Thursday, May 28, 2009

UX: useradd: ERROR: Cannot update system files - login cannot be created | Ubuntu Linux Howto

Tech Blog - Recently while creating bunch of account on a bunch of Sun Unix and Linux server I encountered the error below, this is not the first time I have encountered this error, but in my experience troubleshooting it a bit tricky as this error could mean a lot of things, it could be corrupt passwd or shadow file, wrong permissions, it could be missing password, shadow file or both, it could be as simple as the root disk being full, below is some tips on troubleshooting it, make sure to the the stuff suggested below before rebooting your host as reboot is sometimes a luxury we don't have on production servers.

Error:

UX: useradd: ERROR: Cannot update system files - login cannot be created

Troubleshooting steps.

Make sure that passwd and shaodow file exist in /etc and have the correct permissions

$ ls -la
-r-------- 1 root sys 4872 May 28 00:30 shadow
-rw-r--r-- 1 root sys 12968 May 28 00:30 passwd

Make sure that root filessytem is not full or wehrever your /etc reside is not full

$ df -k
Filesystem 1024-blocks Used Available Capacity Mounted on
/ 2055591 1993926 0 100% /

If its full try looking for something to remove, looking at /var is always a good start

This command will look for files that are equal or bigger than 5mb on /var filessytem

$ find /var -size +50000000c -exec ls -la {} \;

If everything check out alright you can use pwck command

pwck scans the password file and notes any inconsistencies. The checks include validation of the number of fields, login name, user ID, group ID, and hether the login directory and the program-to-use-as-shell exist. The default password file is /etc/passwd.

Try fixing what error it find

$ pwck
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
Login directory not found

If all else fail you can use truss to trace error in detail

truss utility executes the specified command and produces a trace of the system calls it performs, the signals it receives, and the machine faults it incurs. Each line of the trace output reports either the fault or signal name or the system call name with its arguments and return value(s).

$ truss -o /tmp/useradd.truss -f useradd testuser

Short incomplete sample entry of truss output

$ cat /tmp/useradd.truss
20492: execve("/usr/sbin/useradd", 0xFFBFFB94, 0xFFBFFBCC) argc = 13
20492: resolvepath("/usr/lib/ld.so.1", "/lib/ld.so.1", 1023) = 12
20492: resolvepath("/usr/sbin/useradd", "/usr/sbin/useradd", 1023) = 17
20492: stat("/usr/sbin/useradd", 0xFFBFF970) = 0
20492: open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
20492: stat("/lib/libsecdb.so.1", 0xFFBFF428) = 0
20492: resolvepath("/lib/libsecdb.so.1", "/lib/libsecdb.so.1", 1023) = 18
20492: open("/lib/libsecdb.so.1", O_RDONLY) = 3


Hope this help!

Check out other pages:

Thursday, May 21, 2009

Login Banner | SSH Banner Howto

Tech Blog - This is a quick howto on adding a login banner to your ssh session before the password prompt during interactive session using SSH, Warning banners are necessary at all access points in the event an organization wishes to prosecute an unauthorized user.

To add a warning banner to SSH, create a banner first


$ cd /etc/ssh/
$ vi ssh-banner

Type in the Warning message you want such as the one below, then save the file.


************************************************
NOTICE TO USERS WARNING! The use of this system is restricted to authorized users, unauthorized access is forbidden and will be prosecuted by law. All information and communications on this system are subject to review, monitoring and recording at any time, without notice or permission. Users should have no expectation of privacy. *************************************************

After creating the banner file, edit the ssh configuration file

$ vi sshd_config

Look for the part below on sshd_config

# no default banner path
#Banner /path/banner file


And change it to

# no default banner path
Banner /etc/ssh/ssh-banner
Save the file then restart SSH

$ /etc/init.d/ssh restart

next time you login you should see something like the screenshot below.













Then your done.


Recent Tech Blog Gadget Review

Friday, May 15, 2009

Software Raid | Raid Arrays | mdadm on Linux

Tech Blog - here is a quick howto on creating software RAID arrays on your Linux system using mdadm tool.

mdadm is a Linux utility that is used to manage software RAID devices on Linux, previously known as mdctl. it can create, delete, or monitor Linux software RAIDs, mdadm can perform (almost) all of its functions without having a configuration file and does not use one by default, mdadm can provide information about your arrays.

