[brlug-general] "unable to lock password file"

Dustin Puryear dustin at puryear-it.com
Tue Oct 24 06:37:27 CDT 2006 

Does this guy work for your company? If not, what company was it? I'm
curious.

---
Puryear Information Technology, LLC
Baton Rouge, LA * 225-706-8414
http://www.puryear-it.com

Author:
  "Best Practices for Managing Linux and UNIX Servers"
  "Spam Fighting and Email Security in the 21st Century"

Download your free copies:
  http://www.puryear-it.com/publications.htm


Sunday, October 22, 2006, 6:54:53 AM, you wrote:

> Thanks for the reply Matt. I've poked around with 'lsattr' and it
> looks like he just did 'chattr -R +i /etc/*'.

> However, when I do 'lsattr /' in the root dir, I see a couple of
> dirs with an "I" attribute (/etc and /sbin). What does the "I"
> attribute mean exactly? I read the man page, and it was less than helpful. Or I'm dense. ;)

>>From 'man chattr':



> The 'I' attribute is used by the htree code to indicate that a directory
> is behind indexed using hashed trees.  It may not be set or reset using
> chattr(1),

> although it can be displayed by
> lsattr(1).

> ???

> So does this mean the "I" attribute was there by default? Does the
> "I" attribute affect a file or folders permissions?

> Thanks.

> John Hebert

> ----- Original Message ----
> From: Matthew Eastman <matt at meastman.org>
> To: general at brlug.net
> Sent: Saturday, October 21, 2006 10:35:13 PM
> Subject: Re: [brlug-general] "unable to lock password file"

> You can take a look at which special attributes are set for files
> using lsattr. Hopefully that will help you find out which files he had
> fun with.

> Matt

> On 10/21/06, John Hebert <johnahebert at yahoo.com> wrote:
>> Howdy,
>>
>> A "security analyst" made some unknown changes with 'chattr' to a server I'm administrating (yeah, I know. I'm waiting on a detailed list of changes he made.) and now I can't add or del users from /etc/passwd. When I try, I get "unable to lock password file". Also, when I try to change a user's password, I get the error "passwd: Authentication token lock busy".
>>
>> I've removed the immutable bit from /etc/passwd* and /etc/shadow* with 'chattr -i ...' and it still didn't work. I even recursively removed the immutable bit for /etc/* and _still_ can't add or delete users.
>>
>> Anybody ever see anything like this? Where does the password lock file get created? I think PAM is failing, but I'm not sure why.
>>
>> Thanks,
>> John Hebert
>>
>>
>>
>>
>>
>> _______________________________________________
>> General mailing list
>> General at brlug.net
>> http://brlug.net/mailman/listinfo/general_brlug.net
>>

> _______________________________________________
> General mailing list
> General at brlug.net
> http://brlug.net/mailman/listinfo/general_brlug.net






> _______________________________________________
> General mailing list
> General at brlug.net
> http://brlug.net/mailman/listinfo/general_brlug.net

More information about the General mailing list