[SOLVED] broken /etc/passwd and /etc/shadow

gabx · 2025-05-21 10:28:26

I unfortunately broke /etc/passwd and /etc/shadow when editing them with vim (visudo was impossible to use). I inserted some white lines that I deleted thereafter. I had backup of these files but it looks like even the backup are broken (weird, maybe a corrupted filesystem as these files come from BTRFS snapshots).
Now here is what I get with visudo:

# visudo /etc/passwd
# :q!
passwd:1:5: syntax error
root:x:0:0:/usr/bin/bash
      ^
passwd:2:4: syntax error
bin:x:1:1::/:/usr/bin/login
     ^

... and so on for the whole file.

When quitting visudo, I have this message:

What now?
Options are:
  (e)dit sudoers file again
  e(x)it without saving changes to sudoers file
  (Q)uit and save changes to sudoers file (DANGER!)

I have the same errors when visudo /etc/shadow

Now running pwck:

# pwck /etc/passwd
--> return nothing
# pwck /etc/shadow
invalid password file entry
----> for all lines of the files

EDIT
In fact, the backup of these two files are originally not broken. I just tried with another backup, which has been done manually a few months ago. When I replace these two files with the backup, the visudo /etc/passwd, I still get the syntax error when I quit visudo. So the issue is not getting a proper original passwd or shadow files.
My system works but with lags in some actions (like deleting mails in my box, or typing password to log in) and weird behaviors (my shell zsh can't read its config files).

Is there any way to get out properly of this bad situation?

Last edited by gabx (2025-05-21 16:57:56)

dimich · 2025-05-21 12:34:52

gabx wrote:

# visudo /etc/passwd

visudo is for editing /etc/sudoers. You want vipw, I guess.

-thc · 2025-05-21 12:37:06

AFAIK "visudo" is for editing "/etc/sudoers" only (because of it's access rights 444) .

The syntax complaints stem from the fact that "/etc/passwd" is no "sudoers" file.

(pwck on my system shows the same behavior - AFAIK it's not meant to be used in the form "pwck /etc/shadow")

gabx · 2025-05-21 13:31:41

OK, you are right, I was confused. So my /etc/sudoers is intact, my only potential issue is with passwd and shadow files.

# vipw
---> returns nothing

So I can say the file is sane. Now, how can I check shadow file? My issues (need to type pwd too many times for exemple) comes from somewhere: shadow and passwd were the two files of importance I modified yesterday.

mpan · 2025-05-21 14:02:44

In the first place, please describe what is happening.

Exactly. What command do you type? What response or behavior do you get? What response or behavior do you expect, and why do you think the current one is wrong?

Last edited by mpan (2025-05-21 14:04:13)

gabx · 2025-05-21 14:12:43

[root@magnolia gabx]# grpck
invalid group file entry
delete line 'gabx:x:1000'?
----
# getent group 1000
gabx:x:1000:
# getent passwd gabx
gabx:x:1000:1000::/home/gabx:/bin/zsh

I don't understand why I should delete the line with my user name and GID in /etc/group, as suggested by grpck ?

seth · 2025-05-21 14:25:09

grep gabx /etc/shadow

Seems you lack the tailing colon?

gabx · 2025-05-21 14:33:02

mpan wrote:

In the first place, please describe what is happening.
Exactly. What command do you type? What response or behavior do you get? What response or behavior do you expect, and why do you think the current one is wrong?

I wanted to convert my existing user, gabx, to systemd-homed managed, following this page from systemd.io. I add to manipulate /etc/passwd, /etc/group and /etc/shadow. Then, latter in the process, I found myself stuck can't remember why, and thus I decided to reverse.
I thought everything was back in order, but I can remark some weird behavior like: need many attempt to enter my user passwd. I will work after 10-15 times. Then, my zsh shell doesn't honor its config files, it takes few minutes to delete emails etc. So I first thought I messed around with the /etc user and group files. I realized I was wrongly using visudo and not the correct commands. All my /etc files were backuped so I replace the potential corrupted files with the backups.
According to me, everything should be back to normal, but after log out/log in, the weird behaviors are still here, no idea why.
Maybe the reason is because homectl is still active for my user name?

