Hello, everybody,

i'm using Red Hat 6, I have two partitions in my computer:

- a 1st partition in read-only for /;

- a 2nd partition in read-write for /var.

I want to keep theses partitions.

I create new accounts with the
command useradd and passwd but it doesn't
run because the files /etc/passwd and /etc/shadow are in the read-only
partition.

Well, I use this solution:

I move the files /etc/passwd
and /etc/shadow to /var partition which is in read-write :
mv /etc/passwd /var
mv /etc/shadow /var

and I create these symbolics links :

ln -s /var/passwd /etc/passwd
ln -s /var/shadow /etc/shadow

When I reboot my system, i can login in red hat with my root account.

But when i open a shell console and i want to create new accounts with useradd and passwd : it doesn't run.

The system don't succeed to write in /var/passwd and /var/shadow and I don't know why.

Anyone has a solution to my problem ?


Thank you.

erm, the solution is to NOT have a read only / partition. Why on earth would you do that??

The context is an engeneering project for which i must keep the / partition in read-only mode.

I don't have to put this / partition in read-only mode, it's a requirement.

So another solution ?

I'm assuming that useradd and passwd cannot open the symbolic links for writing because they are in read only file system.

If you are using only the most basic functionality of useradd it would not be too difficult to write your own ``useradd'' that updates /var/passwd and /var/shadow directly. To encrypt passwords use the crypt() function.

a requirement is to NEVER be able to install updates
never add users
never fix anything
never add software
????

you are out of luck

if everything but the logs are read ONLY
you do not.

you might boot into the "recovery" mode on the install dvd and after " chroot /mnt/sysimage "
edit the files in VI ( or nano )

As above, you seem to be shooting yourself in the foot, but if you want it ro most of the time, but root may add users etc, then consider (as root)
and so on for updates to OS SW.
Don't forget also that with RH derived systems, you'll run into SELinux issue if you try to move/link protected files around.

There is the option -P to useradd to specify a different directory for the files in question.

Hello,

in the installation cd of RHEL6, I have the package shadow-utils-4.1.4.2-9.el6.i686.rpm,

i got the binary of useradd , but i can't find the source code?

Anyone have a suggestion to find this ?

Thanks.

red hat requires a paid for license to install software

use your paid for and activated account and install the source from the rhn
that will give you a listing .There will be a "-devel" or if you turned on the source rpeo then there will also be a src.rpm
then install it

but on a READONLY /
you can not install anything
there is no way to install any program to a read only /

Having only two filesystems (read-only / and read-write /var) is not feasible.

Just for many processes to run you need a writable /tmp. And many package installations will require a writable /bin, /usr, /lib, /etc, and/or /sbin (in addition to /var).

Back to the drawing board with the project requirements. Your engineers do not seem to have thought this through very carefully.

1 members found this post helpful.

Hello, everybody,

I am treating my problem with the two partitions:
- the / partition in read-only ;
- the /var partition in read-write which will contain the files passwd, login, shadow, gshadow.

I got the package shadow-utils-4.1.4.2-9.el6.src.rpm which contains the source codes of the executables useradd, login, passwd ...

In this package there is the file "defines.h" which contains these lines:

#ifndef PASSWD_FILE
#define PASSWD_FILE "/etc/passwd"
#endif

#ifndef GROUP_FILE
#define GROUP_FILE "/etc/group"
#endif

#ifndef SHADOW_FILE
#define SHADOW_FILE "/etc/shadow"
#endif

#ifdef SHADOWGRP
#ifndef SGROUP_FILE
#define SGROUP_FILE "/etc/gshadow"
#endif
#endif

I replace theses lines by :

#ifndef PASSWD_FILE
#define PASSWD_FILE "/var/passwd"
#endif

#ifndef GROUP_FILE
#define GROUP_FILE "/var/group"
#endif

#ifndef SHADOW_FILE
#define SHADOW_FILE "/var/shadow"
#endif

#ifdef SHADOWGRP
#ifndef SGROUP_FILE
#define SGROUP_FILE "/var/gshadow"
#endif
#endif

I run the script "configure"( which is in the package) to get the Makefile, then i execute the command "make".

I got the new executables useradd, passwd, login ...

I replace the old executables by the new ones (in the repertories /usr/sbin; /usr/bin or /bin).

I move the files passwd, login, shadow, gshadow to /var.

I create these links :
ln -s /var/passwd /etc/passwd
ln -s /var/shadow /etc/shadow
ln -s /var/gshadow /etc/gshadow
ln -s /var/group /etc/group

I test the solution:

Well i can :

-add a user;
-create a password;
-change a password of a user;

But when i reboot the computer, the system recognize no users at the startup (user created or user root).

I don't understand why ?

Anyone have a suggestion ?

Thanks.

Probably because /var isn't mounted at the right time, can I ask why you're doing this?

It's for an engineering project in which the root partition must be in read-only and /var in read-write.

But /var partition is present in /etc/fstab ?

So /var is mounted at the startup of the system ?

It's good or not ?

If you changed all programs to look in /var the symbolic links shouldn’t be necessary. Anyway: any output in /var/log which could point to the reason?