Subject: Re: can't create users under openvz container
Date: Tuesday 29th September 2009 22:59:46 UTC (over 8 years ago)
On Tue, Sep 29, 2009 at 11:53:41PM +0400, [email protected] wrote: > The VPS runs, procesess seem Okay, it pings and can be accessed by ssh, > but simple useradd command fails like this: > > varan101!root:~# useradd -u 1000 crocodil > useradd: cannot lock shadow password file > varan101!root:~# > > Using strace I see the following: > > open("/etc/tcb/crocodil/shadow.lock", > O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW, 0600) = -1 EACCES > (Permission denied) This is typically caused by improper permissions on "/" (the fs root directory), which in turn may have been caused by "/" or "." missing from your OpenVZ template. "chmod 755 /" run from within the container should fix this for the container. Adding "." with mode 755 to the template tarball should fix it for other containers created from the template (as far as I recall). > The kernel version is this: > > Linux XXXXXXXXXXXXXXXXX 2.6.18-ovz028stab056.1 #1 Mon Aug 18 13:00:29 MSD > 2008 i686 GNU/Linux This is unrelated to the problem at hand, but the above is an outdated kernel version. I understand that you picked a pre-built OpenVZ kernel, but they have newer versions pre-built as well - in fact, they do it for each new version they release on the "rhel5" branch. The current stable "rhel5" branch version is: http://wiki.openvz.org/Download/kernel/rhel5/028stab064.7 The download directory for these is: http://download.openvz.org/kernel/branches/rhel5-2.6.18/stable/ Perhaps the OpenVZ folks should no longer declare the branch based on vanilla 2.6.18 "maintained", with no new version on that branch for over a year now. In fact, I don't think further maintenance of that branch would even make sense - it would need to include all the same security fixes that are getting into the "rhel5" branch anyway. Perhaps we should notify them of this bug / outdated info on the web page at http://download.openvz.org/kernel/ , which I think is what lured you into downloading that kernel. Alexander -- To unsubscribe, e-mail [email protected] and reply to the automated confirmation request that will be sent to you.