passwd doesn't work: Authentication token manipulation error

Question

I have an strange problem...
I cannot login to my Ubuntu using my own private key. Fortunately I have a password and it works but I cannot change my password. I can su user to root. See the following command outputs:

root@myhost:/# passwd myuser
Enter new UNIX password: 
Retype new UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged

Then I tried this:

root@myhost:/# pwconv
pwconv: cannot open /etc/passwd

There aren't any .lock files in /etc but

/etc/group 
/etc/group-
/etc/gshadow
/etc/gshadow-
/etc/shadow
/etc/shadow-
/etc/passwd
/etc/passwd-

are exist.

What can I do?

Someone asked the same question some years ago on Ask Ubuntu. https://askubuntu.com/a/57622/67665 Can you check if the accepted solution there applies to you? — pkhamre, Jan 31 '18 at 10:47
So you are saying that an entry for `myuser` exists in both `/etc/passwd` and `/etc/shadow`? `sudo grep myuser /etc/passwd` and `sudo grep myuser /etc/shadow` — pkhamre, Jan 31 '18 at 11:18

Alisio Meneses · Answer 1 · 2018-01-31T11:54:34.953

1

This may be related to incorrect permissions set to /usr/bin/passwd. Try to set the permissions to 4755 using the command:

sudo chmod 4755 /usr/bin/passwd

Which means: User can read, write and execute, group and others can read and execute, and set UID bit.

edited Jan 31 '18 at 11:54

answered Jan 31 '18 at 09:56

Alisio Meneses

53
1
9

so I have 2 questions: 1st) I didn't changed this before. why this should be happened. changing the default permissions isn't unsafe? 2nd) I cannot change the permissions. this error occurs: `chmod: changing permissions of '/etc/shadow': Operation not permitted` – mahyard Jan 31 '18 at 11:06
1st question) It is unsafe, but 4755 is the default permission, according to my fresh xenial install. 2nd question) You must type 'sudo' before administrative applications. I edited the answer to include the sudo command. – Alisio Meneses Jan 31 '18 at 12:21
I'm not so newbie :) if you check the question again you can see that I changed to root user. so there is no need to sudo – mahyard Jan 31 '18 at 12:59

score 1 · Accepted Answer · answered Jan 31 '18 at 13:39

1

Maybe something or someone has set an immutable flag for /etc/passwd and/or /etc/shadow file.

Check with lsattr /etc/passwd /etc/shadow and if the result contains i in response, remove the immutable flag with chattr -i /etc/passwd /etc/shadow.

answered Jan 31 '18 at 13:39

Janne Pikkarainen

31,454
4
56
78

is this a default attribute in Ubuntu 12.04? I cannot understand how it should be happened ? – mahyard Jan 31 '18 at 13:45
Not that I know of. Interesting. – Janne Pikkarainen Jan 31 '18 at 14:44
it is not a complete answer to my problem. would you explain about changing file permissions and restoring default attributes after changing passwords, please? – mahyard Feb 01 '18 at 10:13

passwd doesn't work: Authentication token manipulation error

2 Answers2