On fedora 23 the following command does not work anymore: $ passwd -u username Unlocking password for user username. passwd: Libuser error at line: 171 - Invalid contents of lock `/etc/shadow.lock'. passwd: Error (password not set?)
What can I do to unlock this user?
Frédéric
On 12/03/2015 10:37 AM, Frédéric Bron wrote:
On fedora 23 the following command does not work anymore: $ passwd -u username Unlocking password for user username. passwd: Libuser error at line: 171 - Invalid contents of lock `/etc/shadow.lock'. passwd: Error (password not set?)
What can I do to unlock this user?
Well, for one thing you'd need to do it as root--not as yourself (the shadow files have permissions 000 (only root can access them). ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - "I'd explain it to you, but your brain might explode." - ----------------------------------------------------------------------
in fact, I just had to delete the .lock file. I do not understand why it was there. Thanks, Frédéric
On 12/04/2015 05:29 AM, Frédéric Bron wrote:
in fact, I just had to delete the .lock file. I do not understand why it was there.
Many commands create a lock file so that you can't run multiple copies of the command simultaneously. If you had two users running that command, both writing to the shadow file, you could easily corrupt it.
The downside to lockfiles is if you interrupt the command somehow (CTRL-C, sigint, whatever), it may terminate without cleaning up its lock file first (poor programming, but it often happens). Future runs of the command are denied because the lock file is present and the command assumes another copy of itself is already running.
Example in shell script:
if [ -e /tmp/lockfile ]; then echo "Lockfile found, exiting" exit 1 fi
touch /tmp/lockfile (do stuff) rm -f /tmp/lockfile exit 0
To make sure the lockfile gets deleted, you must create a function that deletes the lockfile, and specify that function in a trap call to trap SIGINT, SIGTERM, etc. That way it cleans up after itself if you abort it.
You get the idea. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Try to look unimportant. The bad guys may be low on ammo. - ----------------------------------------------------------------------
On Fri, 2015-12-04 at 09:30 -0800, Rick Stevens wrote:
To make sure the lockfile gets deleted, you must create a function that deletes the lockfile, and specify that function in a trap call to trap SIGINT, SIGTERM, etc. That way it cleans up after itself if you abort it.
For Shell scripts you can also trap on EXIT (a pseudo-signal that triggers when the Shell is about to return normally).
However this isn't enough if the system crashes. For completeness you also need code to clean up expired lock files e.g. on system reboot.
poc
On 12/04/2015 10:59 AM, Patrick O'Callaghan wrote:
On Fri, 2015-12-04 at 09:30 -0800, Rick Stevens wrote:
To make sure the lockfile gets deleted, you must create a function that deletes the lockfile, and specify that function in a trap call to trap SIGINT, SIGTERM, etc. That way it cleans up after itself if you abort it.
For Shell scripts you can also trap on EXIT (a pseudo-signal that triggers when the Shell is about to return normally).
Yup. "man bash" and search for the "trap" built-in to see those pseudo signals (EXIT, DEBUG, ERR and RETURN).
However this isn't enough if the system crashes. For completeness you also need code to clean up expired lock files e.g. on system reboot.
Yes. I was just using that shell script as an example of what lockfiles are for and why there are crumbs left over on occasion. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - "I understand Windows 2000 has a Y2K problem." - ----------------------------------------------------------------------
-
Frédéric Bron -
Patrick O'Callaghan -
Rick Stevens