I have installed this version of Ubuntu on my laptop. └─ $ ▶ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.3 LTS Release: 16.04 Codename: xenial Because of my limited knowledge regarding Linux, I have added a line manually to /etc/passwd My user which I login to the laptop is gofoboso with a password. This user has sudo rights. After adding the second line into the contents following, I do not have sudo rights. root:x:0:0:root:/root:/usr/bin/zsh gofoboso:x:0:0:gofoboso:/gofoboso:/usr/bin/zsh daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin I understand that the passwords are encrypted on the /etc/shadow file, and now this has the exact attributes as the root user has (??) ─ $ ▶ sudo cat /etc/shadow [sudo] password for gofoboso: Sorry, try again. [sudo] password for gofoboso: sudo: account validation failure, is your account locked This is the company's laptop and I do not have the root password. I've tried some commands I found online but all of them required sudo. Anyone knows how can I revert this ? Most importantly I cannot restart the laptop or shut it down, because it will ask the password of the user gofoboso, which probably it's the same as root's now ?? If it cannot be fixed without becoming root, If someone knows the root password, and deletes that line the gofoboso user will be enabled again? Thanks.

I am running Ubuntu 14.04 LTS. Yesterday, I changed the password on my user account, which is an admin account. This morning, I discovered that I can no longer use sudo su to switch to root. I know that sudo uses my user account's password, not the root account's password, but it did not allow me to go to sudo su with either password. Then, after a reboot, when I logged in to the user account, it flashed a message on the screen briefly and then asked for my user name and password again. I had also changed privileges on my home directory yesterday, so I logged in as root and issued chmod 777 against my home directory. Now I can log in using that user account, but my directory structure has been replaced as though I am a new user. If I look at the directory from a terminal as root, I see this instead of the former directory structure:

root@CLM1001-Ubuntu:/home/stephen# whoami
root
root@CLM1001-Ubuntu:/home/stephen# ls
Access-Your-Private-Data.desktop  Documents  Music     Public      Templates
Desktop                           Downloads  Pictures  README.txt  Videos
root@CLM1001-Ubuntu:/home/stephen#

I have seen this behavior before after trying to remove .ecryptfs and my only recourse then was to restore from system backups. Is there something I can do to get this user account working properly again, short of doing another full system restore from backup? I looked at /var/log/syslog and /var/log/auth.log but didn't see anything that was obvious to me. I can add dumps from those logs if needed, but they are large. Adding a little more info: I noticed that my user account can no longer execute mysqldump - it gets privilege denied errors. Although I am able to get into phpmysql. (I know this is another question, so please just ignore it other than as possible, additional info on the first question.) OK, here is more on this problem (if I can get my iMac to cooperate.) I executed a "script" session and will attempt to post the captured text now:

Script started on Sun 31 May 2020 03:51:24 PM PDT  
  stephen@CLM1001-Ubuntu:~$ whoami  
stephen  
  stephen@CLM1001-Ubuntu:~$ pwd  
/home/stephen  
  stephen@CLM1001-Ubuntu:~$ hostname  
CLM1001-Ubuntu  
  stephen@CLM1001-Ubuntu:~$ uname -a  
Linux CLM1001-Ubuntu 3.13.0-93-generic #140-Ubuntu SMP Mon Jul 18 21:21:05  UTC 2016 x86_64 x86_64 x86_64 GNU/Linux  
  stephen@CLM1001-Ubuntu:~$ passwd  
Changing password for stephen.  
(current) UNIX password:   
Enter new UNIX password:   
Retype new UNIX password:   
passwd: password updated successfully  
  stephen@CLM1001-Ubuntu:~$ sudo su  
[sudo] password for stephen:   
  root@CLM1001-Ubuntu:/home/stephen# whoami  
root  
  root@CLM1001-Ubuntu:/home/stephen# exit  
exit  
  stephen@CLM1001-Ubuntu:~$ whoami  
stephen  
  stephen@CLM1001-Ubuntu:~$ ./SQLbackup  
./SQLbackup  
Sun May 31 15:57:06 PDT 2020  
/dev/sdb5 on /media/stephen/Hitachi72101Ptn5 type ext4 (rw)  
/media/stephen/Hitachi72101Ptn5 is mounted  
-- Warning: Skipping the data of table mysql.event. Specify the --events  option explicitly.  
 [note: SQLbackup is my script that runs mysqldump.]  
  stephen@CLM1001-Ubuntu:~$ echo "Ok, it looks like mysqldump is working."  
Ok, it looks like mysqldump is working.  
  stephen@CLM1001-Ubuntu:~$ exit  
exit  
Script done on Sun 31 May 2020 03:57:35 PM PDT

