cache, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=91739, ...}) = 0
mmap2(NULL, 91739, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f34000
close(3)= 0
open(/lib/libcrypt.so.1, O_RDONLY)= 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\6\0\0004\0
\0\0..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=21916, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7f33000
mmap2(NULL, 184636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7f05000
mmap2(0xb7f0a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_DENYWRITE, 3, 0x4) = 0xb7f0a000
mmap2(0xb7f0c000, 155964, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_ANONYMOUS, -1, 0) = 0xb7f0c000
close(3)= 0
open(/lib/libpam_misc.so.0, O_RDONLY) = 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\f\0\0004\0\0
\0..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9592, ...}) = 0
mmap2(NULL, 12436, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0xb7f01000
mmap2(0xb7f03000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_DENYWRITE, 3, 0x1) = 0xb7f03000
close(3)= 0
open(/lib/libpam.so.0, O_RDONLY) = 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\32\0\0004\0\0
\0..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=38444, ...}) = 0
mmap2(NULL, 41340, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0xb7ef6000
mmap2(0xb7eff000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_DENYWRITE, 3, 0x8) = 0xb7eff000
close(3)= 0
open(/lib/libdl.so.2, O_RDONLY) = 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\n\0\0004\0
\0\0..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9692, ...}) = 0
mmap2(NULL, 12412, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0xb7ef2000
mmap2(0xb7ef4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_DENYWRITE, 3, 0x1) = 0xb7ef4000
close(3)= 0
open(/lib/libc.so.6, O_RDONLY)= 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pa\1\0004\0\0
\0..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1229164, ...}) = 0
mmap2(NULL, 1234384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7dc4000
mmap2(0xb7eec000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_DENYWRITE, 3, 0x128) = 0xb7eec000
mmap2(0xb7eef000, 9680, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_ANONYMOUS, -1, 0) = 0xb7eef000
close(3)= 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7dc3000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7dc2000
set_thread_area({entry_number:-1 - 6, base_addr:0xb7dc26c0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7eec000, 4096, PROT_READ) = 0
munmap(0xb7f34000, 91739) = 0
brk(0) = 0x8053000
brk(0x8074000) = 0x8074000
open(/usr/lib/locale/locale-archive, O_RDONLY|O_LARGEFILE) = -1 ENOENT
(No such file or directory)
open(/usr/share/locale/locale.alias, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2586, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7f4a000
read(3, # Locale name alias data base.\n#..., 4096) = 2586
read(3, , 4096) = 0
close(3)= 0
munmap(0xb7f4a000, 4096)= 0
open(/usr/lib/locale/en_US.UTF-8/LC_IDENTIFICATION, O_RDONLY) = -1
ENOENT (No such file or directory)
open(/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=373, ...}) = 0
mmap2(NULL, 373, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f4a000
close(3)= 0
open(/usr/lib/gconv/gconv-modules.cache, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=25486, ...}) = 0
mmap2(NULL, 25486, PROT_READ, MAP_SHARED, 3, 0) = 0xb7f43000
close(3)= 0
open(/usr/lib/locale/en_US.UTF-8/LC_MEASUREMENT, O_RDONLY) = -1 ENOENT
(No such file or directory)
open(/usr/lib/locale/en_US.utf8/LC_MEASUREMENT, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=23, ...}) = 0
mmap2(NULL, 23, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f42000
close(3)= 0
open(/usr/lib/locale/en_US.UTF-8/LC_TELEPHONE, O_RDONLY) = -1 ENOENT
(No such file or
Re: [gentoo-user] chage can't open /etc/passwd
On Tue, 2007-09-18 at 10:14 +0200, Etaoin Shrdlu wrote: Note the chage: PAM authentication failed *only* occurs when I run under strace and only then when I run as a user. This is normal, since the suid is ignored when the program is straced. Yes, that makes complete sense now that I think of it :-) -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
