Linux 密码修改报错 “Authentication token manipulation error” 的解决方法

  • A+
所属分类:Linux
高性能企业级服务器首台5折

问题现象

用户在云服务器 ECS Linux 系统中,使用 passwd 指令修改密码失败,报错:

  1. 1
    <span class="typ">Authentication</span><span class="pln"> token manipulation error</span>

blob.png

问题原因

可能的问题原因:

  • 与用户密码相关的文件设置了 -i 安全属性。
  • 与用户密码相关的文件被篡改或出现异常。

和密码管理相关的文件主要包括:

  • /etc/passwd
  • /etc/shadow
  • /etc/group
  • /etc/gshadow

处理办法

  1. 检查密码相关文件权限:
    使用 lsattr 查看相关文件的属性配置情况,对存在特殊熟属性的文件,去除后再尝试修改密码即可:

    1. 1
      <span class="pln"><span class="hljs-attribute">bash</span></span>
    2. 1
      <span class="pun">[</span><span class="pln">root@Fedora</span><span class="pun">-</span><span class="typ">Partation5</span><span class="pln"> etc</span><span class="pun">]#</span><span class="pln"> lsattr </span><span class="pun"><span class="hljs-regexp">/</span></span><span class="pln"><span class="hljs-regexp">etc</span></span><span class="com"><span class="hljs-regexp">/</span>*shadow <span class="hljs-regexp">/etc/</span>passwd <span class="hljs-regexp">/etc/g</span>roup</span>
    3. 1
      <span class="com">-<span class="ruby">------------ <span class="hljs-regexp">/etc/gshadow</span></span></span>
    4. 1
      <span class="com">-<span class="ruby">------------ <span class="hljs-regexp">/etc/shadow</span></span></span>
    5. 1
      <span class="com">-<span class="ruby">------------ <span class="hljs-regexp">/etc/passwd</span></span></span>
    6. 1
      <span class="com">-<span class="ruby">------------ <span class="hljs-regexp">/etc/group</span></span></span>
  2. 如果存在 -i 属性,则使用 chattr -i 取消该安全属性:
    1. 1
      <span class="pln"><span class="hljs-attribute">bash</span></span>
    2. 1
      <span class="pun">[</span><span class="pln">root@Fedora</span><span class="pun">-</span><span class="typ">Partation5</span><span class="pln"> etc</span><span class="pun">]<span class="hljs-selector-id">#</span></span><span class="pln"><span class="hljs-selector-id">chattr</span> </span><span class="pun">-</span><span class="pln"><span class="hljs-selector-tag">i</span>  </span><span class="pun">/</span><span class="pln">etc</span><span class="com"><span class="hljs-comment">/*shadow /etc/passwd /etc/group</span></span>
  3. 重新尝试修改密码。
  4. 如果还是不行,尝试备份 shadow 文件后重建:
    1. 1
      <span class="pln"><span class="hljs-attribute">bash</span></span>
    2. 1
      <span class="pun">[</span><span class="pln">root<span class="hljs-symbol">@Fedora</span></span><span class="pun">-</span><span class="typ">Partation5</span><span class="pln"> etc</span><span class="pun">]<span class="hljs-meta">#</span></span><span class="pln"><span class="hljs-meta"> mv shadow shadow</span></span><span class="pun"><span class="hljs-meta">.</span></span><span class="pln"><span class="hljs-meta">bak</span></span>
    3. 1
      <span class="pun">[</span><span class="pln">root<span class="hljs-symbol">@Fedora</span></span><span class="pun">-</span><span class="typ">Partation5</span><span class="pln"> etc</span><span class="pun">]<span class="hljs-meta">#</span></span><span class="pln"><span class="hljs-meta"> pwconv</span></span>
  5. 再次尝试修改密码

 

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: