usermod: cannot lock /etc/passwd, but user is in root group which owns file

alchemy

5/6/23, 11:46 PM

As the title says. Interesting behavior. I just switched over to nologin on root user for security, after adding my user to root and sudo groups. I added a longer sudo timeout as described in the link below. So I should be able to use usermod without adding sudo because root owns /etc/passwd and user is part of the root group..no?

https://unix.stackexchange.com/questions/26074/is-there-a-way-to-stop-having-to-write-sudo-for-every-little-thing-in-linux/676564#676564

Also, two more problems I found, likely related.. using guestmount failed from permissions, so I added user to kvm group (owner of the complaining file), but still requires sudo. Also, once mounted, I tried ls to /mnt, but have to use sudo even though /mnt is root:root..?

This isnt a trivial problem, because nologin on root disables most brute force ssh attacks, and yet having to use sudo before things like ll disables any alias.

0 + 0

permissions

root

sudo

users

steeldriver

5/7/23, 12:57 AM

The root *group* and the root *user* are not the same entity - you will likely find that /etc/passwd has permissions `-rw-r--r--` i.e. members of the root group may only read it (same as any others)

waltinator

5/7/23, 1:51 AM

`usermod` is complaining about `/etc/passwd`'s LOCK, not `/etc/passwd`. You shouldn't have to use `sudo` with `ls`. Explore your Mount/Read/Write/Execute problems with `https://github.com/waltinator/pathlld`, a `bash` script to show the permissions, mount options along the path to an object or objects.

alchemy

5/10/23, 1:25 AM

Thanks guys! @steeldriver, ah, that is true. I wonder how many files I would have to change the group perms of to make my user have the power/usability of a redhat wheel user? That is my goal. I did find that sudo -s for some reason still logs into root even with nologin set. So that may be easier to use as a workaround.

alchemy

5/10/23, 1:31 AM

@waltinator, thanks. I tried researching lock files, but it doesnt look like that file has one. Maybe the error is complaining I need to be root even so. It did have a similar '/etc/passwd-'. I wonder if that is something. I know lock files from the standpoint of avoiding collisions, but not for having to be root. I just got to double check, I had to use sudo with guestmount on the VM file, and then yes ls wont work on /mnt w/o sudo. The file is actually owned by the user though, so it must be something within guestmount that needs sudo and causes this. `sudo -s` is working, but not perfect..

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: usermod: cannot lock /etc/passwd, but user is in root group which owns file

TH: usermod: ไม่สามารถล็อก /etc/passwd ได้ แต่ผู้ใช้อยู่ในกลุ่มรูทซึ่งเป็นเจ้าของไฟล์

RO: usermod: nu poate bloca /etc/passwd, dar utilizatorul se află în grupul rădăcină care deține fișierul

RU: usermod: невозможно заблокировать /etc/passwd, но пользователь находится в корневой группе, которой принадлежит файл

VI: usermod: không thể khóa/etc/passwd, nhưng người dùng thuộc nhóm gốc sở hữu tệp

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.