Ok the mystery continues. On another box, strider, chage -l works so this is what I did (don't try this at home): $ mkdir /tmp/strider_passwd $ scp strider:/etc/passwd /tmp/strider_passwd $ scp strider:/etc/shadow /tmp/strider_passwd $ mv /etc/passwd /etc/passwd.orig $ mv /etc/shadow /etc/shadow.orig $ mv /tmp/strider_passwd/passwd /etc $ mv /tmp/strider_passwd/shadow /etc $ ls -l /etc/passwd /etc/shadow -rw-r--r-- 1 root root 1314 2007-09-18 16:23 /etc/passwd -rw--- 1 root root 625 2007-09-18 16:23 /etc/shadow $ chage -l marduk chage: can't open password file I'm running out of ideas. This used to work up until about a month ago. BTW I was going to try also copying group/gshadow from strider but, oddly enough, strider doesn't have an /etc/gshadow. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
Albert Hopkins wrote: I'm running out of ideas. This used to work up until about a month ago. I almost know the reply to this one, but it won't hurt: LC_ALL=C chage -l marduk -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Tue, 2007-09-18 at 20:32 -0300, Norberto Bensa wrote: I almost know the reply to this one, but it won't hurt: LC_ALL=C chage -l marduk Yeah, I've already tried that. It didn't make a difference. I've also tried compiling shadow/pam with/without NLS support and shadow without PAM support. I think i'm going to have to use gdb (yeck) and step through the program. -- Albert W. Hopkins -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd [SOLVED]
On Tue, 2007-09-18 at 18:56 -0500, Albert Hopkins wrote: [...] I think i'm going to have to use gdb (yeck) and step through the program. Well, I hate to sound like a ricer, but apparently it's my CFLAGS :| CFLAGS=-O2 -march=k8 -msse3 -ggdb -pipe -fomit-frame-pointer I have an Athlon 64 X2, and according to the Gentoo Wiki my CFLAGS are safe. My CPU supports SSE3 (according to /proc/cpuinfo). Oddly enough, I tried taking out -msse3 but no-go. I've tried a few permutations of those flags, but the only way I was able to get it to work is to take out -O2 (even *just* having CFLAGS=-O2 doesn't work). So now the question is: GCC bug?[1] CPU bug?[2] Wiki bug?[3] Anyway I just wanted to thank everyone who collectively scratched their heads with me :-) 1. GCC 4.2.0 2. AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ 3. http://gentoo-wiki.com/Safe_Cflags#Athlon_64_X2_.28AMD.29 -- Albert W. Hopkins -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd [SOLVED]
Quoting Albert Hopkins [EMAIL PROTECTED]: On Tue, 2007-09-18 at 18:56 -0500, Albert Hopkins wrote: Well, I hate to sound like a ricer, but apparently it's my CFLAGS :| CFLAGS=-O2 -march=k8 -msse3 -ggdb -pipe -fomit-frame-pointer I have an Athlon 64 X2, Hmmm... I have one of those. Try: CFLAGS=-march=athlon64 -O2 -fomit-frame-pointer -pipe This message was sent using IMP, the Internet Messaging Program. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd [SOLVED]
On Tue, 2007-09-18 at 22:08 -0300, Norberto Bensa wrote: Hmmm... I have one of those. Try: CFLAGS=-march=athlon64 -O2 -fomit-frame-pointer -pipe No, doesn't work. I'm going to try downgrading GCC (w/o any optimizations), re-compiling shadow with my original CFLAGS and see what happens. -- Albert W. Hopkins -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd [SOLVED]
On Tue, 2007-09-18 at 20:16 -0500, Albert Hopkins wrote: No, doesn't work. I'm going to try downgrading GCC (w/o any optimizations), re-compiling shadow with my original CFLAGS and see what happens. # grep ^CFLAGS /etc/make.conf CFLAGS=-O2 -march=k8 -msse3 -ggdb -pipe -fomit-frame-pointer # gcc-config i686-pc-linux-gnu-4.2.0 # source /etc/profile # chage -l marduk chage: can't open password file # gcc-config i686-pc-linux-gnu-4.1.2 # source /etc/profile # emerge -1 shadow /dev/null # chage -l marduk Last password change: Sep 18, 2007 Password expires: Nov 17, 2007 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 60 Number of days of warning before password expires : 14 Seems to be a problem with GCC. -- Albert W. Hopkins -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd [SOLVED]
Quoting Albert Hopkins [EMAIL PROTECTED]: Seems to be a problem with GCC. Or with your CFLAGS: [EMAIL PROTECTED] ~ $ cat /proc/cpuinfo | grep ^model\ name | head -n 1 model name : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ [EMAIL PROTECTED] ~ $ grep CFLAG /etc/make.conf CFLAGS=-march=athlon64 -O2 -fomit-frame-pointer -pipe [EMAIL PROTECTED] ~ $ gcc --version gcc (GCC) 4.2.0 (Gentoo 4.2.0 p1.4) Copyright (C) 2007 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. [EMAIL PROTECTED] ~ $ chage -l nbensa Last password change: Dec 23, 2006 Password expires: never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 9 Number of days of warning before password expires : 7 This message was sent using IMP, the Internet Messaging Program. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd [SOLVED]
Norberto Bensa skrev: Quoting Albert Hopkins [EMAIL PROTECTED]: On Tue, 2007-09-18 at 18:56 -0500, Albert Hopkins wrote: Well, I hate to sound like a ricer, but apparently it's my CFLAGS :| CFLAGS=-O2 -march=k8 -msse3 -ggdb -pipe -fomit-frame-pointer I have an Athlon 64 X2, Hmmm... I have one of those. Try: CFLAGS=-march=athlon64 -O2 -fomit-frame-pointer -pipe athlon64 is an alias for k8, it makes no difference if you put one or the other. If you check gcc's code you will see there is many march flags, but only a handful is actually unique at the code level. smime.p7s Description: S/MIME Cryptographic Signature
Re: [gentoo-user] chage can't open /etc/passwd [SOLVED]
On Tue, 2007-09-18 at 23:01 -0300, Norberto Bensa wrote: Or with your CFLAGS: [EMAIL PROTECTED] ~ $ cat /proc/cpuinfo | grep ^model\ name | head -n 1 model name : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ [EMAIL PROTECTED] ~ $ grep CFLAG /etc/make.conf CFLAGS=-march=athlon64 -O2 -fomit-frame-pointer -pipe Possibly, but it still breaks with your CFLAGS. Even with CFLAGS=-O2 it breaks. According to the Wiki all the optimization flags I'm using should be ok on my arch, and indeed they do work with GCC 4.1. The only thing that's changed relatively recently was the upgrade to GCC 4.2 (and other software). The hardware and CFLAGS have been constant. -- Albert W. Hopkins -- [EMAIL PROTECTED] mailing list
[gentoo-user] chage can't open /etc/passwd
I've been having this problem on one of my machines for a while. As a user or as root I cannot run chage: $ chage -l marduk chage: can't open password file I've looked at /etc/passwd*, /etc/shadow* /etc/group* and /etc/gshadow* and all the permissions look fine. It works on other machines. I even tried re-emerging the shadow package, but still get the same error. I tried running pwck thinking the password file was somehow currupt. pwck only complains about users with invalid home directories/shells. Oddly enough, 'pwck' runs w/o errors, but 'pwck -r' (read-only) gives. pwck: cannot open file /etc/passwd syslog shows: Sep 17 10:07:49 [chage] failed opening /etc/passwd I'm at a loss. Rebooting makes no difference. passwd seems to work fine. I can open /etc/passwd myself (as root and user) just fine. Anyone got any clues? -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On 9/17/07, Albert Hopkins [EMAIL PROTECTED] wrote: I've been having this problem on one of my machines for a while. As a user or as root I cannot run chage: $ chage -l marduk chage: can't open password file I've looked at /etc/passwd*, /etc/shadow* /etc/group* and /etc/gshadow* and all the permissions look fine. It works on other machines. I even tried re-emerging the shadow package, but still get the same error. I tried running pwck thinking the password file was somehow currupt. pwck only complains about users with invalid home directories/shells. Oddly enough, 'pwck' runs w/o errors, but 'pwck -r' (read-only) gives. pwck: cannot open file /etc/passwd syslog shows: Sep 17 10:07:49 [chage] failed opening /etc/passwd I'm at a loss. Rebooting makes no difference. passwd seems to work fine. I can open /etc/passwd myself (as root and user) just fine. Anyone got any clues? This is just triage, but what are the permissions on /etc/passwd? -- Ryan W Sims -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Monday 17 September 2007, Albert Hopkins wrote: I've been having this problem on one of my machines for a while. As a user or as root I cannot