THEN 1. I logged in as stephen 1. I can see my home directory intact 2. I can sudo su with no problem 3. I can run mysqldump with no problem. 2. passwd I changed the password for the stephen account 3. I can sudo su with no problem 4. mysqldump with no problem 5. Via the Firefox browser, attempted to log in to phpmyadmin, but cannot log into phpmyadmin as stephen (regardless of which password I use) 6. ls still shows my home directory with no problem 7. rebooted the system 8. Cannot log in as stephen regardless of which password I use 9. Logged in to the system using a different user account 10. sudo su (to root) 11. passwd Stephen 12. I set the password to the original password again for stephen account 13. logoff 14. log in again as Stephen: Something flashes on the screen and it does directly back to the login screen 15. reboot the system again 16. login as Stephen: screen flashes and goes directly back to the login screen again 17. log in using the second user account 18. su Stephen Signature not found in user keyring Perhaps try the interactive 'ecry0tfs-mount-private' So the machine is dead at this point until I find a fix or restore from backup again. ---- Ok, so I am logged in to the problem machine again, using the second user account. I sudo sud (to root) then, as root, did these steps: (the second user is rootytooty.)

root@CLM1001-Ubuntu:/home/rootytooty# whoami
root
root@CLM1001-Ubuntu:/home/rootytooty# cd /
root@CLM1001-Ubuntu:/# pwd
/
root@CLM1001-Ubuntu:/# su stephen
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
stephen@CLM1001-Ubuntu:/$ man ecryptfs-mount-private
stephen@CLM1001-Ubuntu:/$ ecryptfs-mount-private
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
ERROR: Too many incorrect password attempts, exiting
stephen@CLM1001-Ubuntu:/$ whoami
stephen
stephen@CLM1001-Ubuntu:/$ ecryptfs-mount-private stephen
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
ERROR: Too many incorrect password attempts, exiting

I guess I go for the restore again. By the way: /var/log/syslog just shows the same messages that we saw in the terminal.

Is it possible to change password for logged in LDAP user using passwd command? I have logged in to server1 using testuser. Trying to change password for itself (testuser) and got the below error. [testuser@server1 ~]$ passwd Changing password for user testuser. (current) LDAP Password: New password: Retype new password: password change failed: Insufficient access passwd: Authentication token manipulation error

## Problem Context: Fedora CoreOS operating system (read-only root filesystem). I'm trying to add myuser to group dialout so I can access /dev/ttyS1 via its group owner. However, during first boot, Ignition phase keeps failing. **Questions**: - How can I add a custom user to group dialout? - How is it possible that it fails with the 2 error messages below ("group doesn't exist" and "group already exists")? Docs reference: [Fedora CoreOS Docs | Configuring Groups](https://docs.fedoraproject.org/en-US/fedora-coreos/authentication/#_configuring_groups) ## What I tried ### Adding User to Group It fails with message _**"useradd: group 'dialout' does not exist\n"**_. Butane config:

variant: fcos
version: 1.6.0
passwd:
  users:
    - name: myuser
      # Password: mypassword
      password_hash: "$y$j9T$tZyPwp1NEbj9P6WAv.F720$Rj9PJnLqoTph5k2Qd5hAPLF6Evsp9TEgCz5ZkmwMHT4"
      groups:
        - sudo
        - dialout
      home_dir: /home/myuser
      shell: /bin/bash
      uid: 1001

Ignition config:

{
  "ignition": {
    "version": "3.5.0"
  },
  "passwd": {
    "users": [
      {
        "groups": [
          "sudo",
          "dialout"
        ],
        "homeDir": "/home/myuser",
        "name": "myuser",
        "passwordHash": "$y$j9T$tZyPwp1NEbj9P6WAv.F720$Rj9PJnLqoTph5k2Qd5hAPLF6Evsp9TEgCz5ZkmwMHT4",
        "shell": "/bin/bash",
        "uid": 1001
      }
    ]
  }
}

Logs (journalctl):

-none
...
ignition: files: ensureUsers: op(2): [started] creating or modifying user "myuser"
ignition: files: ensureUsers: op(2): executing: "useradd" "--root" "/sysroot" "--home-dir" "/home/myuser" "--create-home" "--password" "$y$j9T$tZyPwp1NEbj9P6WAv.F720$Rj9PJnLqoTph5k2Qd5hAPLF6Evsp9TEgCz5ZkmwMHT4" "--uid" "1001" "--groups" "sudo,dialout" "--shell" "/bin/bash" "myuser"
ignition: files: ensureUsers: op(2): [failed]   creating or modifying user "myuser": exit status 6: Cmd: "useradd" "--root" "/sysroot" "--home-dir" "/home/myuser" "--create-home" "--password" "$y$j9T$tZyPwp1NEbj9P6WAv.F720$Rj9PJnLqoTph5k2Qd5hAPLF6Evsp9TEgCz5ZkmwMHT4" "--uid" "1001" "--groups" "sudo,dialout" "--shell" "/bin/bash" "myuser" Stdout: "" Stderr: "useradd: group 'dialout' does not exist\n"
systemd: ignition-files.service: Main process exited, code=exited, status=1/FAILURE
...
systemd: ignition-files.service: Failed with result 'exit-code'.

