hi,
I like to know why with passwd or sed i can write in /etc/shadow and with vi i can not write.


ls -l /etc/shadow
----------. 1 root root 1242 Jul 3 06:36 /etc/shadow
ls -l /usr/bin/sed
-rwxr-xr-x. 1 root root 76072 Sep 30 2020 /usr/bin/sed
ls -l /usr/bin/vi
-rwxr-xr-x. 1 root root 928304 Dec 15 2020 /usr/bin/vi

A single word subject is far less likely to result in meaningful answers. Your question or subject should be clear in summery or context from the subject of the thread whenever possible.

Examples please
It does not help to ask a question about behavior, without enough details for us to replicate the behavior.

Passwd can modify /etc/shadow because it can do so under root authority, vi cannot unless you run IT under root authority.
(Why exactly would anyone want to DO that?)

I have migrated accounts between servers in an enterprise environment that required me to directly modify those files, but there has never otherwise been need.

What are you trying to do?

hi,
i used vi with root user and i can not write in /etc/shadow.

you must not directly write (modify) /etc/shadow. That is a special purpose system file and there are special tools to handle it (like passwd). Incorrect /etc/shadow file may make your system useless.

If you do not know how to make that work, you should not be trying to make that work! Just sayin'

1 members found this post helpful.

# ls -l /etc/shadow

Is the owner allowed to write to it? (No: see #1)
Maybe Also show the output of lsattr And df -T /etc

Try: :w! in vi

man vipw

Web research to learn about ownership and permissions, which are very basic to linux.
https://launchschool.com/books/comma...ad/permissions

Best wishes!!! @OP: click Edit & then 'Go advanced' on #1, to enhance the subject


Darn, and I thot I knew SunOS4 Unix... anyone know what man page says that?

you wpeckham are are big idiot.i know that i never must edit shadow but this was a simple curiosity.none of you guy here know the answer.
i will never go down of your low skills wpeckham.your attitude tell me everything about you-you are nobody as person and nobody in linux.

you do not deserve to work in linux.
its to much for you.

Per the rules
Regardless of what command, you either need to be root or use sudo to edit the file.
vi has an edit mode. If not in edit mode you can not write to the file.

2 members found this post helpful.

@vucni45, do you consider this an acceptable way to talk to peers, especially those trying to help?

You said: "I like to know why with passwd or sed i can write in /etc/shadow and with vi i can not write."
In other words, you asked why you can't modify the file.
wpeckham helpfully responded that it would not be advisable, and provided details.

1 members found this post helpful.

Seriously kid? I have done this for a lifetime, remember when the shadow systems were NEW and not required, and am ready to retire. I do this stuff ALL the time. I have shot myself in the foot a few times along the way. I cannot stop you from that, but I can at least point out which toe you are aiming at and refuse to load the gun.


The shadow system is pretty well documented, and there is no real mystery about permissions and authority. The evidences and detail is right in front of you. If you have not figured this out, you are not ready. If you HAVE figured it out, you are not likely to be ready: if you were you would not be so aggressive/defensive about things. IF you experiment with making those changes manually please start on a system where you have time and leisure to figure things out when it all blows up on you, because that is a very real possibility!

You can figure this out. You can learn this, and have been given all the right tools. When you do, also try to learn some manners, that lesson will serve you better in life than ANYTHING we could put in a lifetime of posts.

1 members found this post helpful.

root (UID 0) can write to files even if not allowed by the permissions. (Coded in the kernel.)

vim (vi) is extra cautious.
Force-write with :w!

A little safer is
vipw -s
Of course there are tools to safely manipulate certain fields in /etc/shadow

The dot in ls -l means there is a selinux context.
This is a kind of extra permissions that only exist in memory, initialized from a rule table.
Show them with ls -Z
Normally /etc/shadow inherits the selinux context from the directory /etc (or gets it from a dedicated rule).
If you extract it from an archive or move it from another directory or copy it with cp -a then the selinux context changes.
It can be quickly restored with restorecon.
A selinux access denial is logged in the syslog messages.

1 members found this post helpful.

Thanks @#11!!!

Is the reason that sed -i works, the exact same as the way the vi :w! Works? And the same as > or any other thing that writes to it would succeed by default?

All being the same reason that you wrote in the beginning, that that's the way the kernel works?

I just don't understand the question. All tools work the same, if we want to write a file, they will do it if the permission settings allow it.
Some of them may have an "are you sure" box or something similar.

1 members found this post helpful.