After a software update fedora 37 on 20230206 the root entry in passwd file was changed to /root

Fedora release 37

– 6 februari root → /root

  • passwd first and last lines :
    root:x:963:0:Super User:/root:/usr/sbin/nologin
  • other files changed at that update in /etc

drwxr-xr-x. 1 /root root 90 Feb 6 22:50 ssl
drwxr-xr-x. 1 /root root 86 Feb 6 22:51 httpd
drwxr-xr-x. 1 /root root 780 Feb 6 22:52 modprobe.d
drwxr-xr-x. 1 /root root 806 Feb 6 22:52 profile.d
drwxr-xr-x. 1 /root root 56 Feb 6 22:52 qemu-ga
drwxr-xr-x. 1 /root root 2078 Feb 6 22:54 alternatives
-rw-r–r–. 1 /root root 2984 Feb 6 22:54 passwd
----------. 1 /root root 1569 Feb 6 22:54 shadow

as a result I can not loging as root or do : su - root

That seems strange that the very first line in /etc/passwd now has a ‘/’ in front of the user name. That appears the only field that is not correct in that entry.

Does sudo work at all? If so then you could edit /etc/passwd to fix the error on the first entry for root and remove the leading / from the user name.

If sudo does not work then you could boot into the live media then mount the root file system of the installed OS at /mnt and edit the /mnt/etc/passwd and do the repair that way.

I also would

  1. disable the second entry for root with username root and UID of 963 so the usernames do not conflict. The entry for root with UID of 963 is set for nologin so it may be prevented from actually doing any damage by logging in but is allowed to run processes even so.

  2. change the password for root if you have it set and login as root is enabled.
    Finally it is really important to find out exactly what made the change. As far as I know nothing should ever modify the root user entry and nothing certainly should ever add an additional root user to /etc/passwd.

The only way I can envision that this happened is if you were active as root (possibly by using sudo - root and some process you ran edited both /etc/passwd and /etc/shadow. Those files may be modified when installing apps since some apps do require a dedicated user name to operate, but I am not sure of what might have done that.

Running dnf history --reverse then using the entry id number for the one done on Feb 6 with dnf history info <id> would tell you exactly what packages were modified that date by the package manager. (assuming you do updates with dnf)

1 Like

RPM packages can include scripts, e.g. see:

rpm -q --scripts gdm

This kind of error can occur if some RPM script is poorly tested.
Pay special attention to packages installed/upgraded from unofficial repos.

FYI, the last line is generated by the sysusers service because the first line has become invalid.

1 Like

I was puzzled too by the changes in the password file.I am a linux user since the late eighties and have never seen something like it.
I already did repair it via single user mode.
Searching for file with uid 963 did not give any result.
I do updates via “system tools” software and reboot.
Thanks for your answer.