### Creating Group AND Adding User to Group This time it fails with message _**"groupadd: group 'dialout' already exists\n"**_. Butane config:

variant: fcos
version: 1.6.0
passwd:
  groups:
    - name: dialout
      gid: 18  # Standard dialout GID
  users:
    - name: myuser
      # Password: mypassword
      password_hash: "$y$j9T$tZyPwp1NEbj9P6WAv.F720$Rj9PJnLqoTph5k2Qd5hAPLF6Evsp9TEgCz5ZkmwMHT4"
      groups:
        - sudo
        - dialout
      home_dir: /home/myuser
      shell: /bin/bash
      uid: 1001

Ignition config:

{
  "ignition": {
    "version": "3.5.0"
  },
  "passwd": {
    "groups": [
      {
        "gid": 18,
        "name": "dialout"
      }
    ],
    "users": [
      {
        "groups": [
          "sudo",
          "dialout"
        ],
        "homeDir": "/home/myuser",
        "name": "myuser",
        "passwordHash": "$y$j9T$tZyPwp1NEbj9P6WAv.F720$Rj9PJnLqoTph5k2Qd5hAPLF6Evsp9TEgCz5ZkmwMHT4",
        "shell": "/bin/bash",
        "uid": 1001
      }
    ]
  }
}

Logs (journalctl):

-none
ignition: files: ensureGroups: op(1): [started] adding group "dialout" 
ignition: files: ensureGroups: op(1): executing: "groupadd" "--root" "/sysroot" "--gid" "18" "--password" "*" "dialout"
ignition: files: ensureGroups: op(1): [failed]   adding group "dialout": exit status 9: Cmd "groupadd" "--root" "/sysroot" "--gid" "18" "--password" "*" "dialout" Stdout: "" Stderr: "groupadd: group 'dialout' already exists\n"
...
systemd: ignition-files.service: Main process exited, code=exited, status=1/FAILURE
systemd: ignition-files.service: Failed with result 'exit-code'.
systemd: Failed to start ignition-files.service - Ignition (files).

##### Context 1. Through a bug report and discussion about KDE Plasma's user management KConfig Module silently failing to support commas inside the full name field, I recently came to realise that parsing the GECOS field in /etc/passwd is a rather unstandardised endeavour, [\[2\]] for some applications support the comma-delimited values, [\[5\]] whereas others consider the entire content to be the user's full name. [\[3\]] 1. When I discussed this with the chfn developers at [github.com/util-linux/util-linux/discussions/3589#discussioncomment-13270218](https://github.com/util-linux/util-linux/discussions/3589#discussioncomment-13270218:~:text=Maintainer-,POSIX%20defines%20the%20/etc/passwd%20format%2C%20but%20not%20the%20GECOS%20subfields%20and%20separators.,-The%20use%20of) , I was advised that this was the purview of POSIX: > POSIX defines the /etc/passwd format, but not the GECOS subfields and separators. 1. Consequently, I intended to file an ommission bug at The Austin Group MantisBT instance: [\[4\]] However, upon further research, POSIX.1 (The Open Group Base Specifications Issue 8) is too narrow, so I tried The Single UNIX Specification Version 4. Unfortunately, this explicitly states: [\[1\]] > One thing that becomes apparent working with the Single UNIX Specification is its focus on application development. The Single UNIX Specification is similar to the User's and Programmer's Reference Manuals on Berkeley or System V systems. > > Matters of system management are not part of this specification. Directory organization is not discussed beyond the simple few directories and devices that applications generally use. User management discussions do not appear. There is no discussion of such files as /etc/passwd or /etc/groups, since an application's access to the information traditionally kept in these files is through programmatic interfaces such as getpwnam() and getgrnam(). ##### Question Consequently, does *any* organisation exist, that I can petition to, to standardise the escape sequences of /etc/passwd's GECOS field, so that [those who use commas in their names](https://english.stackexchange.com/revisions/324077/2#content:~:text=Organization%20is%20better%20than%20randomness,ordered%20lists%20by%20last%20name.) can? [\[1\]]: https://unix.org/version4/overview.html#:~:text=One%20thing%20that%20becomes%20apparent,such%20as%20getpwnam()%20and%20getgrnam() . [\[2\]]: https://discuss.kde.org/t/why-does-the-users-kcm-prevent-adding-certain-characters-to-names/34772/3?u=rokejulianlockhart#post_3:~:text=If%20I%20understand%20correctly%2C%20the,defined%20in%20the%20first%20place . [\[3\]]: https://discuss.kde.org/t/why-does-the-users-kcm-prevent-adding-certain-characters-to-names/34772/3?u=rokejulianlockhart#post_3:~:text=the%20first%20place.-,There%E2%80%99s%20still%20some%20software%20out%20there%20that%20doesn%E2%80%99t%20recognize%20the%20GECOS%20subfields%20in%20the%20first%20place.%20That%20software%20treats%20commas%20as%20normal%20characters%2C%20confusing%20software%20that%20does%20recognize%20the%20subfields.,-1 [\[4\]]: https://www.reddit.com/r/unix/comments/cf21sh/comment/muj126e/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button#:~:text=The%20SUS%20V4%20corresponds%20to,selext%20Issue%207%20+%20TC2 [\[5\]]: https://unix.stackexchange.com/revisions/541197/1#content:~:text=The%20de%20facto%20authoritative%20sources%20for%20this%20information%20are%20sendmail%20server%20and%20finger%20client%20implementations.%20Implementations%20for%20BSDs%20and%20Solaris%20are%20open%20source%2C%20and%20all%20of%20them%20would%20seem%20to%20agree%20on%20the%20above%20rules .

