Solaris 8 passwd locked out − permission denied

raziayub · January 23, 2009, 3:33am

Hi Gurus,
i have ussers cannot change their passwords, neither can root change the user's password.

O.S. Solaris 8
uptodate on security patchaes as far as I know.

Examples (names have been changed to protect the guilty):

User logged on:
$ passwd
passwd: Changing password for <user>
passwd: User unknown: <user>
Permission denied

ROOT logged on:
# passwd <user>
passwd: User unknown: <user>
Permission denied

Permissions for the /usr/bin/passwd file seem to be correct
(rsrsrx).
Permissions on /etc/passwd and /etc/shadow seem to be correct (rrr
and r respectively).
<User> does exist in both files and record format is comparable to other
entries.
Home directory does exist and is owned by <user>.

What am I missing???

Thank you in advanced.

DukeNuke2 · January 23, 2009, 5:06am

do you use a directory service for your user? something like ldap or nis? if so, you have to use the proper tool to change the users password. have a look at /etc/nsswitch.conf for your configuration...

raziayub · January 23, 2009, 12:22pm

Hi Duke,

This is stand alone, no directory services in place.

DukeNuke2 · January 23, 2009, 1:09pm

try to use the "admintool" or "smc" to change the password. or create a new user and try to change the password... if all this fails, there should be something wrong with the system itself...

Perderabo · January 23, 2009, 2:25pm

Could be that /etc/pam.conf is misconfigured.

cerber0 · January 25, 2009, 1:04pm

in you messages say

#####################
Permissions on /etc/passwd and /etc/shadow seem to be correct (rrr
and r respectively).
#####################

but in my experience the correct permissions for /etc/passwd are rw-r--r--

check /var/ssam/install/contents for verify the original permissions for /etc/passwd

grep /etc/passwd /var/sadm/install/contents

the correct permissions are indicated in the fourth column

incredible · January 26, 2009, 2:39am

permission for /usr/bin/passwd should be allowed for execute permission
passwd and shadow file must be either 400 or 600

Perderabo · January 26, 2009, 6:05am

I must disagree. /usr/bin/passwd must be suid to root and the combination of suid and execute does show up as rs. The /etc/passwd file must be readable by everyone.

incredible · January 26, 2009, 11:52pm

But there are no permissions even set for root.
it shoud either be rwx , r-x or r-s right?
chmod u+s /usr/bin/passwd ---> to setuid