Before we go using mdadm a brief overview of common types of software RAID and hardware RAID, all the RAIDs below are supported by mdadm tool

RAID 0 (striped disks) distributes data across several disks if one of the disk on the array fail all data on all disks will be lost, this type of raid has no redundancy.

RAID 1 (mirrored disks) duplicates data across every disk in the array, Two disks or more each store exactly the same data, at the same time, and at all times. Data is not lost as long as one disk survives, the capacity of the array is the capacity of one disk.

RAID 5 (striped disks with parity) combines three or more disks in a way that protects data against loss of any one disk, if you lose two disk all data on all the disk will be lost.

RAID 6 (striped disks with dual parity) can recover from the loss of two disks.

RAID 10 (1+0) uses both striping and mirroring, Raid 10 is a combination of RAID 1 and RAID 0 hence RAID 10.

mdadm Basic Commands

Create a new RAID arrays
mdadm –create - used to create a new software RAID array, level is the type of RAID to be created

Example:
mdadm --create --verbose /dev/md0 --level=1 /dev/sda1 /dev/sdb2

mdadm configuration file

/etc/mdadm.conf - main configuration file for mdadm, created RAID arrays must be added to this file to be detected during bootup you will also need to add the array to yoru vfstab for it to be mounted.

Example:
mdadm --detail --scan >> /etc/mdadm.conf

Remove a disk from an array

You can't remove disk from an active array unless it is marked failed, so we must mark the disk as failed disk using the --fail command then using --remove to remove the disk.

Example:
mdadm /dev/md0 --fail /dev/sda3 --remove /dev/sda3

Increasing Active Disk on an RAID 1 Array

You can increase an active disk in your array by using --grow, the sample increse the RAID 1 array to 3 active disk mirror from 2 active disk, to shrink the array you will need to set the spares to faulty then change the --raid-devices to 2, once you increased the raid it will automatically sync a spare disk if you have spare disk on standby.

Example:
mdadm --grow /dev/md0 --raid-devices=3

Adding disk to an existing array

mdadm --add - using --add option we can add disk to an existing array to replace and failed disk.

Example:
mdadm --add /dev/md0 /dev/sda3

Checking the status of the RAID arrays

mdadm --detail - using the --detail will let you check the status of your RAID array, --verbose will also show general overview of array with very much little details.

Example:
mdadm --detail /dev/md0

Halt and delete a RAID array

mdadm --stop - halt the array
mdadm --remove - remove the array
mdadm --zero-superblock - delete the superblock from the drive

Example:
mdadm --stop /dev/md0
mdadm --remove /dev/md0

mdadm --zero-superblock /dev/sda

Preparing Disk Replacement

Use the command below to create a copy of the partition of an existing disk then format then use mdadm --add to the array.

Example:
sfdisk -d /dev/sda | sfdisk /dev/sdb


If you need more do man mdadm.
Enjoy!


Check out other pages:

Tuesday, May 05, 2009

Windows 7 Release Candidate | Download Now!

windows 7
Tech Blog - Microsoft has officially made Windows 7 Release Candidate Available today, you will be able to use Windows 7 Release Candidate for free until June 1, 2010, for more information regarding the Windows 7 Release Candidate check out the download site here


Recent Tech Blog Gadget Review

Monday, May 04, 2009

Wolfram Alpha | The Future of Search?

Tech Blog - Wolfram Alpha has announced their official launched date of May 18, Wolfram Alpha is an web service that answers queries directly by computing the answer from structured data, unlike Google it does not show a list of website that it found that matches a query, Wolfram Alpha instead tries to understand the query and present you with the data your looking for, instead of a long list of relevant site and spam site, personally can't wait to try Wolfram Alpha on its released date, base on the reaction from people that have used it,Wolfram Alpha ssi very promising I think it might indeed be future of search.

[UPDATE]- Countdown to Launch(for soft launch May 15)


Wolfram Alpha Demo


You can check out the site here


Tech Blog Quick List of howto's:

For suggestion and concerns E-mail