Disabled password on login with command sudo passwd -l user How do I retrieve the password?

Samba users cannot change their own passwords. The password can only be changed using root account using the command smbpasswd -a But I want users be able to change their passwords by their own. When password is tried to changed using a non-root account I get the below error message. $ smbpasswd Old SMB password: New SMB password: Retype new SMB password: Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE Failed to change password for user1 Any reasons for this? How can I fix this?

I'm trying to programmatically change a user's password using chpasswd, but I'm getting the following error:

/sbin/chpasswd "
chpasswd: (user 0s22xmgW) pam_chauthtok() failed, error:
Authentication token manipulation error
chpasswd: (line 1, user 0s22xmgW) password not changed
root@phantom:/home/ealfonso#

After trying to enhance pam debug logging by appending "debug" to most lines in /etc/pam.d/common-auth and /etc/pam.d/common-password, and checking /var/auth.log, I see the following logs:

2025-04-23T12:37:33.676089-04:00 phantom chpasswd: pam_krb5(chpasswd:chauthtok): pam_sm_chauthtok: entry (prelim)
2025-04-23T12:37:33.676432-04:00 phantom chpasswd: pam_krb5(chpasswd:chauthtok): (user 0s22xmgW) attempting authentication as 0s22xmgW@example.com for kadmin/changepw
2025-04-23T12:37:34.701043-04:00 phantom chpasswd: pam_krb5(chpasswd:chauthtok): (user 0s22xmgW) krb5_get_init_creds_password: Client '0s22xmgW@example.com' not found in Kerberos database
2025-04-23T12:37:34.701246-04:00 phantom chpasswd: pam_krb5(chpasswd:chauthtok): pam_sm_chauthtok: exit (failure)
2025-04-23T12:37:34.701331-04:00 phantom chpasswd: pam_unix(chpasswd:chauthtok): username [0s22xmgW] obtained
2025-04-23T12:37:34.701762-04:00 phantom chpasswd: gkr-pam: invalid option: debug
2025-04-23T12:37:34.701966-04:00 phantom chpasswd: pam_krb5(chpasswd:chauthtok): pam_sm_chauthtok: entry (update)
2025-04-23T12:37:34.702065-04:00 phantom chpasswd: pam_krb5(chpasswd:chauthtok): (user 0s22xmgW) attempting authentication as 0s22xmgW@MY_REALM for kadmin/changepw
2025-04-23T12:37:35.719315-04:00 phantom chpasswd: pam_krb5(chpasswd:chauthtok): (user 0s22xmgW) krb5_get_init_creds_password: Client not found in Kerberos database
2025-04-23T12:37:35.719842-04:00 phantom chpasswd: pam_krb5(chpasswd:chauthtok): pam_sm_chauthtok: exit (failure)
2025-04-23T12:37:35.719923-04:00 phantom chpasswd: pam_unix(chpasswd:chauthtok): username [0s22xmgW] obtained
2025-04-23T12:37:35.719980-04:00 phantom chpasswd: pam_unix(chpasswd:chauthtok): password - new password not obtained

I do use kerberos authentication for AFS and I see some kerberos-related logs, but in this case I'm only trying to change the local unix password of the local unix user. The last two lines in the log show that chpasswd was able to obtain the user, but for some unknown reason, not the password:

2025-04-23T12:37:35.719923-04:00 phantom chpasswd: pam_unix(chpasswd:chauthtok): username [0s22xmgW] obtained
2025-04-23T12:37:35.719980-04:00 phantom chpasswd: pam_unix(chpasswd:chauthtok): password - new password not obtained

How can I get the reason behind the new password not obtained error and further debug this? I did try using strace and I see some kerberos-auth-related DNS and network requests, but again I'm not sure whether those are relevant to the failure to set the local unix password. For detail, below is the strace log : I think I do have the proper permissions on /etc/password and /etc/shadow:

ls -l /etc/shadow /etc/passwd
-rw-r--r-- 1 root root   2474 Apr 23 12:30 /etc/passwd
-rw-r----- 1 root shadow 1371 Apr 23 12:30 /etc/shadow

# grep -i password /etc/pam.d/common*:

# grep -i password /etc/pam.d/common*
/etc/pam.d/common-password:# /etc/pam.d/common-password - password-related modules common to all services
/etc/pam.d/common-password:# used to change user passwords.  The default is pam_unix.
/etc/pam.d/common-password:#hashed passwords using the yescrypt algorithm, introduced in Debian
/etc/pam.d/common-password:#used the option "sha512"; if a shadow password hash will be shared
/etc/pam.d/common-password:password     [success=2 default=ignore]      pam_krb5.so minimum_uid=1000 debug
/etc/pam.d/common-password:password     [success=1 default=ignore]      pam_unix.so obscure use_authtok try_first_pass yescrypt debug
/etc/pam.d/common-password:password     requisite                       pam_deny.so debug
/etc/pam.d/common-password:password     required                        pam_permit.so debug
/etc/pam.d/common-password:password     optional        pam_gnome_keyring.so debug
/etc/pam.d/common-password:password     optional        pam_ecryptfs.so debug

