HPE Community
Operating System - HP-UX
1833813 Members
2911 Online
110063 Solutions
New Discussion

Re: user block and i erase him, don't allow creat him after

 
Joaquín_2
Advisor

‎03-04-2005 04:19 AM

‎03-04-2005 04:19 AM

user block and i erase him, don't allow creat him after

I have a trusted system and from this evening some users are being deactivated by the system. From sam it does not allow me to turn on them to activating. Then what I have done is to delete user and after to try to create them, but sam does not leave me either.

Also I have tried to create them with the command useradd, but it says me 'Cannot add the entry' and looking at the value that returns the order I see that it is the code 16. This code is that cannot write in etc/passwd.

¿have you know occurrs this and how do it work good?

Today we have change date backwards some times. Can this influence something?

i'sorry by my english


thank'
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎03-04-2005 04:24 AM

‎03-04-2005 04:24 AM

Re: user block and i erase him, don't allow creat him after

I would think one of a few things:

1) root fs / may be full
2) There may be a problem in the passwd files

pwck

grpck

Will check the consistency of these files.

bdf will give you a read on root fs space.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Joaquín_2
Advisor

‎03-04-2005 04:33 AM

‎03-04-2005 04:33 AM

Re: user block and i erase him, don't allow creat him after

the root / system not full it is at 57%

the command pwck and grpck

/-> pwck

smbnull:*:101:101:DO NOT USE OR DELETE - needed by Samba:/home/smbnull:/sbin/sh
Login directory not found

webadmin:*:40:1::/usr/obam/server/nologindir:/usr/bin/false
Login directory not found

marc:*:103:108:,,,:/home/marc:/usr/bin/sh
Login directory not found

tftp:*:510:1:Trivial FTP user:/usr/tftpdir:false
Optional shell file not found
/-> grpck
/->

0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎03-04-2005 05:04 AM

‎03-04-2005 05:04 AM

Re: user block and i erase him, don't allow creat him after

Hi Joaquin,

First see why they're deactivated

/usr/lbin/getprpw -m lockout user_name

Then how are you trying to re-activate them?
Normally it would be:

/usr/lbin/modprpw -k user_name

But if the user's PW is missing or "*" then you'd need to set a PW for the user, inform them of it & force them to change it at the next login

passwd user_name
/usr/lbin/modprpw -e user_name

HTH,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Joaquín_2
Advisor

‎03-04-2005 05:15 AM

‎03-04-2005 05:15 AM

Re: user block and i erase him, don't allow creat him after

hello Jeff

all command's
/usr/lbin/getprpw -m aromero
return
user password file not found: aromero

or

/home/banon/listados-> /usr/lbin/modprpw -e aromero
user password file not found: aromero

0 Kudos
Reply
Joaquín_2
Advisor

‎03-04-2005 05:20 AM

‎03-04-2005 05:20 AM

Re: user block and i erase him, don't allow creat him after

hi jeff
i have forgotten say you that the passwd command return me this . It is very important


/home/banon/listados-> passwd aromero

Password cannot be changed. Reason: Cannot access protected password entry.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎03-04-2005 12:34 PM

‎03-04-2005 12:34 PM

Re: user block and i erase him, don't allow creat him after

Someone with root privileges has modified, removed files or perhaps even removed the /tcb directory. The structure is:

/tcb/files/auth

and there will be a set of 1-character directories, one for each letter of the alphabet. For each user in the /etc/passwd file, there will be an entry underneath the directory that starts their user name, for instance, root will be in the r directory.

If the files are there, then perhaps the permissions and ownerships have been damaged. The directories should be:

555 /tcb
775 /files
775 /auth
770 all the 1-character directories
(all above owned by root/sys)

664 all the files in 1-character directories
(all owned by root/root)

and make sure that / is correct:

755 / owned by root/sys

Also check /etc/fstab and look for nosuid on any of the mountpoints. It should never be used on /opt, /usr or /. Only /home, /var and /var/tmp should have the nosuid option.

The problem you are seeing is not due to changing the date.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.