After successfully installing the
shadow package and running
pwconv, the password cannot be set as stated in the guide.
The command
fails with the following error:
Code:
passwd: cannot open /etc/shadow
Indeed, it seems that the default permissions set by
pwconv do not include the write permission.
Code:
(lfs chroot) root:/tmp# ls -l /etc/shadow
-r-------- 1 root root 299 Dec 22 17:30 /etc/shadow
It is a simple solution to
Code:
chmod 600 /etc/shadow
But this has not been mentioned in the book AFAIK.
So I wonder if others also ran into this issue, or if I have missed an installation step and messed up some permissions.
Otherwise it seems that this should be added to the book.
Here is the relevant book page.
The script that led me to this issue:
Code:
# Prevent groups program and man-pages installation, to use coreutils.
sed -i 's/groups$(EXEEXT) //' src/Makefile.in
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \;
find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;
# Use SHA-512 instead of default crypt for password encryption.
# Change the obsolete /var/spool/mail to /var/mail.
# Remove /bin and /sbin symlinks from PATH.
sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \
-e 's:/var/spool/mail:/var/mail:' \
-e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \
-i etc/login.defs
# TODO: Think about adding cracklib support.
# Fix a programming error.
sed -e "224s/rounds/min_rounds/" -i libmisc/salt.c
touch /usr/bin/passwd
./configure \
--sysconfdir=/etc \
--with-group-name-max-length=32
make
make exec_prefix=/usr install
make -C man install-man
mkdir -p /etc/default
useradd -D --gid 999
# Enable shadowed passwords.
pwconv
grpconv
# Set default root password.
chpasswd <<< "root:$ROOT_PASSWORD"
LFS 11.0: 8.25. Shadow: Invalid /etc/shadow permissions after pwconv