# cat /etc/nsswitch.conf:

# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the glibc-doc-reference' and info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd
group:          files systemd
shadow:         files systemd
gshadow:        files systemd

hosts:          files mdns4_minimal dns [NOTFOUND=return] dns mymachines myhostname
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

$ grep -P "pam_unix|pam_krb" -R /etc/pam.d

common-account :17:account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so 
common-account :25:account	required			pam_krb5.so minimum_uid=1000
common-auth :17:auth	[success=2 default=ignore]	pam_krb5.so minimum_uid=1000 debug
common-auth :18:auth	[success=1 default=ignore]	pam_unix.so nullok try_first_pass debug
common-session-noninteractive :24:session	optional			pam_krb5.so minimum_uid=1000
common-session-noninteractive :25:session	required	pam_unix.so 
runuser :5:session		required	pam_unix.so
login :8:# to disable any delay, you should add the nodelay option to pam_unix)
common-password :6:# used to change user passwords.  The default is pam_unix.
common-password :8:# Explanation of pam_unix options:
common-password :15:#`OBSCURE_CHECKS_ENAB' option in login.defs.  See the pam_unix manpage
common-password :25:password	[success=2 default=ignore]	pam_krb5.so minimum_uid=1000 debug
common-password :26:password	[success=1 default=ignore]	pam_unix.so obscure use_authtok try_first_pass yescrypt debug
common-session :23:session	optional			pam_krb5.so minimum_uid=1000
common-session :24:session	required	pam_unix.so

I changed my user password two months ago. Logged in. Machine has been up and running since. Now I forgot my new password and want to run a sudo command. 'passwd' wants my current password before doing anything. Note: I also don't have the root account password. I'm logged in now, have access to all my files etc, so is there a way to skip giving my current password to 'passwd'? Is there some way I can update my password without the current one? I know there's a way to get in by rebooting and fiddling with the bootup command, but I'd rather not lose all the work in progress I have up now. Note: Arch Linux, icewm for 'desktop', no other users, just me.

When I issue a command to change my password like this: sudo passwd huahsin The system prompt me: Current Kerberos password: I don't know what I have done to the system configuration, how could I eliminate this Kerberos thing when I change my password?

I don't know what's algorithm of storing password in /etc/shadow in Linux.
I tested via the following script via python: import hashlib message = b"123" md5_hash = hashlib.md5(message).hexdigest() sha1_hash = hashlib.sha1(message).hexdigest() sha256_hash = hashlib.sha256(message).hexdigest() sha384_hash = hashlib.sha384(message).hexdigest() sha512_hash = hashlib.sha512(message).hexdigest() print(f"MD5: {md5_hash}") print(f"SHA-1: {sha1_hash}") print(f"SHA-256: {sha256_hash}") print(f"SHA-384: {sha384_hash}") print(f"SHA-512: {sha512_hash}") But I did't see my password.My password is 123.
1. Does shadow store as HASH? if yes I should discard getting password.
2. If password doesn't store as hash, How can I get it?

After setting password expiration via: sudo chage -d 0 username Then changing the password and login as that user. When I type "passwd" and try to set the original password I receive message; "Password Policy - BAD PASSWORD: The password is just rotated old one" I've had a look in the following file but can't see a policy line item that could cause this behaviour; sudo nano /etc/pam.d/common-password ----- # here are the per-package modules (the "Primary" block) password requisite pam_pwquality.so retry=3 password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass yesc> password sufficient pam_sss.so use_authtok # here's the fallback if no module succeeds password requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around password required pam_permit.so # and here are more per-package modules (the "Additional" block) password optional pam_gnome_keyring.so password optional pam_ecryptfs.so # end of pam-auth-update config ----- What is causing the "BAD PASSWORD: The password is just rotated old one" error message? Cheers!

I have a piece of equipment running a yocto build. This build includes services like ssh-server, mysql, and ntp, with each run as their own users. mysql is UID 999, sshd is UID 998, etc. In my latest yocto build, a new user called messagebus was added with UID 999. So now mysql is 998, and sshd is 997. This will break my system if I upgrade to it, because there is a variable partition with things like database files, which mysql needs access to, and are owned by UID 999. How can I tell yocto which UIDs and GIDs I want to use for those services? I'm finding a lot of information on how to do it for new recipes that I create, but not how to do it for existing recipes. I tried turning on

= "useradd-staticids"

in my local.conf, but that didn't do anything. It seems those recipes don't have the needed passwd and group files because when I also turned on

= "error"

, I was getting errors for those services. I tried to create a recipe for mariadb that just did

:prepend := "${THISDIR}/files:"

and then I had files passwd and group that had

:x:999:999::/var/mysql:/bin/false

and

:x:999:

respectively. I compiled this, and it built, but the rootfs

/etc/passwd

file still had 998 as the UID. Any ideas? Ideally I'd like to manage all this with just one file, but I'll have separate bbappends for each recipe if I have to do it that way.

