Hi Gurus,
i have ussers cannot change their passwords, neither can root change the user's password.
O.S. Solaris 8
uptodate on security patchaes as far as I know.
Examples (names have been changed to protect the guilty):
User logged on:
$ passwd
passwd: Changing password for <user>
passwd: User unknown: <user>
Permission denied
ROOT logged on:
# passwd <user>
passwd: User unknown: <user>
Permission denied
Permissions for the /usr/bin/passwd file seem to be correct
(rsrsrx).
Permissions on /etc/passwd and /etc/shadow seem to be correct (rrr
and r respectively).
<User> does exist in both files and record format is comparable to other
entries.
Home directory does exist and is owned by <user>.
What am I missing???
Thank you in advanced.
do you use a directory service for your user? something like ldap or nis? if so, you have to use the proper tool to change the users password. have a look at /etc/nsswitch.conf for your configuration...
Hi Duke,
This is stand alone, no directory services in place.
try to use the "admintool" or "smc" to change the password. or create a new user and try to change the password... if all this fails, there should be something wrong with the system itself...
Could be that /etc/pam.conf is misconfigured.
in you messages say
#####################
Permissions on /etc/passwd and /etc/shadow seem to be correct (rrr
and r respectively).
#####################
but in my experience the correct permissions for /etc/passwd are rw-r--r--
check /var/ssam/install/contents for verify the original permissions for /etc/passwd
grep /etc/passwd /var/sadm/install/contents
the correct permissions are indicated in the fourth column
permission for /usr/bin/passwd should be allowed for execute permission
passwd and shadow file must be either 400 or 600
I must disagree. /usr/bin/passwd must be suid to root and the combination of suid and execute does show up as rs. The /etc/passwd file must be readable by everyone.
But there are no permissions even set for root.
it shoud either be rwx , r-x or r-s right?
chmod u+s /usr/bin/passwd ---> to setuid