Permission issue with /etc/shadow

General support questions
Post Reply
cosmofur
Posts: 3
Joined: 2015/10/27 14:55:24

Permission issue with /etc/shadow

Post by cosmofur » 2018/12/27 17:05:03

CentOS 7.6.1810
Noticed when trying a yum update got an odd error:
Running transaction
Updating : setup-2.8.71-10.el7.noarch 1/2
Error unpacking rpm package setup-2.8.71-10.el7.noarch
error: unpacking of archive failed on file /etc/shadow.rpmnew: cpio: rename
Verifying : setup-2.8.71-10.el7.noarch 1/2
setup-2.8.71-9.el7.noarch was supposed to be removed but is not!
Verifying : setup-2.8.71-9.el7.noarch 2/2
The '/etc/shadow.rpmnew' error seems to be the issue, and so I started there.
This file normally does not (yet) exist
So I first as root tried to see if the file system would allow me to create it at all.
# echo > shadow.rpmnew
-bash: shadow.rpmnew: Permission denied
Something was blocking me from creating any filename beginning with /etc/shadow

I tried a few of the obvious things, but nothing worked so far.
There is plenty of disk space and the / disk is a simple xfs mounted with no special options. (ie nothing like 'noroot' )
selinix is disabled.
lsattr /etc/shadow returns "---------------- /etc/shadow"
I disabled the anti-virus McAfee.
Any attempt to do any sort of editing (chmod, vi or over writing) of /etc/shadow fails with permission denied. (even the over-ride read-only option in 'vi' fails)
One thing that DID work was changing a test users password with the passwd command, that did update the shadow file.
Seeing the passwd cmd working I tested if the suid bit was an issue and put together a quicky c program with root suid and that also got permission denied.

I know selinux is disabled, but it really feels like something very selinix like is disabling access to /etc/shadow(*) and this is keeping yum from completing.

Any ideas?

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: Permission issue with /etc/shadow

Post by lightman47 » 2018/12/27 18:57:31

You ran "yum update" as root - and exactly that way?

If not, details will be very important:
What you did
What (exact) error messages you got

My /etc/shadow has permissions for NOBODY (not even root). I'm then left wondering why yum is trying to extract there.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Permission issue with /etc/shadow

Post by TrevorH » 2018/12/27 19:43:19

What's the output from uname -a ?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

cosmofur
Posts: 3
Joined: 2015/10/27 14:55:24

Re: Permission issue with /etc/shadow SOLUTION

Post by cosmofur » 2018/12/27 20:05:33

I found the issue, remember in my first post I said I disabled McAfee?

Well apparently there a submodule of McAfee called 'Solidcore' that is not disabled when you do a 'service ma stop' and has to be disabled with a much more complex series of commands which in my case also included a required reboot. (not friendly at all)

Just in case you have McAfee solidcore, here are the steps I had to take:
sadmin disable
enter a McAfee password
REBOOT (I could not find a way around this mandatory reboot making this a serious issue for automating patching)
/usr/local/mcafee/solidcore/scripts/scsrvc stop
/usr/local/mcafee/solidcore/tools/cleanup_inventory
/etc/init.d/cma unload SOLIDCOR5000_LNX
(At this point /etc/shadow was no longer being protected and I could run the patch)
sadmin enable
/usr/local/mcafee/solidcore/scripts/scsrvc start
Thanks
Steven Back

cosmofur
Posts: 3
Joined: 2015/10/27 14:55:24

Re: Permission issue with /etc/shadow

Post by cosmofur » 2018/12/27 20:09:52

lightman47 wrote:
2018/12/27 18:57:31
You ran "yum update" as root - and exactly that way?

If not, details will be very important:
What you did
What (exact) error messages you got

My /etc/shadow has permissions for NOBODY (not even root). I'm then left wondering why yum is trying to extract there.
Yes ran it as root exactly that way.
My permissions for /etc/shadow also has permissions for Nobody (mod 000) but normally root can still create files with names list /etc/shadow.### and even those were being blocked. (see below in thread, I found the problem was McAfee)
As for why 'yum' was doing something to /etc/shadow, I can't fully answer, but it appears to be part of a security patch from a valid repo.

muralisingaram
Posts: 1
Joined: 2019/02/15 15:39:52

Re: Permission issue with /etc/shadow

Post by muralisingaram » 2019/02/15 15:43:40

I faced the same issue.


Running transaction
Updating : setup-2.8.71-10.el7.noarch 1/2
Error unpacking rpm package setup-2.8.71-10.el7.noarch
error: unpacking of archive failed on file /etc/shadow.rpmnew: cpio: rename
Verifying : setup-2.8.71-10.el7.noarch 1/2
setup-2.8.71-9.el7.noarch was supposed to be removed but is not!
Verifying : setup-2.8.71-9.el7.noarch 2/2

Failed:
setup.noarch 0:2.8.71-9.el7 setup.noarch 0:2.8.71-10.el7

I disabled McAfee on the VM and tried again and it installed.

Post Reply