I have a Solaris server, it use ldap for user authentication and kerberos for password. The user can change his password, I have only problem with password aging for example: passwd -r ldap -n 12 giovanni Enter giovanni's password: Permission denied This is the pam.conf for passwd passwd auth sufficient pam_passwd_auth.so.1 passwd auth required pam_dhkeys.so.1 passwd auth sufficient pam_krb5.so.1 passwd auth required pam_unix_cred.so.1 passwd auth required pam_unix_auth.so.1 I know on kerberos is possible to use policies, but if I want to set password aging for user? I had to set a policy only for this user? No way to use passwd command?

The second field in the Linux /etc/shadow file represents a password. However, what we have seen is that: 1. Some of the password fields may have a single exclamation :!:..... 2. Some of the password fields may have a double exclamation :!!:..... 3. Some of the password fields may have an asterisk sign :*:..... By some research on internet and through this thread , I can understand that * means password never established, ! means locked. Can someone explain what does double exclamation (!!) mean? and how is it different from (!)?

I need to restrict all access to a user on a RHEL 8 system and allow them to only change their own password. I thought that I could do

[root]$ usermod  -s /bin/passwd

but this is not working. What am I missing? Update: To be clear, the behavior is that, once the machine boots (multi-user.target) and you see that screen where you enter first your user name and then the prompt changes to ask for the password, if you enter the user for which I set the shell to either /bin/passwd or /usr/bin/passwd (and either via vipw straight into /etc/passwd or via usermod), the screen resets and in a split second it's back again to ask for a user name, as if nothing had happened. Everything else is unchanged; with root, it just continues to work as normal.

I notice there are settings in /etc/pam.d/common-password to define minimum password strength. For example: ... password requisite pam_pwquality.so retry=3 maxrepeat=0 minlen=19 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 reject_username enforce_for_root dictcheck=0 password required pam_pwhistory.so remember=10 use_authtok enforce_for_root ... These checks are run when passwd is run. I want to check if a given string will pass these checks but I don't want it to actually modify the user's password if it succeeds. Essentially I am looking for something like passwd --dry-run. How can I achieve this

In my bash script I'm trying to print a line if a certain string does not exist in a file. if grep -q "$user2" /etc/passwd; then echo "User does exist!!" This is how I wrote it if I wanted the string to exist in the file. But how can I change this to make it print "user does not exist" if the user is **not** found in the /etc/passwd file?

