All Products
Search

This Product

    Elastic Compute Service:What do I do if I cannot use the root user and the new password to log on to a Linux instance after I change the password of the root user?

    Document Center

    Elastic Compute Service:What do I do if I cannot use the root user and the new password to log on to a Linux instance after I change the password of the root user?

    Last Updated:Mar 18, 2025

    Error description

    After changing the root user's password for a Linux ECS instance in the ECS console, you are unable to log on to the instance with the root user and the new password.

    Possible causes

    The root password change might not be effective if the /etc/passwd or /etc/shadow files have immutable properties set.

    Note

    In Linux, the /etc/passwd file stores account information, while the /etc/shadow file holds password details. Incorrect property configurations for either the /etc/shadow or /etc/passwd files can lead to malfunctioning instance features, such as ineffective root account password changes. For details on common file properties, see Common chattr property descriptions.

    Solutions

    1. Log on to the instance using the root user and the original password. For more information, see Log on to a Linux instance by using the SSH protocol through Workbench.

      Important

      You must use the original valid password to log on to the instance for operations. If the password is invalid, log on through the VNC console. For more information, see Connect to an instance through VNC.

    2. Verify the file property status with the following commands.

      # Check passwd file properties
lsattr /etc/passwd
# Check shadow file properties
lsattr /etc/shadow

      • Normal status: The files should not have special property flags, such as i or a.

      • Example of abnormal status:

        查看属性

    3. If the file properties are abnormal, use the following commands to remove the abnormal properties.

      # Remove the immutable property of the passwd file
chattr -i /etc/passwd

# Remove the append-only property of the shadow file
chattr -a /etc/shadow

    4. To verify the properties once more, run the following command.

      lsattr /etc/passwd /etc/shadow

      The expected output should not contain any i or a flags.

    5. Reset the root user's password for the Linux ECS instance in the ECS console. For more information, see Reset the logon password of an instance.

    6. Log on to the instance with the reset password. If successful, the issue is resolved.

    Appendix

    Common chattr property descriptions

    Property

    Full name

    Description

    Typical scenario

    i

    Immutable

    File cannot be modified: Prohibits any write, delete, rename, or link operations.

    Prevents tampering with critical system files.

    a

    Append Only

    Append-only mode: Allows content to be appended to the end of the file but does not allow modification of existing content.

    Protects the integrity of log files.

    e

    Extent Format

    Indicates that the file uses extents to map disk blocks (default property of modern file systems, no manual modification needed).

    Automatically managed by the system.

    A

    No Atime Updates

    Disables access time updates to reduce disk I/O.

    Optimization for high concurrency servers.