[root@magnolia gabx]# homectl list
NAME UID  GID  STATE    REALNAME           HOME       SHELL
gabx 1000 1000 inactive /home/gabx.homedir /home/gabx /usr/bin/zsh

1 home areas listed.
-----
[root@magnolia gabx]# ls -al /home
total 51961856
drwxr-xr-x 1 root root          26 May 21 11:27 .
drwxr-xr-x 1 root root         198 May 21 11:47 ..
drwx------ 1 gabx gabx         536 May 21 12:10 gabx
-rw------- 1 root root 53208940544 May 21 03:46 gabx.home

I can't remove user gabx with homectl:

[root@magnolia gabx]# homectl remove gabx
Failed to remove home: Home gabx is currently being used, or an operation on home gabx is currently being executed.

Now I have no idea how to progress in both case: back to previous state or go ahead with systemd-homed.

gabx · 2025-05-21 14:34:46

deleted

Last edited by gabx (2025-05-21 14:40:56)

seth · 2025-05-21 14:38:21

Fuck, I typed that.
I meant

grep gabx /etc/group

Edit your post and remove the has there asap, consider the password tainted.
Sorry.

What I meant is that the line has four fields and typicall three are set and it ends with a colon separating the final one - and that colon seems to be missing for your user.

gabx · 2025-05-21 14:42:04

seth wrote:

Fuck, I typed that.
I meant
grep gabx /etc/group
Edit your post and remove the has there asap, consider the password tainted.
Sorry.
What I meant is that the line has four fields and typicall three are set and it ends with a colon separating the final one - and that colon seems to be missing for your user.

I removed the post and changed my passwd, no worry.

[root@magnolia gabx]# grep gabx /etc/group
wheel:x:998:gabx
gabx:x:1000

You are right. I added the semi colon at the end, but the issues persist.

gabx:x:1000:

Last edited by gabx (2025-05-21 14:53:42)

seth · 2025-05-21 14:59:25

need many attempt to enter my user passwd. I will work after 10-15 times. Then, my zsh shell doesn't honor its config files, it takes few minutes to delete emails etc

Are there remaining problems?
Can you "homectl remove gabx" when not being logged in as that user (ie, boot the multi-user.target and login as root)?

ls -lh /home/gabx/.z*

mpan · 2025-05-21 15:21:19

Regarding the authentication problems: didn’t faillock kick in? With the default configuration you shouldn’t be able to make 10–15 attempts. You’d be unconditionally bounced off after the 3rd failure, until the timeout expires. Which could be responsible for the remaining 6–11 failed attempts.

If what seth suggested brings no help, check the journal for any errors/warnings related to systemd-homed or messages mentioning timeouts.

gabx · 2025-05-21 16:57:26

It is really an issue for user gabx. When I run:

magnolia% su
Password:
[root@magnolia gabx]#

it works like normal at the first password enter.
I created a new basic user, and was able with this new user to log in normally, entering the password just once.

I will deal with all that and create a new user, copy all gabx personal files and that's it. Can't waste too much time investigating.

Thank you all for your help

Arch Linux

#1 2025-05-21 10:28:26

[SOLVED] broken /etc/passwd and /etc/shadow

#2 2025-05-21 12:34:52

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#3 2025-05-21 12:37:06

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#4 2025-05-21 13:31:41

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#5 2025-05-21 14:02:44

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#6 2025-05-21 14:12:43

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#7 2025-05-21 14:25:09

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#8 2025-05-21 14:33:02

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#9 2025-05-21 14:34:46

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#10 2025-05-21 14:38:21

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#11 2025-05-21 14:42:04

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#12 2025-05-21 14:59:25

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#13 2025-05-21 15:21:19

Re: [SOLVED] broken /etc/passwd and /etc/shadow

#14 2025-05-21 16:57:26

Re: [SOLVED] broken /etc/passwd and /etc/shadow

Board footer