- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: Cant modify the user properties
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2008 07:30 AM
тАО02-04-2008 07:30 AM
Infact we were doing a h/w migration and not sure if any files were missed to copy.
# vipw
vipw: Can't set context for /etc/ptmpvipw: /etc/ptmp: Invalid argument
vipw: /etc/passwd unchanged
# usermod -c "Modi Jagdish" modij
usermod: cannot rewrite password file
any hints would be apprecaited
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2008 10:49 AM
тАО02-04-2008 10:49 AM
Re: Cant modify the user properties
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2008 11:13 AM
тАО02-04-2008 11:13 AM
SolutionIt seems a SELinux related problem, if you have SELinux enabled, you probably need to relabel the system. If you don't use SELinux, consider disabling it.
See getenforce/setenforce man pages.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2008 11:57 AM
тАО02-04-2008 11:57 AM
Re: Cant modify the user properties
Disabling SELinux fixed the problem.
# getenforce
Permissive
I have other systems where "SELINUX=enforcing" is set. Those are working fine too. So that make a little confused. Could some one explain that..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2008 12:04 PM
тАО02-04-2008 12:04 PM
Re: Cant modify the user properties
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2008 12:11 PM
тАО02-04-2008 12:11 PM
Re: Cant modify the user properties
SELINUX="disabled"
>>>> I have other systems where "SELINUX=enforcing" is set. Those are working fine too. So that make a little confused. Could some one explain that..
Is hard to explain, but when SELinux is enabled, there are additional attributes on files/commands, called context. When you copy/move files, the context may not be retained. There are commands to change the context, and relabeling the system restore the context to defaults.
For example, SELinux may ve a policy where it states that commands with the context "passwd_exec_t" may modify files with contexts "passwd_t". If the context is missing, then the modifications won't be allowed. This is just one example, context names will be different.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2008 12:13 PM
тАО02-04-2008 12:13 PM
Re: Cant modify the user properties
-rw-r--r-- root root system_u:object_r:etc_t:s0 /etc/group
-rw-r--r-- root root system_u:object_r:etc_t:s0 /etc/passwd
If the context is different (the 'sustem_u:object_r:etc_t:s0' bit), then these need to be restored to their default values. You can use the 'restorecon' command:
restorecon /etc/{passwd,group}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2008 12:51 PM
тАО02-04-2008 12:51 PM
Re: Cant modify the user properties
SELinux is 'Security Enhanced Linux'. It was developed with/for the NSA and takes the security model of Linux and extends it quite considerably, allowing files, network resources and devices to be accessed by given processes or users within a given security context.
What does this mean? An exmaple.
If you run a web server on your machine, it will run in a context of 'httpd_exec_t'. It can access files which have a context of 'httpd_sys_content_t'. If you look at 'ls -Z /usr/sbin/httpd /var/www', you'll see these contexts.
It also means that if your server is running in SELinux = Enforcing, the web server will not be able to access any file without that context, even if the file permissions are 777.
As a test of SELinux when it was being developed, one of the developers gave root access to a machine on the 'net, with the simple challenge of 'Do anything'. All failed. What he did was tie the system's contexts down so tight, that even 'root' was incapable of doing anything.
Perhaps it would be easier to read http://www.nsa.gov/selinux/ .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-04-2008 11:00 PM
тАО02-04-2008 11:00 PM
Re: Cant modify the user properties
SELINUX=disabled
otherwise, you'll get the same behaviour after reboot.
If you want to check the current mode:
getenforce
If you want temporarily (until the next reboot) to switch between enforcing/permissive modes:
setenforce 1/0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-05-2008 06:56 AM
тАО02-05-2008 06:56 AM