I use Bookworm distro on RPI and without any reason stopped working applications which require *gpio* membership. Real groups membership for *pi* I get via pi@digie35:~ $ groups pi adm dialout cdrom sudo audio video plugdev games users input render netdev lpadmin wireshark i2c spi lists 17 group. Content of */etc/group* (978bytes) pi@digie35:~ $ cat /etc/group root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:pi tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20:pi fax:x:21: voice:x:22: cdrom:x:24:pi floppy:x:25: tape:x:26: sudo:x:27:pi audio:x:29:pi,pulse dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: shadow:x:42:vnc utmp:x:43: video:x:44:pi,vnc sasl:x:45: plugdev:x:46:pi staff:x:50: games:x:60:pi users:x:100:pi nogroup:x:65534: systemd-journal:x:999: systemd-network:x:998: crontab:x:101: input:x:102:pi sgx:x:103: kvm:x:104: render:x:105:pi,vnc netdev:x:106:pi pi:x:1000: systemd-timesync:x:997: messagebus:x:107: _ssh:x:108: bluetooth:x:109: avahi:x:110: polkitd:x:996: spi:x:995:pi i2c:x:994:pi gpio:x:993:pi lightdm:x:111: rtkit:x:112: pipewire:x:113: rdma:x:114: lpadmin:x:115:pi ssl-cert:x:116: pulse:x:117: pulse-access:x:118: scanner:x:119:saned saned:x:120: colord:x:121: sambashare:x:992: vnc:x:991: xrdp:x:122: wireshark:x:123:pi defines *pi* in 17 groups (18th is primary from */etc/passwd*) I get correct result from pi@digie35:~ $ groups pi pi : pi adm dialout cdrom sudo audio video plugdev games users input render netdev spi i2c gpio lpadmin wireshark But login process somehow removes *gpio* froom list. I can use pi@digie35:~ $ newgrp gpio to add group. But when I do *newgrp -* then no progress. I see in strace that it read */etc/group* 978bytes, and call get groups with list where is missing *993 (gpio)*. read(4, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 978 close(4) = 0 getgroups(16, 0x556e969ad0) = -1 EINVAL (Invalid argument) getgroups(32, [4, 20, 24, 27, 29, 44, 46, 60, 100, 102, 105, 106, 115, 123, 994, 995, 1000]) = 17 Full strace: pi@digie35:~ $ strace newgrp - execve("/usr/bin/newgrp", ["newgrp", "-"], 0x7ffa933ba8 /* 47 vars */) = 0 faccessat(AT_FDCWD, "/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory) brk(NULL) = 0x556e968000 fcntl(0, F_GETFD) = 0 fcntl(1, F_GETFD) = 0 fcntl(2, F_GETFD) = 0 faccessat(AT_FDCWD, "/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae1d6000 faccessat(AT_FDCWD, "/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=95999, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 95999, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fae185000 close(3) = 0 openat(AT_FDCWD, "/lib/aarch64-linux-gnu/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=132984, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 327856, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae134000 mmap(0x7fae140000, 262320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fae140000 munmap(0x7fae134000, 49152) = 0 munmap(0x7fae181000, 12464) = 0 mprotect(0x7fae15f000, 65536, PROT_NONE) = 0 mmap(0x7fae16f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f000) = 0x7fae16f000 mmap(0x7fae171000, 61616, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fae171000 close(3) = 0 openat(AT_FDCWD, "/lib/aarch64-linux-gnu/libcrypt.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=198584, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 361080, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae0e7000 mmap(0x7fae0f0000, 295544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fae0f0000 munmap(0x7fae0e7000, 36864) = 0 munmap(0x7fae139000, 25208) = 0 mprotect(0x7fae11e000, 69632, PROT_NONE) = 0 mmap(0x7fae12f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2f000) = 0x7fae12f000 mmap(0x7fae131000, 29304, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fae131000 close(3) = 0 openat(AT_FDCWD, "/lib/aarch64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0000y\2\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1651408, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 1826912, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fadf31000 mmap(0x7fadf40000, 1761376, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fadf40000 munmap(0x7fadf31000, 61440) = 0 munmap(0x7fae0ef000, 96) = 0 mprotect(0x7fae0c7000, 86016, PROT_NONE) = 0 mmap(0x7fae0dc000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18c000) = 0x7fae0dc000 mmap(0x7fae0e2000, 49248, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fae0e2000 close(3) = 0 openat(AT_FDCWD, "/lib/aarch64-linux-gnu/libcap-ng.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=67504, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 196672, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fadf0f000 mmap(0x7fadf10000, 131136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fadf10000 munmap(0x7fadf0f000, 4096) = 0 munmap(0x7fadf31000, 57408) = 0 mprotect(0x7fadf16000, 102400, PROT_NONE) = 0 mmap(0x7fadf2f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x7fadf2f000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae1d4000 set_tid_address(0x7fae1d4510) = 6321 set_robust_list(0x7fae1d4520, 24) = 0 rseq(0x7fae1d4b60, 0x20, 0, 0xd428bc00) = 0 mprotect(0x7fae0dc000, 16384, PROT_READ) = 0 mprotect(0x7fadf2f000, 4096, PROT_READ) = 0 mprotect(0x7fae12f000, 4096, PROT_READ) = 0 mprotect(0x7fae16f000, 4096, PROT_READ) = 0 mprotect(0x556cb8f000, 4096, PROT_READ) = 0 mprotect(0x7fae1db000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7fae185000, 95999) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cap_last_cap", O_RDONLY) = 3 fstatfs(3, {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0 read(3, "40\n", 7) = 3 close(3) = 0 prctl(PR_CAPBSET_READ, CAP_CHOWN) = 1 prctl(PR_GET_SECUREBITS) = 0 prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0) = 0 prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_CHOWN, 0, 0) = 0 socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 getrandom("\xd1\xa1\xca\xe5\x6a\x9e\xd8\xd7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x556e968000 brk(0x556e989000) = 0x556e989000 openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=3048976, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 3048976, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7fadc27000 close(4) = 0 openat(AT_FDCWD, "/proc/self/loginuid", O_RDONLY) = 4 read(4, "1000", 12) = 4 close(4) = 0 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=526, ...}, 0) = 0 newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=526, ...