Problem description
After you change the password of the root user for a Linux Elastic Compute Service (ECS) instance in the ECS console, you cannot use the root user and the new password to log on to the instance.
Cause
The i (Immutable) attribute is enabled for the /etc/passwd or /etc/shadow file. As a result, the new password of the root user may not take effect.
In Linux, the /etc/passwd file is used to store account information, and the /etc/shadow file is used to store password information. If the attributes of the /etc/shadow or /etc/passwd file are incorrectly configured, specific features of the Linux ECS instance may not work as expected. For example, after you change the password of the root user, the new password does not take effect. For information about common file attributes, see the Common chattr attributes section of this topic.
Solution
Connect to the Linux ECS instance as the root user. For more information, see Use Workbench to connect to a Linux instance over SSH.
ImportantYou must use the original valid password to connect to the Linux ECS instance. If the original password is invalid, connect to the instance by using Virtual Network Computing (VNC). For more information, see Connect to an instance by using VNC.
Run the following commands to check the file attribute status:
# Check the attribute status of the passwd file. lsattr /etc/passwd # Check the attribute status of the shadow file. lsattr /etc/shadowIf no special flag, such as
iora, is displayed, the attribute status is normal.Sample abnormal status:
If the file attribute status is abnormal, run the following commands to remove the abnormal attributes:
# Remove the i (Immutable) attribute from the passwd file. chattr -i /etc/passwd # Remove the a (Append Only) attribute from the shadow file. chattr -a /etc/shadowRun the following command to recheck the attribute status of the files.
lsattr /etc/passwd /etc/shadowThe expected command output does not contain the
ioraflag.Reset the password of the root user for the Linux ECS instance in the ECS console. For more information, see Reset the logon password of an instance.
Use the new password of the root user to connect to the Linux ECS instance. If you can connect to the instance, the issue is resolved.
Appendix
Common chattr attributes
Attribute | Full name | Description | Common scenario |
i | Immutable | A file with this attribute cannot be modified. You cannot write data to, delete data from, rename, or add links for the file. | Scenarios in which you must prevent the key files of the system from being tampered with. |
a | Append Only | A file with this attribute only allows you to append content at the end of the file. You cannot modify existing content in the file. | Scenarios in which you must protect the integrity of log files. |
e | Extent Format | A file with this attribute uses extents to map disk blocks. This attribute is a default attribute for modern file systems. Manual modification for this attribute is not required. | Automatic system management. |
A | No Atime Updates | A file with this attribute does not allow updates when data is being accessed. This reduces disk I/O operations. | High-concurrency server optimization. |