Hello Marcin,
On 2018-09-04, Marcin Trendota <moonwolf.rh@xxxxxxxxx> wrote:
>
> I'm trying to create system with RO root filesystem, so i'm using
> /etc/sysconfig/readonly-root along wih /etc/rwtab and /etc/statetab.
>
> Apart of numerous problems with services running on RO filesystem (which
> i'm constantly resolving adding entries to /etc/statetab) one thing
> popped up. I'm unable to add user or change his password. Error is
> 'cannot lock /etc/passwd; try again later.'.
>
> After research it turns up (at least on Fedora, but i assume same on
> CentOS) some files being created in /etc. For example /etc/shadow.<pid>,
> and some others with PID in name. Obviously it's impossible on RO
> filesystem...
>
> Is there any workaround (apart of remounting whole filesystem RW)?
Have you looked at this article?
https://warewolf.github.io/blog/2013/10/12/setting-up-a-read-only-rootfs-fedora-box/
Unfortunately it doesn't really provide a local workaround, but if you
have something like LDAP available already that might be a way to go.
If not (and assuming you've added /etc/passwd and friends to
/etc/statetab*), one very crude option might be to manipulate the files
by hand. For /etc/passwd and /etc/group (if necessary) this is easy,
since it's just a plain text file with human-readable text. For
/etc/shadow this is slightly more complicated, since you need to
generate the password hash. For that you can use mkpasswd:
https://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/
Obviously doing this makes adding a user a nonatomic operation, so you
need to take care manipulating passwd and shadow in this way. (I don't
know if mkpasswd is available from a yum repo, but the included python
should be there.)
--keith
--
kkeller@xxxxxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
