Wenn ich versuche, einen Benutzer als root hinzuzufügen oder zu löschen, wird folgende Fehlermeldung angezeigt:
useradd: kann / etc / passwd nicht sperren; versuchen Sie es später erneut.
Nachdem ich viele Beiträge durchgesehen habe, habe ich keinen der üblichen Verdächtigen:
Keine Sperrdateien.
[root@r6 /]# ls -al /etc/*.lock
ls: cannot access /etc/*.lock: No such file or directory
Wurzel ist nicht voll
/ dev / sda1 40G 6,0G 32G 16% /
Inodes sind nicht voll
[root@r6 /]# df -i /etc
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda1 2621440 68931 2552509 3% /
Root ist RW montiert
/ dev / sda1 on / type ext4 (rw)
Aus dem gleichen Grund kann ich / etc / shadow oder / etc / passwd nicht in / etc. Kopieren
Zum Beispiel:
[root@r6 /]# cp /etc/passwd /etc/passwd.8122015
cp: cannot create regular file `/etc/passwd.8122015': Permission denied
Ich mache all diese Befehle als root. Ich habe mich beim Server angemeldet und sudo su-.
Jede Hilfe wäre großartig. Ich habe den ganzen Tag gekämpft.
strace -o / root / blah -ff useradd gmiller
cat /root/blah.30644
execve("/usr/sbin/useradd", ["useradd", "gmiller"], [/* 21 vars */]) = 0
brk(0) = 0x7f0388d2b000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878df000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=39702, ...}) = 0
mmap(NULL, 39702, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f03878d5000
close(3) = 0
open("/lib64/libaudit.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20( r5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=144208, ...}) = 0
mmap(NULL, 2236976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f038749e000
mprotect(0x7f03874b5000, 2097152, PROT_NONE) = 0
mmap(0x7f03876b5000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f03876b5000
close(3) = 0
open("/lib64/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320X\240q5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=124624, ...}) = 0
mmap(NULL, 2221912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f038727f000
mprotect(0x7f038729c000, 2093056, PROT_NONE) = 0
mmap(0x7f038749b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f038749b000
mmap(0x7f038749d000, 1880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f038749d000
close(3) = 0
open("/lib64/libacl.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\36 w5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=33816, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d4000
mmap(NULL, 2126416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0387077000
mprotect(0x7f038707e000, 2093056, PROT_NONE) = 0
mmap(0x7f038727d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f038727d000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\356!p5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1926800, ...}) = 0
mmap(NULL, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0386ce3000
mprotect(0x7f0386e6d000, 2097152, PROT_NONE) = 0
mmap(0x7f038706d000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7f038706d000
mmap(0x7f0387072000, 18696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0387072000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\240p5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0386adf000
mprotect(0x7f0386ae1000, 2097152, PROT_NONE) = 0
mmap(0x7f0386ce1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f0386ce1000
close(3) = 0
open("/lib64/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\23\340t5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=21152, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d3000
mmap(NULL, 2113888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f03868da000
mprotect(0x7f03868de000, 2093056, PROT_NONE) = 0
mmap(0x7f0386add000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f0386add000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d2000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d0000
arch_prctl(ARCH_SET_FS, 0x7f03878d07a0) = 0
mprotect(0x7f0386add000, 4096, PROT_READ) = 0
mprotect(0x7f0386ce1000, 4096, PROT_READ) = 0
mprotect(0x7f038706d000, 16384, PROT_READ) = 0
mprotect(0x7f038727d000, 4096, PROT_READ) = 0
mprotect(0x7f038749b000, 4096, PROT_READ) = 0
mprotect(0x7f03876b5000, 4096, PROT_READ) = 0
mprotect(0x7f0387af9000, 4096, PROT_READ) = 0
mprotect(0x7f03878e0000, 4096, PROT_READ) = 0
munmap(0x7f03878d5000, 39702) = 0
statfs("/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
statfs("/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
stat("/selinux", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
brk(0) = 0x7f0388d2b000
brk(0x7f0388d4c000) = 0x7f0388d4c000
socket(PF_NETLINK, SOCK_RAW, 9) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f0380a49000
close(4) = 0
open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 4
read(4, "65536\n", 31) = 6
close(4) = 0
mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f038784f000
access("/etc/shadow", F_OK) = 0
access("/etc/gshadow", F_OK) = 0
open("/etc/default/useradd", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0600, st_size=119, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "# useradd defaults file\nGROUP=10"..., 4096) = 119
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(5) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(5) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878dd000
read(5, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1688
read(5, "", 4096) = 0
close(5) = 0
munmap(0x7f03878dd000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=39702, ...}) = 0
mmap(NULL, 39702, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f0387845000
close(5) = 0
open("/lib64/libnss_files.so.2", O_RDONLY) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f038083b000
mprotect(0x7f0380847000, 2097152, PROT_NONE) = 0
mmap(0x7f0380a47000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xc000) = 0x7f0380a47000
close(5) = 0
mprotect(0x7f0380a47000, 4096, PROT_READ) = 0
munmap(0x7f0387845000, 39702) = 0
open("/etc/group", O_RDONLY|O_CLOEXEC) = 5
fcntl(5, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fstat(5, {st_mode=S_IFREG|0644, st_size=1188, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878dd000
read(5, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 4096) = 1188
close(5) = 0
munmap(0x7f03878dd000, 4096) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/etc/login.defs", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1814, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "#\n# Please note that the paramet"..., 4096) = 1814
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=2342, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2342
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1188, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 4096) = 1188
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/etc/.pwd.lock", O_WRONLY|O_CREAT|O_CLOEXEC, 0600) = 4
fcntl(4, F_GETFD) = 0x1 (flags FD_CLOEXEC)
rt_sigaction(SIGALRM, {0x7f0386dd2180, ~[], SA_RESTORER, 0x7f0386d156a0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [], 8) = 0
alarm(15) = 0
fcntl(4, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 15
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL, [], SA_RESTORER, 0x7f0386d156a0}, NULL, 8) = 0
getpid() = 30644
open("/etc/passwd.30644", O_WRONLY|O_CREAT|O_EXCL, 0600) = 5
write(5, "30644\0", 6) = 6
close(5) = 0
link("/etc/passwd.30644", "/etc/passwd.lock") = -1 EACCES (Permission denied)
open("/etc/passwd.lock", O_RDWR) = -1 ENOENT (No such file or directory)
unlink("/etc/passwd.30644") = 0
close(4) = 0
open("/usr/share/locale/locale.alias", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "# Locale name alias data base.\n#"..., 4096) = 2512
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "useradd: cannot lock /etc/passwd"..., 51) = 51
exit_group(1) = ?
+++ exited with 1 +++
Gelöst! Der Mcafee HIPs-Agent hat verhindert, dass Kennwort- und Schattendateien im Verzeichnis / etc / erstellt werden.
Hier ist ein Link zum KB-Artikel, der zeigt, wie der Agent gestoppt wird:
touch /etc/foo
Gibt es hier auch ein Host-Intrusion-Protection-System (Selinux, Symantec, Mcafee)?
/proc/mounts
und dmesg
nur für den Fall wurde das Root - Dateisystem schreibgeschützt gemountet. Es wird nicht immer in der mount
Ausgabe des Befehls angezeigt.