Ubuntu – Root can change the password of a user, but the user herself cannot

16.04password

I want to change the password of a user in Ubuntu.

  • I am able to do this as root (administrator).

    root@xxx:~# passwd testuser
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

  • While occurred the following error if doing this in the user's own account.

    testuser@xxx:~$ passwd
Changing password for testuser.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged

Other system info:

  • My / is mounted as read/write.

  • And here are my permission settings:

    root@xxx:~# ls -al /etc/shadow /etc/passwd
-rw-r--r-- 1 root root   3083 Jul 23 15:17 /etc/passwd
-rw-r----- 1 root shadow 3176 Jul 23 16:26 /etc/shadow

root@xxx:~# ls -al $(which passwd)
-rwxr-xr-x 1 root root 54256 May 17 2017 /usr/bin/passwd

Any suggestion is much appreciated!

Best Answer

The command /usr/bin/passwd needs the setuid bit in its permissions to operate properly for non-root users.

From the comments we learned that the permissions of your command currently are

ls -al $(which passwd)
-rwxr-xr-x 1 root root 54256 May 17 2017 /usr/bin/passwd

To add the s bit do:

sudo chmod u+s /usr/bin/passwd
# or sudo chmod 4755 /usr/bin/passwd

so it becomes:

ls -al $(which passwd)
-rwsr-xr-x 1 root root 54256 May 17 2017 /usr/bin/passwd

Note the s instead of the first x.

Also note that by default the s bit is set, so someone must have removed it. Maybe deliberatley, to prevent users from changing their passwords. Maybe by accident, because the combination of chmod, recursion, the root directory, and seven-five-five is so much fun. (Don't do that, because it may render your system useless!)

Related Question