run chage: $ chage -l marduk chage: can't open password file I've looked at /etc/passwd*, /etc/shadow* /etc/group* and /etc/gshadow* and all the permissions look fine. It works on other machines. I even tried re-emerging the shadow package, but still get the same error. I tried running pwck thinking the password file was somehow currupt. pwck only complains about users with invalid home directories/shells. Oddly enough, 'pwck' runs w/o errors, but 'pwck -r' (read-only) gives. pwck: cannot open file /etc/passwd syslog shows: Sep 17 10:07:49 [chage] failed opening /etc/passwd I'm at a loss. Rebooting makes no difference. passwd seems to work fine. I can open /etc/passwd myself (as root and user) just fine. Anyone got any clues? Is /usr/bin/chage suid root? -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Mon, 2007-09-17 at 13:30 -0400, Ryan Sims wrote: This is just triage, but what are the permissions on /etc/passwd? $ /bin/ls -l /etc/passwd* /etc/shadow* /etc/group* /etc/gshadow* /usr/bin/chage -rw-r--r-- 1 root root 1404 2007-09-08 17:39 /etc/group -rw--- 1 root root 1389 2007-06-30 23:15 /etc/group- -rw--- 1 root root 1203 2007-07-19 18:37 /etc/gshadow -rw--- 1 root root 1190 2007-06-23 09:12 /etc/gshadow- -rw-r--r-- 1 root root 3161 2007-09-12 11:51 /etc/passwd -rw--- 1 root root 3209 2007-09-08 17:39 /etc/passwd- -rw--- 1 root root 1233 2007-09-12 20:10 /etc/shadow -rw--- 1 root root 1290 2007-09-08 17:39 /etc/shadow- -rws--x--x 1 root root 36944 2007-09-12 10:56 /usr/bin/chage Actually, /etc/gshadow wasn't root-writable for some reason. I did a 'chmod u+w' but still get chage: can't open password file. BTW, this happens whether I'm running as user or root. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Monday 17 September 2007, Albert Hopkins wrote: On Mon, 2007-09-17 at 13:30 -0400, Ryan Sims wrote: This is just triage, but what are the permissions on /etc/passwd? $ /bin/ls -l /etc/passwd* /etc/shadow* /etc/group* /etc/gshadow* /usr/bin/chage -rw-r--r-- 1 root root 1404 2007-09-08 17:39 /etc/group -rw--- 1 root root 1389 2007-06-30 23:15 /etc/group- -rw--- 1 root root 1203 2007-07-19 18:37 /etc/gshadow -rw--- 1 root root 1190 2007-06-23 09:12 /etc/gshadow- -rw-r--r-- 1 root root 3161 2007-09-12 11:51 /etc/passwd -rw--- 1 root root 3209 2007-09-08 17:39 /etc/passwd- -rw--- 1 root root 1233 2007-09-12 20:10 /etc/shadow -rw--- 1 root root 1290 2007-09-08 17:39 /etc/shadow- -rws--x--x 1 root root 36944 2007-09-12 10:56 /usr/bin/chage Actually, /etc/gshadow wasn't root-writable for some reason. I did a 'chmod u+w' but still get chage: can't open password file. BTW, this happens whether I'm running as user or root. What does stracing the program show? -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Mon, 2007-09-17 at 21:48 +0200, Etaoin Shrdlu wrote: What does stracing the program show? As root it does an open(/etc/passwd, O_RDONLY) twice. Both times it gets a file handle. As user, same thing, but it also tries to open /etc/shadow RDONLY and, of course, gets a Permission denied. There is also a write(2, chage: PAM authentication failed..., 33chage: PAM authentication failed) = 33 But I've never seen this on my terminal when running w/o strace. In addition, in both cases it attempts to open a bunch of /usr/lib/locale/ files but most of them are No such file or directory I'm thinking this is normal though. It also tries to connect to /var/run/nscd/socket but fails but as I do not use nscd I assume that's normal as well. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Monday 17 September 2007, Albert Hopkins wrote: On Mon, 2007-09-17 at 21:48 +0200, Etaoin Shrdlu wrote: What does stracing the program show? As root it does an open(/etc/passwd, O_RDONLY) twice. Both times it gets a file handle. As user, same thing, but it also tries to open /etc/shadow RDONLY and, of course, gets a Permission denied. This is different from what you said before. You said that running as root or as an user made no difference, and in both cases you were getting can't open password file. You never mentioned a permission denied error, which seems correct when running as a regular user. On my box, running chage as a regular user fails with permission