How to change password of system user

Hi everyone,

we are trying to setup an HA gateway with three Fedora IoT machines using pacemaker and corosync. A necessary step here is to change the password of the system user “hacluster” created by the layered “pcs” package. However, attempting to change its password with “sudo passwd hacluster” results in “Changing password for user hacluster. passwd: Authentication token manipulation error”. I’ve stumbled across Error setting user password after package layering with rpm-ostree · Issue #814 · ostreedev/ostree · GitHub but running “setenforce 0” does not lead to an improvement. Running “echo $pw | passwd hacluster --stdin” and checking the logs gives me “pam_unix(passwd:chauthtok): user “hacluster” does not exist in /etc/passwd” which is correct, as it is stored in /lib/passwd. I’ve tried things again on my Silverblue workstation without any layered package and the “apache” user and get the same results. Any suggestion what I can do to change the password of this system user is highly appreciated.

You’re correct in that the issue is that this is a system user, which confuses passwd. I think a workaround (though albeit very ugly) would be to grab the line from /usr/lib/passwd that adds the haproxy user, and append that to /etc/passwd manually. NSS should search /etc/passwd before /usr/lib/passwd, so this would allow passwd to change the password, and for system applications to see the overriden user rather than the system one.

Thanks a lot, that solved my problem! Should I report this issue somewhere?

Hmm, I’m not really sure if there’s an easy fix, but it might still be worth reporting it (the component would likely be rpm-ostree).