Wenn ich versuche, einen Benutzer als root hinzuzufügen oder zu löschen, wird folgende Fehlermeldung angezeigt:
useradd: kann / etc / passwd nicht sperren; versuchen Sie es später erneut.
Nachdem ich viele Beiträge durchgesehen habe, habe ich keinen der üblichen Verdächtigen:
Keine Sperrdateien.
[root@r6 /]# ls -al /etc/*.lock
ls: cannot access /etc/*.lock: No such file or directory
Wurzel ist nicht voll
/ dev / sda1 40G 6,0G 32G 16% /
Inodes sind nicht voll
[root@r6 /]# df -i /etc
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda1 2621440 68931 2552509 3% /
Root ist RW montiert
/ dev / sda1 on / type ext4 (rw)
Aus dem gleichen Grund kann ich / etc / shadow oder / etc / passwd nicht in / etc. Kopieren
Zum Beispiel:
[root@r6 /]# cp /etc/passwd /etc/passwd.8122015
cp: cannot create regular file `/etc/passwd.8122015': Permission denied
Ich mache all diese Befehle als root. Ich habe mich beim Server angemeldet und sudo su-.
Jede Hilfe wäre großartig. Ich habe den ganzen Tag gekämpft.
strace -o / root / blah -ff useradd gmiller
cat /root/blah.30644
execve("/usr/sbin/useradd", ["useradd", "gmiller"], [/* 21 vars */]) = 0
brk(0) = 0x7f0388d2b000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878df000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=39702, ...}) = 0
mmap(NULL, 39702, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f03878d5000
close(3) = 0
open("/lib64/libaudit.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20( r5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=144208, ...}) = 0
mmap(NULL, 2236976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f038749e000
mprotect(0x7f03874b5000, 2097152, PROT_NONE) = 0
mmap(0x7f03876b5000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f03876b5000
close(3) = 0
open("/lib64/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320X\240q5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=124624, ...}) = 0
mmap(NULL, 2221912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f038727f000
mprotect(0x7f038729c000, 2093056, PROT_NONE) = 0
mmap(0x7f038749b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f038749b000
mmap(0x7f038749d000, 1880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f038749d000
close(3) = 0
open("/lib64/libacl.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\36 w5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=33816, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d4000
mmap(NULL, 2126416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0387077000
mprotect(0x7f038707e000, 2093056, PROT_NONE) = 0
mmap(0x7f038727d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f038727d000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\356!p5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1926800, ...}) = 0
mmap(NULL, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0386ce3000
mprotect(0x7f0386e6d000, 2097152, PROT_NONE) = 0
mmap(0x7f038706d000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7f038706d000
mmap(0x7f0387072000, 18696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0387072000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\240p5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0386adf000
mprotect(0x7f0386ae1000, 2097152, PROT_NONE) = 0
mmap(0x7f0386ce1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f0386ce1000
close(3) = 0
open("/lib64/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\23\340t5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=21152, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d3000
mmap(NULL, 2113888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f03868da000
mprotect(0x7f03868de000, 2093056, PROT_NONE) = 0
mmap(0x7f0386add000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f0386add000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d2000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d0000
arch_prctl(ARCH_SET_FS, 0x7f03878d07a0) = 0
mprotect(0x7f0386add000, 4096, PROT_READ) = 0
mprotect(0x7f0386ce1000, 4096, PROT_READ) = 0
mprotect(0x7f038706d000, 16384, PROT_READ) = 0
mprotect(0x7f038727d000, 4096, PROT_READ) = 0
mprotect(0x7f038749b000, 4096, PROT_READ) = 0
mprotect(0x7f03876b5000, 4096, PROT_READ) = 0
mprotect(0x7f0387af9000, 4096, PROT_READ) = 0
mprotect(0x7f03878e0000, 4096, PROT_READ) = 0
munmap(0x7f03878d5000, 39702) = 0
statfs("/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
statfs("/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
stat("/selinux", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