}, AT_EMPTY_PATH) = 0 read(4, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 526 read(4, "", 4096) = 0 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=526, ...}, AT_EMPTY_PATH) = 0 close(4) = 0 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=1891, ...}, AT_EMPTY_PATH) = 0 lseek(4, 0, SEEK_SET) = 0 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1891 close(4) = 0 getuid() = 1000 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=526, ...}, 0) = 0 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=1891, ...}, AT_EMPTY_PATH) = 0 lseek(4, 0, SEEK_SET) = 0 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1891 close(4) = 0 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(4) = 0 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=526, ...}, 0) = 0 openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=978, ...}, AT_EMPTY_PATH) = 0 lseek(4, 0, SEEK_SET) = 0 read(4, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 978 close(4) = 0 getgroups(16, 0x556e969ad0) = -1 EINVAL (Invalid argument) getgroups(32, [4, 20, 24, 27, 29, 44, 46, 60, 100, 102, 105, 106, 115, 123, 994, 995, 1000]) = 17 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=526, ...}, 0) = 0 openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=978, ...}, AT_EMPTY_PATH) = 0 lseek(4, 0, SEEK_SET) = 0 read(4, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 978 close(4) = 0 openat(AT_FDCWD, "/etc/gshadow", O_RDONLY) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/etc/gshadow", O_RDONLY) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/etc/login.defs", O_RDONLY) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=12608, ...}, AT_EMPTY_PATH) = 0 read(4, "#\n# /etc/login.defs - Configurat"..., 4096) = 4096 read(4, "ill allow other people to write "..., 4096) = 4096 read(4, " Use with caution - it is possib"..., 4096) = 4096 read(4, " "..., 4096) = 320 read(4, "", 4096) = 0 close(4) = 0 openat(AT_FDCWD, "/proc/self/loginuid", O_RDONLY) = 4 read(4, "1000", 12) = 4 close(4) = 0 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=526, ...}, 0) = 0 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=1891, ...}, AT_EMPTY_PATH) = 0 lseek(4, 0, SEEK_SET) = 0 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1891 close(4) = 0 ioctl(0, TCGETS, {c_iflag=ICRNL|IXON|IUTF8, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0 ioctl(0, TCGETS, {c_iflag=ICRNL|IXON|IUTF8, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0 newfstatat(0, "", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0xa), ...}, AT_EMPTY_PATH) = 0 readlinkat(AT_FDCWD, "/proc/self/fd/0", "/dev/pts/10", 4095) = 11 newfstatat(AT_FDCWD, "/dev/pts/10", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0xa), ...}, 0) = 0 getpid() = 6321 openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=2301, ...}, AT_EMPTY_PATH) = 0 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=2301, ...}, AT_EMPTY_PATH) = 0 read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\10\0\0\0\0"..., 4096) = 2301 lseek(4, -1461, SEEK_CUR) = 840 read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\t\0\0\0\t\0\0\0\0"..., 4096) = 1461 close(4) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = 0 sendto(4, "Oct 7 08:47:33 newgrp"..., 89, MSG_NOSIGNAL, NULL, 0) = 89 rt_sigaction(SIGINT, {sa_handler=SIG_IGN, sa_mask=[INT], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGQUIT, {sa_handler=SIG_IGN, sa_mask=[QUIT], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGHUP, {sa_handler=SIG_IGN, sa_mask=[HUP], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTSTP, {sa_handler=SIG_IGN, sa_mask=[TSTP], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTTIN, {sa_handler=SIG_IGN, sa_mask=[TTIN], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTTOU, {sa_handler=SIG_IGN, sa_mask=[TTOU], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fae1d4510) = 6322 getgid() = 1000 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=526, ...}, 0) = 0 openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 5 newfstatat(5, "", {st_mode=S_IFREG|0644, st_size=978, ...}, AT_EMPTY_PATH) = 0 lseek(5, 0, SEEK_SET) = 0 read(5, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 978 close(5) = 0 Also */etc/nsswitch.conf* pi@digie35:~ $ cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the glibc-doc-reference' and info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files group: files shadow: files gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis I cannot pi@digie35:~ $ strace newgrp gpio connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = 0 sendto(4, "Oct 7 09:34:36 newgrp"..., 90, MSG_NOSIGNAL, NULL, 0) = 90 rt_sigaction(SIGINT, {sa_handler=SIG_IGN, sa_mask=[INT], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGQUIT, {sa_handler=SIG_IGN, sa_mask=[QUIT], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGHUP, {sa_handler=SIG_IGN, sa_mask=[HUP], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTSTP, {sa_handler=SIG_IGN, sa_mask=[TSTP], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTTIN, {sa_handler=SIG_IGN, sa_mask=[TTIN], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTTOU, {sa_handler=SIG_IGN, sa_mask=[TTOU], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f99bd7510) = 6528 getgid() = 1000 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=526, ...}, 0) = 0 openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 5 newfstatat(5, "", {st_mode=S_IFREG|0644, st_size=978, ...}, AT_EMPTY_PATH) = 0 setgroups: Operation not permitted lseek(5, 0, SEEK_SETsetgid: Operation not permitted ) = 0 read(5, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 978 close(5) = 0 wait4(6528, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], WSTOPPED, NULL) = 6528 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6528, si_uid=1000, si_status=1, si_utime=0, si_stime=0} --- getpid() = 6527 sendto(4, "Oct 7 09:34:36 newgrp"..., 88, MSG_NOSIGNAL, NULL, 0) = 88 close(4) = 0 exit_group(1) = ? +++ exited with 1 +++ But it works pi@digie35:~ $ groups pi adm dialout cdrom sudo audio video plugdev games users input render netdev lpadmin wireshark i2c spi pi@digie35:~ $ newgrp gpio pi@digie35:~ $ groups gpio adm dialout cdrom sudo audio video plugdev games users input render netdev lpadmin wireshark i2c spi pi **Any idea why group *gpio* is excluded from secondary group membership for user *pi* ?**

I have tried with command: $ passwd It is asking new password and give success message but when I try to login with new password after restart the system. It work with old password. New password not changed! Any idea...