View Issue Details

IDProjectCategoryView StatusLast Update
0000203AlmaLinux-8passwdpublic2022-03-23 17:23
Reporterelialum Assigned To 
Status newResolutionopen 
PlatformAlmalinuxOSAlmalinuxOS Version8.5
Summary0000203: User level permissionts/settings randomly destroyed (su: failed to execute /bin/bash: No such file or directory)
DescriptionWe are getting hit by random system-level user errors in which the user is completely unable to function, nothing basically works, here is one simple example of trying to SU to the user -

su username
su: failed to execute /bin/bash: No such file or directory

As these are mostly users that related to websites, everything is dead obviously (websites, crons, anything)

Our quick & dirty workaround currently is to recreate the user -

userdel username
useradd username
chown -R username.username userhomedir

One thing we noted is that "nobody" user on this server is different from than usual system:

~>grep nobody /etc/passwd
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin

usually, it's like

~>grep nobody /etc/passwd

nobody uid=65534, pid=65534 is unusual as far as I can tell? Not sure if it's related though


Additional InformationKernel: 4.18.0-348.20.1.el8_5.x86_64
TagsNo tags attached.



2022-03-22 08:12

administrator   ~0000519

Hello. Both nobody users are correct but for different os versions.

~>grep nobody /etc/passwd
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin

~>grep nobody /etc/passwd

Is it possible that your server OS was attacked or unintentionally damaged by someone?
AlmaLinux itself doesn't modify users or their dirs in any way.
Does /bin/bash actually present in system?


2022-03-22 08:26

reporter   ~0000520

Hello alukosho,

Thank you for your reply,
/bin/bash is present in the system.

Do you have any clue how can we investigate that issue?


2022-03-23 17:23

reporter   ~0000521

Found the issue, an internal script that runs daily on the users and doing something on their group ownership (security-wise) if some conditions are met.
Worked perfectly on COS7, so we didn't catch it initially when upgraded to ALM8

We can close this one

Issue History

Date Modified Username Field Change
2022-03-22 07:40 elialum New Issue
2022-03-22 08:12 alukoshko Note Added: 0000519
2022-03-22 08:26 danielsan Note Added: 0000520
2022-03-23 17:23 elialum Note Added: 0000521