Bug 694645 - usermod, userdel, and pwck unable to lock password file
Summary: usermod, userdel, and pwck unable to lock password file
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: shadow-utils
Version: 5.5
Hardware: i386
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Peter Vrabec
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-04-07 20:25 UTC by Kevin Reding
Modified: 2011-08-22 08:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-22 08:45:11 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Kevin Reding 2011-04-07 20:25:59 UTC 
Description of problem:
We are unable to use usermod, userdel, or pwck becasue it states is cannot lock the password file.  All permissions are default, there are no lock files created.  The passwd and useradd commands work properly.

When running strace against the failing commands it fails at creating a temp password file (/etc/passwd.<PID>) with error (Permission Denied).  However useradd works just fine in creating the temp password file.

Version-Release number of selected component (if applicable):
# uname -a
Linux meu02a01.71meu.sie.usmc.smil.mil 2.6.18-194.32.1.el5PAE #1 SMP Mon Dec 20 11:00:23 EST 2010 i686 i686 i386 GNU/Linux


How reproducible:
We have been unable to reproduce the error manually.  We only know the issue occured after running scripts to harden the server via US Government guidelines.
  
Actual results:
# userdel -r kreding
userdel: unable to lock password file
Comment 1 Peter Vrabec 2011-08-22 08:41:04 UTC 
Kevin, could you specify which system configuration change caused this issue.
Comment 2 RHEL Program Management 2011-08-22 08:45:11 UTC 
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.
Note You need to log in before you can comment on or make changes to this bug.