修改服务器root密码 错误 “passwd: Authentication token manipulation error”

百度了各种解决方案


总结 1. 权限问题

lsattr  /etc/passwd/      -------------e- /etc/passwd

lsattr /etc/shadow/      -------------e- /etc/passwd

用lsattr命令查看存放用户和密码的文件属性,发现有i选项: (i:不得任意更动文件或目录。)所以导致所有的用户都不能修改密码,因为没有权限允许。
这种情况我们需要用chattr命令将i权限撤销,然后再修改

总结 2 .  ``同步/etc/passwd 和/etc/shadow出错
 #pwconv
pwconv: can't lock passwd file

我的没有这个报错

总结3
看权限没有异常,也没有进程锁定该文件
ll /etc/passwd
文件权限已经开到最大

cp lock文件出错,提示空间不足
cp  /tmp/.pwd.lock  /etc

以上均没有报错

再次修改密码仍然出错,于是尝试修改/etc/passwd也出现错误
最后怀疑系统版本问题,centos7开始 对这个文件有保护

于是查找centos7报该错误的解决方案,果然有很多猿类都遇到该问题

是selinux导致的
关闭selinux就可以修改密码了
/usr/sbin/setenforce 0 立刻关闭 SELINUX

/usr/sbin/setenforce 1 立刻启用 SELINUX

但是尝试后仍然无法修改密码

最终总结

down vote
accepted
It's failing because passwd manipulates a temporary file, and then attempts to rename it to /etc/shadow. This fails because /etc/shadow is a mountpoint -- which cannot be replaced -- which results in this error (captured using strace):

102 rename("/etc/nshadow", "/etc/shadow") = -1 EBUSY (Device or resource busy)
You can reproduce this trivially from the command line:

cd /etc

touch foo

mv foo shadow

mv: cannot move 'foo' to 'shadow': Device or resource busy
You could work around this by mounting a directory containing my_shadow and my_passwd somewhere else, and then symlinking /etc/passwd and /etc/shadow in the container appropriately:

$ docker run -it --rm -v $PWD/my_etc:/my_etc centos
[root@afbc739f588c /]# ln -sf /my_etc/my_passwd /etc/passwd
[root@afbc739f588c /]# ln -sf /my_etc/my_shadow /etc/shadow
[root@afbc739f588c /]# ls -l /etc/{shadow,passwd}
lrwxrwxrwx. 1 root root 17 Oct 8 17:48 /etc/passwd -> /my_etc/my_passwd
lrwxrwxrwx. 1 root root 17 Oct 8 17:48 /etc/shadow -> /my_etc/my_shadow
[root@afbc739f588c /]# passwd root
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@afbc739f588c /]#