Khi tôi cố gắng thêm người dùng hoặc xóa người dùng, với quyền root, tôi gặp lỗi sau:
useradd: không thể khóa / etc / passwd; thử lại sau.
Sau khi tìm kiếm nhiều bài viết, tôi không có bất kỳ nghi ngờ thông thường nào:
Không có tập tin khóa.
[root@r6 /]# ls -al /etc/*.lock
ls: cannot access /etc/*.lock: No such file or directory
Root không đầy đủ
/ dev / sda1 40G 6.0G 32G 16% /
Các nút không đầy đủ
[root@r6 /]# df -i /etc
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda1 2621440 68931 2552509 3% /
Root được gắn RW
/ dev / sda1 trên / loại ext4 (rw)
Cùng một lưu ý, tôi không thể sao chép / etc / bóng hoặc / etc / passwd trong / etc
Ví dụ:
[root@r6 /]# cp /etc/passwd /etc/passwd.8122015
cp: cannot create regular file `/etc/passwd.8122015': Permission denied
Tôi đang thực hiện tất cả các lệnh này với quyền root. Tôi đăng nhập vào máy chủ và sudo su-.
Bất kỳ sự trợ giúp nào đều sẽ là tuyệt vời. Tôi đã chiến đấu với điều này cả ngày.
strace -o / root / blah -ff useradd gmiller
mèo /root / bl.30.3044
execve("/usr/sbin/useradd", ["useradd", "gmiller"], [/* 21 vars */]) = 0
brk(0) = 0x7f0388d2b000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878df000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=39702, ...}) = 0
mmap(NULL, 39702, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f03878d5000
close(3) = 0
open("/lib64/libaudit.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20( r5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=144208, ...}) = 0
mmap(NULL, 2236976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f038749e000
mprotect(0x7f03874b5000, 2097152, PROT_NONE) = 0
mmap(0x7f03876b5000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f03876b5000
close(3) = 0
open("/lib64/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320X\240q5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=124624, ...}) = 0
mmap(NULL, 2221912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f038727f000
mprotect(0x7f038729c000, 2093056, PROT_NONE) = 0
mmap(0x7f038749b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c000) = 0x7f038749b000
mmap(0x7f038749d000, 1880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f038749d000
close(3) = 0
open("/lib64/libacl.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\36 w5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=33816, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d4000
mmap(NULL, 2126416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0387077000
mprotect(0x7f038707e000, 2093056, PROT_NONE) = 0
mmap(0x7f038727d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f038727d000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\356!p5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1926800, ...}) = 0
mmap(NULL, 3750152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0386ce3000
mprotect(0x7f0386e6d000, 2097152, PROT_NONE) = 0
mmap(0x7f038706d000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18a000) = 0x7f038706d000
mmap(0x7f0387072000, 18696, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0387072000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\240p5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0386adf000
mprotect(0x7f0386ae1000, 2097152, PROT_NONE) = 0
mmap(0x7f0386ce1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f0386ce1000
close(3) = 0
open("/lib64/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\23\340t5\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=21152, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d3000
mmap(NULL, 2113888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f03868da000
mprotect(0x7f03868de000, 2093056, PROT_NONE) = 0
mmap(0x7f0386add000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f0386add000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d2000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878d0000
arch_prctl(ARCH_SET_FS, 0x7f03878d07a0) = 0
mprotect(0x7f0386add000, 4096, PROT_READ) = 0
mprotect(0x7f0386ce1000, 4096, PROT_READ) = 0
mprotect(0x7f038706d000, 16384, PROT_READ) = 0
mprotect(0x7f038727d000, 4096, PROT_READ) = 0
mprotect(0x7f038749b000, 4096, PROT_READ) = 0
mprotect(0x7f03876b5000, 4096, PROT_READ) = 0
mprotect(0x7f0387af9000, 4096, PROT_READ) = 0
mprotect(0x7f03878e0000, 4096, PROT_READ) = 0
munmap(0x7f03878d5000, 39702) = 0
statfs("/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
statfs("/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
stat("/selinux", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
brk(0) = 0x7f0388d2b000
brk(0x7f0388d4c000) = 0x7f0388d4c000
socket(PF_NETLINK, SOCK_RAW, 9) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0
mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f0380a49000
close(4) = 0
open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 4
read(4, "65536\n", 31) = 6
close(4) = 0
mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f038784f000
access("/etc/shadow", F_OK) = 0
access("/etc/gshadow", F_OK) = 0
open("/etc/default/useradd", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0600, st_size=119, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "# useradd defaults file\nGROUP=10"..., 4096) = 119
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(5) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
connect(5, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(5) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878dd000
read(5, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1688
read(5, "", 4096) = 0
close(5) = 0
munmap(0x7f03878dd000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=39702, ...}) = 0
mmap(NULL, 39702, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f0387845000
close(5) = 0
open("/lib64/libnss_files.so.2", O_RDONLY) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f038083b000
mprotect(0x7f0380847000, 2097152, PROT_NONE) = 0
mmap(0x7f0380a47000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xc000) = 0x7f0380a47000
close(5) = 0
mprotect(0x7f0380a47000, 4096, PROT_READ) = 0
munmap(0x7f0387845000, 39702) = 0
open("/etc/group", O_RDONLY|O_CLOEXEC) = 5
fcntl(5, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fstat(5, {st_mode=S_IFREG|0644, st_size=1188, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878dd000
read(5, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 4096) = 1188
close(5) = 0
munmap(0x7f03878dd000, 4096) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/etc/login.defs", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1814, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "#\n# Please note that the paramet"..., 4096) = 1814
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=2342, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2342
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1188, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "root:x:0:\nbin:x:1:bin,daemon\ndae"..., 4096) = 1188
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/etc/.pwd.lock", O_WRONLY|O_CREAT|O_CLOEXEC, 0600) = 4
fcntl(4, F_GETFD) = 0x1 (flags FD_CLOEXEC)
rt_sigaction(SIGALRM, {0x7f0386dd2180, ~[], SA_RESTORER, 0x7f0386d156a0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [ALRM], [], 8) = 0
alarm(15) = 0
fcntl(4, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 15
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL, [], SA_RESTORER, 0x7f0386d156a0}, NULL, 8) = 0
getpid() = 30644
open("/etc/passwd.30644", O_WRONLY|O_CREAT|O_EXCL, 0600) = 5
write(5, "30644\0", 6) = 6
close(5) = 0
link("/etc/passwd.30644", "/etc/passwd.lock") = -1 EACCES (Permission denied)
open("/etc/passwd.lock", O_RDWR) = -1 ENOENT (No such file or directory)
unlink("/etc/passwd.30644") = 0
close(4) = 0
open("/usr/share/locale/locale.alias", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f03878de000
read(4, "# Locale name alias data base.\n#"..., 4096) = 2512
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f03878de000, 4096) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "useradd: cannot lock /etc/passwd"..., 51) = 51
exit_group(1) = ?
+++ exited with 1 +++
Đã giải quyết! Tác nhân Mcafee HIPs đã ngăn chặn các tập tin mật khẩu và bóng tối được tạo trong thư mục / etc /.
Đây là một liên kết đến bài viết KB chỉ ra cách dừng tác nhân:
Kiểm tra trạng thái: bạn cũng root khi khởi chạy useradd? bạn có thể vui lòng hiển thị toàn bộ lệnh bạn đang gõ không?
—
Thịt xông khói
[root @ r6 vv] # useradd gmiller
—
user1712037
Bạn có thể tạo bất kỳ tập tin trong / etc?
—
steve
touch /etc/foo Ngoài ra, bất kỳ hệ thống bảo vệ xâm nhập máy chủ đang chơi ở đây (selinux, Symantec, Mcafee)?
Bạn có thể kiểm tra
—
Bratchley
/proc/mountsvà dmesgchỉ trong trường hợp hệ thống tập tin gốc được gắn kết chỉ đọc. Nó không luôn luôn hiển thị trong mountđầu ra của lệnh.
Ngoài ra, bạn có thể thử cưỡng bức lại nó chỉ để xóa trạng thái đó nếu nó được đặt ở chế độ chỉ đọc.
—
Bratchley