Logon failure after Linux root password reset

更新时间:
复制 MD 格式

Problem description

After you reset the root password of a Linux ECS instance in the ECS console, you cannot log on with the new password.

Cause

The i (Immutable) attribute is set on the /etc/passwd or /etc/shadow file, which prevents the new password from taking effect.

Note

In Linux, /etc/passwd stores account information and /etc/shadow stores password information. Incorrect file attributes on /etc/shadow or /etc/passwd can cause unexpected behavior, for example, a password reset not taking effect. See Common chattr attributes.

Solution

  1. Connect to the Linux ECS instance as the root user. See Use Workbench to connect to a Linux instance over SSH.

    Important

    Use the original valid password to connect. If the original password is also invalid, connect to the instance by using VNC.

  2. Run the following commands to check file attributes:

    # Check the attribute status of the passwd file.
    lsattr /etc/passwd
    # Check the attribute status of the shadow file.
    lsattr /etc/shadow
    • If no special flag such as i or a appears, the attributes are normal.

    • Sample abnormal status:

      [root@iZbp1b0xxx ~]# lsattr /etc/passwd
      ----i------------ /etc/passwd

      The i flag indicates that the /etc/passwd file has the immutable attribute.

  3. If abnormal attributes exist, run the following commands to remove them:

    # Remove the immutable attribute from the passwd file
    chattr -i /etc/passwd
    # Remove the append only attribute from the shadow file
    chattr -a /etc/shadow
  4. Recheck file attributes:

    lsattr /etc/passwd /etc/shadow

    The output should not contain the i or a flag.

  5. Reset the root password in the ECS console. See Reset the logon password of an instance.

  6. Log on with the new root password. If the connection succeeds, the issue is resolved.

Appendix

Common chattr attributes

Attribute

Full name

Description

Common scenario

i

Immutable

The file cannot be modified, deleted, renamed, or linked.

Protect critical system files from tampering.

a

Append Only

Only appending is allowed. Existing content cannot be modified.

Protect log file integrity.

e

Extent Format

The file uses extents for disk block mapping. This is the default on modern file systems and requires no manual change.

Automatic system management.

A

No Atime Updates

Access time (atime) is not updated when the file is read, reducing disk I/O.

High-concurrency server optimization.