denied, but it's not related to /etc/shadow permissions. Instead (looking at the strace and at the sources), chage checks the real UID of the user and terminates if it's not 0 and the user requests to change the info (instead of just listing it with -l). It does not even touch any file. So, if you see chage trying to open /etc/shadow when running as a regular user, something must be broken or wrong. What version of shadow are you using? Mine is shadow-4.0.18.1-r1. There is also a write(2, chage: PAM authentication failed..., 33chage: PAM authentication failed) = 33 But I've never seen this on my terminal when running w/o strace. How does your /etc/pam.d/chage look like? Here is mine: [Mon Sep 17 21:41:13 [EMAIL PROTECTED] ~]# cat /etc/pam.d/chage #%PAM-1.0 auth sufficient pam_rootok.so auth required pam_permit.so accountinclude system-auth password required pam_permit.so -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Mon, 2007-09-17 at 21:08 +0100, Peter Ruskin wrote: Check your perms for gshadow: $ /bin/ls -l /etc/passwd* /etc/shadow* /etc/group* /etc/gshadow* /usr/bin/chage -rw-r--r-- 1 root root 1646 2007-04-14 00:45 /etc/group -rw--- 1 root root 1630 2007-04-01 11:04 /etc/group- -rw--- 1 root root 1561 2007-01-21 00:52 /etc/group.bak -rw-r--r-- 1 root root 1503 2007-04-12 01:31 /etc/gshadow -rw--- 1 root root 1491 2007-04-01 11:04 /etc/gshadow- -rw--- 1 root root 1422 2007-01-21 00:52 /etc/gshadow.bak -rw-r--r-- 1 root root 2290 2007-04-14 00:45 /etc/passwd -rw--- 1 root root 2220 2007-02-14 01:24 /etc/passwd- -rw--- 1 root root 2131 2006-12-12 18:40 /etc/passwd.bak -rw--- 1 root root 1174 2007-04-14 00:45 /etc/shadow -rw--- 1 root root 1143 2007-02-14 01:24 /etc/shadow- -rw--- 1 root root 2006-12-12 18:40 /etc/shadow.bak -rws--x--x 1 root root 47937 2007-07-03 00:11 /usr/bin/chage I would think that gshadow, like shadow, should not be world-readable, as it could potentially contain (group) passwords. Nevertheless, changing the permissions doesn't make a difference in my case. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Mon, 2007-09-17 at 23:09 +0200, Etaoin Shrdlu wrote: This is different from what you said before. You said that running as root or as an user made no difference, and in both cases you were getting can't open password file. You never mentioned a permission denied Permission denied is from the strace (the result of the open()). I didn't mention it before because before I didn't run strace before. Regardless of root/non-root I get chage: can't open password file error, which seems correct when running as a regular user. On my box, running chage as a regular user fails with permission denied, but it's not related to /etc/shadow permissions. Instead (looking at the strace and at the sources), chage checks the real UID of the user and terminates if it's not 0 and the user requests to change the info (instead of just listing it with -l). It does not even touch any file. So, if you see chage trying to open /etc/shadow when running as a regular user, something must be broken or wrong. What version of shadow are you using? Mine is shadow-4.0.18.1-r1. I'm running shadow-4.0.18.1-r1 with pam in set as a USE flag. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
Albert Hopkins wrote: Regardless of root/non-root I get chage: can't open password file Can you cat /etc/passwd? Can you /etc/passwd (note it's a double ) ? Have you ran fsck on / ? Do you run some form of SELinux? Regards, Norberto -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] chage can't open /etc/passwd
On Mon, 2007-09-17 at 23:15 -0300, Norberto Bensa wrote: Can you post sudo strace -eopen chage -l marduk ? $ whoami marduk $ chage -l marduk chage: can't open password file $ strace -eopen chage -l marduk open(/etc/ld.so.cache, O_RDONLY) = 3 open(/lib/libcrypt.so.1, O_RDONLY)= 3 open(/lib/libpam_misc.so.0, O_RDONLY) = 3 open(/lib/libpam.so.0, O_RDONLY) = 3 open(/lib/libdl.so.2, O_RDONLY) = 3 open(/lib/libc.so.6, O_RDONLY)= 3 open(/usr/lib/locale/locale-archive, O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open(/usr/share/locale/locale.alias, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_IDENTIFICATION, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION, O_RDONLY) = 