Passwd: Permission denied

Latest response

I'm unable to reset a root user password in single user mode. RHEL7

Getting an error,

"Passwd: Permission denied"

Responses

It could be a lot of things, but you could check whether the root file system is read-only (eg. can you create a file anywhere), and run setenforce 0 to make sure selinux isn't getting in the way.

You are in single user mode so you don't specify users, make sure your root filesystem is mounted in read/write "mount -o remount,rw /" then passwd

Hello, are you following the procedure in the System Administrator's Guide?[1]

Quoting from there: "Note that in GRUB 2, resetting the password is no longer performed in single-user mode "

[1] 25.10.4. Changing and Resetting the Root Password

Unfortunately the link you provided no longer exists. Is there a solution to this problem?

26.10.4. Changing and Resetting the Root Password - This procedure also didn't help. Keep on saying Passwd : Permission Denied

so i had the same permission denied in a prod environment and i just fix the issue . ======issue====== /etc/pam.d/system-auth was missing the auth and password entries

%PAM-1.0 This file is auto-generated. User changes will be destroyed the next time authconfig is run.

account required pam_unix.so broken_shadow

prevents incremeting counter after successful sudo (INC000006344605)

account required pam_tally2.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account required pam_permit.so

session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so auth include RHELSOE-auth password include RHELSOE-password

======solution ===== i inserted the missing entries for auth and password from password-auth-ac file auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.s

password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok

password required pam_deny.s

after that i was able to change password for any user.

Thanks for the hint! Really useful.

After some downgrades and upgrades I got this error and file /etc/pam.d/system-auth appeared to be empty. I managed to pass:

systemd.debug-shell=1

in kernel cmdline to have root shell on boot since I was not able to login as root anymore. I regenerated system-auth file with command:

authconfig --updateall

and after that I was able to login and change passwords for users.

This discussion is a few years old...

Make sure to remount the "/" as "rw" (read-write).

  1. At the beginning of the boot process, at the GRUB 2 menu (Kernel list), type the e key to edit the kernel
  2. Move down to the kernel line (the line starting with linux16)
  3. Remove rhgb quiet using the backspace key.
  4. Add rd.break enforcing=0
    NOTE: you might have to make "console=tty0" in step 4 as well depending if it's virtual or not, and other factors
  5. Press Ctrl x to resume the boot process. NOTE: instead of doing #6 below, instead at step #3 above, change "ro" to "rw" in the grub line
  6. # mount –o remount,rw /sysroot
  7. # chroot /sysroot
  8. # passwd
  9. Retype the password
  10. Type exit twice to continue the boot process
  11. Log in as root
  12. # restorecon -v /etc/shadow
  13. # setenforce 1

Please note other comments above...

Regards,
RJ