Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, or potential impacts of operations on the products.
Problem description
Running the passwd command on a Linux ECS instance fails with the following error:
passwd: Authentication token manipulation errorCauses
This error occurs when the system cannot update the password files. The two most common causes are:
The immutable attribute (
-iflag) is set on password-related files, which prevents any modifications.Password-related files are corrupted or have been tampered with.
The following files are involved in password management:
/etc/passwd/etc/shadow/etc/group/etc/gshadow
Solution
Step 1: Check file attributes
Log on to the ECS instance and run the following command to check the attributes of password-related files: Normal output looks like this (no immutable attribute set): If any file has the immutable attribute set, the output includes an
iflag. For example:lsattr /etc/*shadow /etc/passwd /etc/group--------------e------ /etc/gshadow --------------e------ /etc/shadow --------------e------ /etc/passwd --------------e------ /etc/group----i---------e------ /etc/shadowIf the immutable attribute (
-i) is present on any file, remove it:chattr -i /etc/*shadow /etc/passwd /etc/groupTry changing the password again.
Step 2: Recreate the shadow password file
If the error persists after you remove the immutable attribute, the /etc/shadow file may be corrupted. Recreate it by performing the following steps:
Back up the existing shadow file:
mv /etc/shadow /etc/shadow.bakRecreate the shadow password file from
/etc/passwd:pwconvTry changing the password again.
Applies to
ECS