problem background
The following error is displayed when the root password is changed in the online environment:
[root]# passwd root
Changing password for user root.
passwd: Authentication token manipulation error
Solution
View /etc/passwd, /etc/shadow file properties
[root]# lsattr /etc/shadow
----i----------- /etc/shadow
[root]# lsattr /etc/passwd
----i----------- /etc/passwd
Notes:
- A: Atime, which tells the system not to modify the last access time to this file.
- S: Sync, once the application performs a write operation on the file, the system immediately writes the modified result to the disk.
- a: Append Only, the system only allows appending data after this file, and does not allow any process to overwrite or truncate this file. If a directory has this attribute, the system will only allow files to be created and modified in this directory, not to delete any files.
- b: Do not update the last access time of the file or directory.
- c: Compress the file or directory and store it.
- d: When the dump program is executed, the file or directory will not be backed up by dump.
- D: Check for errors in the compressed file.
- i: Immutable, the system does not allow any modification to this file. If the directory has this attribute, any process can only modify the files under the directory, and is not allowed to create and delete files.
- s: The file is completely deleted and cannot be recovered, because it is deleted from the disk, and then fills the area where the file is located with 0.
- u: When an application requests to delete the file, the system reserves its data blocks so that the file can be undeleted later to prevent accidental deletion of the file or directory.
- t: The file system supports tail-merging.
- X: The contents of the compressed file can be directly accessed.
Revoke the i file attributes of /etc/passwd and /etc/shadow
[root]# chattr -i /etc/shadow
[root]# chattr -i /etc/passwd
Check the /etc/passwd, /etc/shadow file properties again
[root]# lsattr /etc/shadow
---------------- /etc/shadow
[root]# lsattr /etc/passwd
---------------- /etc/passwd
Then, re-update the user password.