Permission denied: '/etc/shadow' when applying a state with salt module "salt.states.user"
search cancel

Permission denied: '/etc/shadow' when applying a state with salt module "salt.states.user"

book

Article ID: 403932

calendar_today

Updated On:

Products

VMware Aria Suite VMware SaltStack

Issue/Introduction

when Attempting to apply a state that uses the salt.state.user module, the state fails with error:

   "comment": "An exception occurred in this state: Traceback (most recent call last):\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/state.py\", line 2424, in call\n    ret = self.states[cdata[\"full\"]](\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py\", line 159, in __call__\n    ret = self.loader.run(run_func, *args, **kwargs)\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py\", line 1245, in run\n    return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py\", line 1260, in _run_as\n    return _func_or_method(*args, **kwargs)\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py\", line 1293, in wrapper\n    return f(*args, **kwargs)\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/user.py\", line 693, in present\n    __salt__[\"shadow.set_password\"](name, password)\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py\", line 159, in __call__\n    ret = self.loader.run(run_func, *args, **kwargs)\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py\", line 1245, in run\n    return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py\", line 1260, in _run_as\n    return _func_or_method(*args, **kwargs)\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/linux_shadow.py\", line 406, in set_password\n    with salt.utils.files.fopen(s_file, \"w+\") as fp_:\n  File \"/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/files.py\", line 393, in fopen\n    f_handle = open(*args, **kwargs)  # pylint: disable=resource-leakage\nPermissionError: [Errno 13] Permission denied: '/etc/shadow'\n",



Environment

Salt 3006.x

Cause

This issue can occur due to 

  • Incorrect permissions

or

  • AV solution blocking the files from being modified. 

Resolution

Ensure the permissions of /etc/shadow, https://access.redhat.com/solutions/2048573

If AV solution is installed like MCaffee (mfetpd),   Add Salt-minion and  the below path to exclusion on  AV:

/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/
Powered by Wolken Software