brk(0) = 0x7f0388d2b000
brk(0x7f0388d4c000) = 0x7f0388d4c000
socket(PF_NETLINK, SOCK_RAW, 9) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f0380a49000
close(4) = 0
open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 4
read(4, "65536\n", 31) = 6
close(4) = 0
mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f038784f000
access("/etc/shadow", F_OK) = 0
access("/etc/gshadow", F_OK) = 0
open("/etc/default/useradd", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0600, st_size=119, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "# useradd defaults file\nGROUP=10"..., 4096) = 119
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(5) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(5) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878dd000
read(5, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1688
read(5, "", 4096) = 0
close(5) = 0
munmap(0x7f03878dd000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=39702, ...}) = 0
mmap(NULL, 39702, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f0387845000
close(5) = 0
open("/lib64/libnss_files.so.2", O_RDONLY) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f038083b000
mprotect(0x7f0380847000, 2097152, PROT_NONE) = 0
mmap(0x7f0380a47000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xc000) = 0x7f0380a47000
close(5) = 0
mprotect(0x7f0380a47000, 4096, PROT_READ) = 0
munmap(0x7f0387845000, 39702) = 0
open("/etc/group", O_RDONLY|O_CLOEXEC) = 5
fcntl(5, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fstat(5, {st_mode=S_IFREG|0644, st_size=1188, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878dd000
read(5, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 4096) = 1188
close(5) = 0
munmap(0x7f03878dd000, 4096) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/etc/login.defs", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1814, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "#\n# Please note that the paramet"..., 4096) = 1814
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=2342, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2342
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1188, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 4096) = 1188
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/etc/.pwd.lock", O_WRONLY|O_CREAT|O_CLOEXEC, 0600) = 4
fcntl(4, F_GETFD) = 0x1 (flags FD_CLOEXEC)
rt_sigaction(SIGALRM, {0x7f0386dd2180, ~[], SA_RESTORER, 0x7f0386d156a0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [], 8) = 0
alarm(15) = 0
fcntl(4, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 15
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL, [], SA_RESTORER, 0x7f0386d156a0}, NULL, 8) = 0
getpid() = 30644
open("/etc/passwd.30644", O_WRONLY|O_CREAT|O_EXCL, 0600) = 5
write(5, "30644\0", 6) = 6
close(5) = 0
link("/etc/passwd.30644", "/etc/passwd.lock") = -1 EACCES (Permission denied)
open("/etc/passwd.lock", O_RDWR) = -1 ENOENT (No such file or directory)
unlink("/etc/passwd.30644") = 0
close(4) = 0
open("/usr/share/locale/locale.alias", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "# Locale name alias data base.\n#"..., 4096) = 2512
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "useradd: cannot lock /etc/passwd"..., 51) = 51
exit_group(1) = ?
+++ exited with 1 +++
Gelöst! Der Mcafee HIPs-Agent hat verhindert, dass Kennwort- und Schattendateien im Verzeichnis / etc / erstellt werden.
Hier ist ein Link zum KB-Artikel, der zeigt, wie der Agent gestoppt wird:
touch /etc/fooGibt es hier auch ein Host-Intrusion-Protection-System (Selinux, Symantec, Mcafee)?/proc/mountsunddmesgnur für den Fall wurde das Root - Dateisystem schreibgeschützt gemountet. Es wird nicht immer in dermountAusgabe des Befehls angezeigt.Antworten:
Was zeigt strace?
Insbesondere würde die Datei "/etc/.pwd.lock" von Ihrem Globus "/etc/*.lock" nicht gefunden.
quelle
link("/etc/passwd.30644", "/etc/passwd.lock") = -1 EACCES (Permission denied): Dies ist, nachdemuseraddDaten geschrieben werden können/etc/passwd.30644, sodass das Dateisystem nicht schreibgeschützt ist. Wenn Sielink(2)angeben, warum ein Link nicht hergestellt werden kann, wird angezeigt, dass das Dateisystem die Erstellung von Hardlinks nicht unterstützt. Dies bedeutet, dass Sie entweder ein seltsames Dateisystem haben oder eine seltsame Dateisystem-ACL etwas blockiert oder eine "Sicherheits" -Bibliothek wie Selinux oder Apparmour sticht dich zurück. Selinux hat ein Protokoll, das einen Blick wert sein könnte ...