LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Closed Thread
 
Search this Thread
Old 05-26-2001, 08:01 PM   #1
manfernandez
LQ Newbie
 
Registered: May 2001
Posts: 6

Rep: Reputation: 0

Good day,

I am new to Linux. I have purchased a book "Linux Network Servers 24Seven" There is chapter that says how to create a user via the passwd file:

1. pico /etc/passwd
2. add a user name: manny::503:503:Manny Fernandez:/home/manny:/bin/bash
3. Create a home dir : mkdir /home/manny
4. Copy the contents of /etc/skel
5. Change ownership: chown manny:users /home/manny
6. Change password: passwd manny

When I do step 6, I get an error "Authentication Token Manipulation Error" if I use Linuxconf it works fine, but I would like to learn the hard way so that when I use the "Helper Apps" I know what it is actually doing.


Thanks
 
Old 05-27-2001, 05:15 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,693
Blog Entries: 54

Rep: Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961
if u are running shadowed passwords it might be theres no entry for this user. make a backup of /etc/shadow, delete /etc/shadow and convert /etc/passwd using pwconvert.
same goes for /etc/groups.
 
Old 05-27-2001, 05:24 PM   #3
manfernandez
LQ Newbie
 
Registered: May 2001
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks,

I have a question about your response though. When I am using shadowed passwords, can I still create a user from the passwd file or should I use the linuxconf?

Does that pwconvert, somehow pull the passwd file and allow me to apply a password to the users that are in the passwd file?


Thanks

Manny
 
Old 05-27-2001, 06:52 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,693
Blog Entries: 54

Rep: Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961
Linuxconf is easier but u can still use /etc/passwd to add users.
pwconv creates /etc/shadow from /etc/passwd, replacing passwords with asterixes in /etc/passwd.
I think uve gotta rerun pwconv each time u *add* a user, Linuxconf tho will do the whole sequence by itself, at least I never had a prob with Linuxconf & shadow.
 
Old 05-27-2001, 07:13 PM   #5
manfernandez
LQ Newbie
 
Registered: May 2001
Posts: 6

Original Poster
Rep: Reputation: 0
Thank you!
 
Old 05-29-2001, 12:31 PM   #6
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Manfernandez here's an example to read:

1. echo "manny:x:503:503:Manny Fernandez:/home/manny:/bin/bash" >> /etc/passwd
2. echo "manny::11302:0:99999:7:::" >> /etc/shadow
3. mkdir /home/manny
4. chown 503 /home/manny
5. chmod 700 /home/manny
6. passwd manny

/Raz
 
Old 08-30-2005, 10:16 AM   #7
theShadowSearcher
LQ Newbie
 
Registered: Aug 2005
Distribution: Fedora
Posts: 1

Rep: Reputation: 0
If using NIS, you MUST remember to update the NIS domain's authentication files by executing the make command in the /var/yp directory.
Otherwise, you will not login anymore until you restart the machine and make some contingency process.
 
Old 03-14-2006, 04:00 PM   #8
Garlic Overtone
LQ Newbie
 
Registered: Jun 2005
Distribution: Fedora Core
Posts: 6

Rep: Reputation: 0
Lightbulb Late response

Gents,

Sorry to get in late on the fun, but I ran into this problem myself and thought I'd post some advice.

I was trying to change the password of a local user (Centos 4.2, but that's irrelevant for the most part) when I encountered the error below:

[root@localhost ~]# passwd someuser
passwd: Authentication token manipulation error.

For me, the problem was caused entirely by the username in the password file being different from the username in the shadow file. Editing /etc/shadow's someuser entry to match the entry in /etc/passwd solved the problem.

WRT the above advice of editing the password file directly, in short, DON'T. That's pretty much what screwed me up. There's a couple utilities you should be made aware of that will make your life easier.

First up, the humble `passwd' command. It changes passwords, 'nuf said.

Next up, `adduser'. Use this to create users. Generally, the form of `adduser <username>' is usually enough. Use `passwd <username>' to then set the password. (see above.)

Next up, `usermod'. Most of the time, people modify the passwd file to change a shell (usermod -s <shell> <username>), change a username (usermod -l <newusername> <oldusername>), or change group info (-G adds users to new groups, -g changes primary group).