3 open(/usr/lib/gconv/gconv-modules.cache, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_MEASUREMENT, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_MEASUREMENT, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_TELEPHONE, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_TELEPHONE, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_ADDRESS, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_ADDRESS, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_NAME, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_NAME, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_PAPER, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_PAPER, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_MESSAGES, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_MESSAGES, O_RDONLY) = 3 open(/usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_MONETARY, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_MONETARY, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_COLLATE, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_COLLATE, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_TIME, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_TIME, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_NUMERIC, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_NUMERIC, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_CTYPE, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_CTYPE, O_RDONLY) = 3 open(/etc/nsswitch.conf, O_RDONLY)= 3 open(/etc/ld.so.cache, O_RDONLY) = 3 open(/lib/libnss_compat.so.2, O_RDONLY) = 3 open(/lib/libnsl.so.1, O_RDONLY) = 3 open(/etc/ld.so.cache, O_RDONLY) = 3 open(/lib/libnss_nis.so.2, O_RDONLY) = 3 open(/lib/libnss_files.so.2, O_RDONLY) = 3 open(/etc/passwd, O_RDONLY) = 3 open(/etc/pam.d/chage, O_RDONLY|O_LARGEFILE) = 3 open(/lib/security/pam_rootok.so, O_RDONLY) = 4 open(/lib/security/pam_permit.so, O_RDONLY) = 4 open(/etc/pam.d/system-auth, O_RDONLY|O_LARGEFILE) = 4 open(/lib/security/pam_unix.so, O_RDONLY) = 5 open(/etc/pam.d/other, O_RDONLY|O_LARGEFILE) = 3 open(/lib/security/pam_deny.so, O_RDONLY) = 4 open(/etc/passwd, O_RDONLY) = 3 open(/etc/shadow, O_RDONLY) = -1 EACCES (Permission denied) chage: PAM authentication failed $ sudo strace -eopen chage -l marduk open(/etc/ld.so.cache, O_RDONLY) = 3 open(/lib/libcrypt.so.1, O_RDONLY)= 3 open(/lib/libpam_misc.so.0, O_RDONLY) = 3 open(/lib/libpam.so.0, O_RDONLY) = 3 open(/lib/libdl.so.2, O_RDONLY) = 3 open(/lib/libc.so.6, O_RDONLY)= 3 open(/usr/lib/locale/locale-archive, O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open(/usr/share/locale/locale.alias, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_IDENTIFICATION, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION, O_RDONLY) = 3 open(/usr/lib/gconv/gconv-modules.cache, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_MEASUREMENT, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_MEASUREMENT, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_TELEPHONE, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_TELEPHONE, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_ADDRESS, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_ADDRESS, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_NAME, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_NAME, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_PAPER, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_PAPER, O_RDONLY) = 3 open(/usr/lib/locale/en_US.UTF-8/LC_MESSAGES, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/locale/en_US.utf8/LC_MESSAGES, O_RDONLY) = 3
Re: [gentoo-user] chage can't open /etc/passwd
Quoting Albert Hopkins [EMAIL PROTECTED]: open(/lib/security/pam_deny.so, O_RDONLY) = 4 open(/etc/passwd, O_RDONLY) = 3 open(/etc/shadow, O_RDONLY) = -1 EACCES (Permission denied) chage: PAM authentication failed That's normal. You're running chage from strace ;) open(/etc/passwd, O_RDONLY) = 3 open(/etc/shadow, O_RDONLY) = 3 chage: can't open password file open(/etc/localtime, O_RDONLY)= 3 Hm... Can you run strace without -eopen? Regards, Norberto This message was sent using IMP, the Internet Messaging Program. -- [EMAIL PROTECTED] mailing list
