Passwd: Permission denied
I'm unable to reset a root user password in single user mode. RHEL7
Getting an error,
"Passwd: Permission denied"
Responses
It could be a lot of things, but you could check whether the root file system is read-only (eg. can you create a file anywhere), and run setenforce 0 to make sure selinux isn't getting in the way.
You are in single user mode so you don't specify users, make sure your root filesystem is mounted in read/write "mount -o remount,rw /" then passwd
Hello, are you following the procedure in the System Administrator's Guide?[1]
Quoting from there: "Note that in GRUB 2, resetting the password is no longer performed in single-user mode "
I think it is now 26.10.4. Changing and Resetting the Root Password
26.10.4. Changing and Resetting the Root Password - This procedure also didn't help. Keep on saying Passwd : Permission Denied
so i had the same permission denied in a prod environment and i just fix the issue . ======issue====== /etc/pam.d/system-auth was missing the auth and password entries
%PAM-1.0 This file is auto-generated. User changes will be destroyed the next time authconfig is run.account required pam_unix.so broken_shadow
prevents incremeting counter after successful sudo (INC000006344605)account required pam_tally2.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account required pam_permit.so
session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so auth include RHELSOE-auth password include RHELSOE-password
======solution ===== i inserted the missing entries for auth and password from password-auth-ac file auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.s
password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok
password required pam_deny.safter that i was able to change password for any user.
Thanks for the hint! Really useful.
After some downgrades and upgrades I got this error and file /etc/pam.d/system-auth appeared to be empty. I managed to pass:
systemd.debug-shell=1
in kernel cmdline to have root shell on boot since I was not able to login as root anymore. I regenerated system-auth file with command:
authconfig --updateall
and after that I was able to login and change passwords for users.
This discussion is a few years old...
Make sure to remount the "/" as "rw" (read-write).
- At the beginning of the boot process, at the GRUB 2 menu (Kernel list), type the e key to edit the kernel
- Move down to the kernel line (the line starting with linux16)
- Remove rhgb quiet using the backspace key.
- Add rd.break enforcing=0
NOTE: you might have to make "console=tty0" in step 4 as well depending if it's virtual or not, and other factors - Press Ctrl x to resume the boot process. NOTE: instead of doing #6 below, instead at step #3 above, change "ro" to "rw" in the grub line
- # mount –o remount,rw /sysroot
- # chroot /sysroot
- # passwd
- Retype the password
- Type exit twice to continue the boot process
- Log in as root
- # restorecon -v /etc/shadow
- # setenforce 1
Please note other comments above...
Regards,
RJ