Next, `chfn'. This tool changes the GECOS Fields in /etc/passwd for you, so you don't mess it up.

Lastly, should you for some sadistic reason desire to edit the passwd and shadow fields manually, at least use `vipw' (for editing passwd) and `vigr' (for editing groups). These tools will remind you to edit /etc/shadow and /etc/gshadow if need be.

WRT using the [un]shadow utilities, you should remember not to do that on a multi-user system while other users are logged in. Someone could VERY easily snarf your unprotected passwd file with all the hashes after running `pwunconv'. Remember, /etc/passwd HAS to be world readable, or most PAM modules and other authentication systems (NIS) fail.

Quote:
Linuxconf is easier but u can still use /etc/passwd to add users.
pwconv creates /etc/shadow from /etc/passwd, replacing passwords with asterixes in /etc/passwd.
I think uve gotta rerun pwconv each time u *add* a user, Linuxconf tho will do the whole sequence by itself, at least I never had a prob with Linuxconf & shadow.
This is inaccurate. If shadow passwords are enabled (they are by default in Redhat based systems after about 1999, not sure about yours, use pwconf and grpconv to enable them!), then you needn't touch the shadow utilities at all if you use the proper utilities.

As for Linuxconf, stay far far away.

Quote:
pico /etc/passwd
I heard a guy was FIRED from a place I worked at for editing the passwd file in pico. Long ago (eg: 6 years or so) there was a bug in pico that caused it to silently truncate files longer than 10,000 lines when it re-wrote them to disk. When this fellow was editing it on a system with 25,000+ users, he saved it not realizing what would happen, and trashed 15,000+ accounts.

HTH,

-- G4rlic

p.s.: A colleague informed me that calling the above "the right way" is somewhat misleading. So let me clarify: unless you know exactly what you're doing, use the utilities provided to you by the OS. You'll be much better off until you learn the structure of /etc/passwd, /etc/shadow, and /etc/group.
 
Old 12-14-2006, 10:36 AM   #9
Wells
Member
 
Registered: Nov 2004
Location: Florida, USA
Distribution: Debian, Redhat
Posts: 383

Rep: Reputation: 31
This is kind of sad, but I have recently run into this problem as well. In my case, it was a system which was using LDAP for authentication, and appears to be very confused now.

In the end, I had to cat all of the passwd and shadow entries in LDAP into /etc/passwd and /etc/shadow in order to fix the problem.

Granted, this is a machine that has been up for nearly six months now, and we have done a lot of nasty little things with authentication to it during that time, so a reboot is going to be in order as soon as we get a maintenance window.
 
Old 06-06-2008, 12:00 PM   #10
Golan Trevize
LQ Newbie
 
Registered: Jun 2008
Posts: 1

Rep: Reputation: 0
Exclamation Do not delete /etc/shadow.

In regards to UnSpawn's comment about how to use pwconv, I highly recommend that you avoid a fun Career Limiting Move and do NOT delete the current /etc/shadow file on a running production server, and then "recreate" it using pwconv. PWCONV will not recreate the old passwords, so all users, including root, will no longer be able to login. If you manually manipulate /etc/passwd, simply run pwconv and it will bring in the new users, then run passwd <user> for each.
 
Old 06-06-2008, 12:49 PM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,693
Blog Entries: 54

Rep: Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961
Nice. It kinda shows you shouldn't use age-old nfo as basis for your career moves. Thanks for correcting anyway, even though it resulted in resurrecting a dead thread in the process.
 
1 members found this post helpful.
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"passwd: Authentication token manipulation error" Neowulf Linux - Newbie 8 03-05-2014 05:01 PM
error: unexpected token `newline' CarlosV Programming 4 05-17-2011 04:47 AM
Many errors when 'make'ing (example: error: syntax error before `::' token) darkblade Linux - Software 5 03-02-2005 04:00 PM
authentication token manipulation error abuelmaati Linux - Newbie 3 02-04-2005 08:21 AM
Undecodable token error ?? Thymox Linux - General 3 11-18-2002 07:11 PM


All times are GMT -5. The time now is 10:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration