Root Password Change timesAuthentication token manipulation ErrorError:
In Linux, the account password is stored in the/etc/shadow file. To change the account password, you must modify the shadow file. Will this error be caused by the failure of the root user to modify it?
The default permission of the/etc/shadow file is 000, but under normal circumstances, the root user should have read and write permissions for files with the permission of 000. Here I think there are some hidden permissions in the Linux system file. Execute the lsattr/etc/shadow command to return:
"A" indicates that the object can only be appended, but cannot be modified or deleted. In this case, the account password cannot be modified.
Run the chattr-A/etc/shadow command to change the root password again:
For the error "authentication token manipulation error", there are some other online statements: /etc/passwd/etc/shadow file is not synchronized, disk space is insufficient, inode is full,/etc/PAM. d/passwd-related dynamic library file problems, troubleshoot one by one according to your own system conditions.
A brief review of lsattr and chattr usage:
1. lsattr commandLists the hidden permissions of files or directories. format:lsattr [ -RVad ] [ files… ]
Common options:
| Option | Description |
|---|---|
| R | Recursively print permissions for all files and subdirectories in a directory |
| V | Print the lsattr program version. |
| A | Permission to print all files and directories under a directory |
| D | Print directory permissions, excluding files under the Directory |
Modify the hidden permissions of a file or directory. format:chattr [ -RV ] [ mode ] files…
Common options:
| Option | Description |
|---|---|
| R | Recursively Change permissions for all files and subdirectories in a directory |
| V | Print the chattr program version and execution result. |
| Mode | Expression used to change specific permissions. Format: = +-[iaascdjsu] |
Mode expression description:
"=" Sets the permission for the specified parameter "+" adds the permission for the specified parameter "-" removes the permission for the specified parameter. The I file cannot be deleted, renamed, or set the link relationship, at the same time, you cannot write or add new content (even the root user). Only the root user can set this attribute. File a cannot be deleted, renamed, or modified, the atime (access time) of file a can only be appended and cannot be modified. This can reduce the number of disk I/O operations. It is helpful for the laptop to improve its endurance, similar to syncc, files are automatically compressed before being stored, during reading, the file will be automatically decompressed. The D setting file cannot be the backup target of the dump program. j sets this parameter to enable the file system to be mounted through the Mount parameter "Data = ordered" or "Data = writeback "., the file is first recorded (in Journal) when it is written ). If the filesystem parameter is set to data = Journal, this parameter will automatically fail the S confidentiality option. When a file with the S attribute is deleted, all its data blocks will be written to the 0u option for reverse deletion. In contrast to s, when a file is deleted, all its data blocks are retained, and users can restore the file in the future.Reference: 53215060
Authentication token manipulation Error
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
