Date: Wed, 30 Sep 2009 02:59:46 +0400 From: Solar Designer <solar@...nwall.com> To: owl-users@...ts.openwall.com Subject: Re: can't create users under openvz container On Tue, Sep 29, 2009 at 11:53:41PM +0400, croco@...nwall.com wrote: > The VPS runs, procesess seem Okay, it pings and can be accessed by ssh, > but simple useradd command fails like this: > > varan101!root:~# useradd -u 1000 crocodil > useradd: cannot lock shadow password file > varan101!root:~# > > Using strace I see the following: > > open("/etc/tcb/crocodil/shadow.lock", > O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW, 0600) = -1 EACCES > (Permission denied) This is typically caused by improper permissions on "/" (the fs root directory), which in turn may have been caused by "/" or "." missing from your OpenVZ template. "chmod 755 /" run from within the container should fix this for the container. Adding "." with mode 755 to the template tarball should fix it for other containers created from the template (as far as I recall). > The kernel version is this: > > Linux XXXXXXXXXXXXXXXXX 2.6.18-ovz028stab056.1 #1 Mon Aug 18 13:00:29 MSD > 2008 i686 GNU/Linux This is unrelated to the problem at hand, but the above is an outdated kernel version. I understand that you picked a pre-built OpenVZ kernel, but they have newer versions pre-built as well - in fact, they do it for each new version they release on the "rhel5" branch. The current stable "rhel5" branch version is: http://wiki.openvz.org/Download/kernel/rhel5/028stab064.7 The download directory for these is: http://download.openvz.org/kernel/branches/rhel5-2.6.18/stable/ Perhaps the OpenVZ folks should no longer declare the branch based on vanilla 2.6.18 "maintained", with no new version on that branch for over a year now. In fact, I don't think further maintenance of that branch would even make sense - it would need to include all the same security fixes that are getting into the "rhel5" branch anyway. Perhaps we should notify them of this bug / outdated info on the web page at http://download.openvz.org/kernel/ , which I think is what lured you into downloading that kernel. Alexander -- To unsubscribe, e-mail owl-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists