Help Center> Elastic Cloud Server> Troubleshooting> SSH Connection Issues> How Can I Resolve ECS Login Failures Due to Corrupt /etc/passwd?
Updated on 2023-03-30 GMT+08:00
View PDF

How Can I Resolve ECS Login Failures Due to Corrupt /etc/passwd?

Scenarios

This section describes how to handle login failures caused by corrupt /etc/passwd on a Linux ECS.

  • The emergency recovery solution in this section requires you to replace the corrupt /etc/passwd with the initial backup file /etc/passwd- in single-user mode. This operation may cause the loss of user information you added, including application running users. You can add such accounts again by referring to /etc/shadow.
  • This solution involves restarting the ECS, which will interrupt services running on it.

Symptom

Multiple services in Linux fail to be started, such as Failed to start Login service and Failed to start Authorization service.

When you try to log in after the system is started, the system displays a message indicating that the password is incorrect.

Possible Causes

The /etc/passwd and /etc/shadow files record all user information with one entry per line, each representing a user account. If the files get corrupted or deleted, the login service systemd-logind.service fails to be started. As a result, users cannot log in to the system.

Solution

  1. Restart the ECS on the console and enter the single-user mode.

    For details, see How Do I Reset the Password for User root in Single-User Mode on a Linux ECS?.

  2. Check the /etc/passwd file:

    cat /etc/passwd

  3. Check whether the passwd file is corrupted. If it is, replace it with the initial backup file:

    # cp /etc/passwd- /etc/passwd

    This operation will cause the loss of the user information you added, including users who own applications. This will lead to application startup failures. After the fault is rectified, add these users to the passwd file.

  4. Exit the current root directory and switch to the root directory of initramfs:

    # exit

  5. Restart the ECS.
  6. (Optional) After the system is started, add the lost users. For example, add the Nginx owner nobody and set its shell to /sbin/nologin. Add users as needed, and set the shell of users who needs to log in to the system to /bin/bash.

    # useradd nobody -s /sbin/nologin

Parent topic: SSH Connection Issues