Shadow.service failed

hey everyone. i ran systemctl --failed today to check if there was something going on with my system, since a few days ago i ran into a problem where SDDM locked me out of my system even though i was 100% certain i typed the correct password. this is the output:

  UNIT                                            LOAD   ACTIVE SUB    DESCRIPTION                                                   
● shadow.service                                  loaded failed failed Verify integrity of password and group files
● systemd-backlight@backlight:acpi_video0.service loaded failed failed Load/Save Screen Backlight Brightness of backlight:acpi_video0
● systemd-backlight@backlight:acpi_video1.service loaded failed failed Load/Save Screen Backlight Brightness of backlight:acpi_video1

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
3 loaded units listed.

i’m mostly concerned about this shadow.service fail since it could be the issue, and if it isn’t it’s worth resolving it. this is the result of systemctl status shadow.service:

> systemctl status shadow.service 
× shadow.service - Verify integrity of password and group files
     Loaded: loaded (/usr/lib/systemd/system/shadow.service; static)
     Active: failed (Result: exit-code) since Sat 2021-06-19 10:55:17 -04; 13min ago
TriggeredBy: ● shadow.timer
   Main PID: 369 (code=exited, status=2)
        CPU: 38ms

jun 19 10:55:17 suisei sh[380]: ¿desea añadir el grupo «audio» en /etc/gshadow?No
jun 19 10:55:17 suisei sh[380]: no hay entradas coincidentes en el fichero de grupos en «/etc/gshadow»
jun 19 10:55:17 suisei sh[380]: ¿desea añadir el grupo «users» en /etc/gshadow?No
jun 19 10:55:17 suisei sh[380]: no hay entradas coincidentes en el fichero de grupos en «/etc/gshadow»
jun 19 10:55:17 suisei sh[380]: ¿desea añadir el grupo «nopasswdlogin» en /etc/gshadow?No
jun 19 10:55:17 suisei sh[380]: no hay entradas coincidentes en el fichero de grupos en «/etc/gshadow»
jun 19 10:55:17 suisei sh[380]: ¿desea añadir el grupo «autologin» en /etc/gshadow?No
jun 19 10:55:17 suisei sh[380]: grpck: sin cambios
jun 19 10:55:17 suisei systemd[1]: shadow.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
jun 19 10:55:17 suisei systemd[1]: shadow.service: Failed with result 'exit-code'.

i tried running grpck since it was suggested in some arch forum threads and it seemed to fix the issue upon rebooting, but coming back to it a day later the issue is here again.

~ > pacman -Qkk shadow; pacman -Qi shadow
advertencia: shadow: /etc/default/useradd (no se pudo calcular la suma de verificación de MD5)
advertencia: shadow: /etc/default/useradd (no se pudo calcular la suma de verificación de SHA256)
advertencia: shadow: /usr/bin/newgidmap (los permisos no concuerdan)
advertencia: shadow: /usr/bin/newuidmap (los permisos no concuerdan)
shadow: 558 archivos totales, 3 archivos alterados

reinstalling the grpck package and manually restarting the shadow service didn’t help, since it spits the same error in systemctl --failed. i haven’t fiddled around with permissions in my home folder, or anywhere for that matter. i’d really appreciate some help here, thanks for reading.

Don’t post it here because it contains your hashed passwords but if you look in /etc/shadow does it have entries for everything in /etc/passwd?

Also, can you share the output of this command LANG=C systemctl status shadow.service. I am not sure I understand those errors exactly.

Lastly, how did you fix the fact that you were locked out of your system.

thanks for replying @dalto .

Don’t post it here because it contains your hashed passwords but if you look in /etc/shadow does it have entries for everything in /etc/passwd ?

don’t know what to look for here exactly but they do have the same entries, with different contents however. everything in /etc/passwd ends with a /usr/bin/nologin while in /etc/shadow it does with a bunch of colons, but both have the same categories (mail, ftp, root, and so on)

using LANG=C didn’t change anything in the output of systemctl status shadow.service, other than breaking spanish characters. :no_mouth:

i “fixed” the SDDM issue just by rebooting, after trying out everything i could with my password (caps lock, num pad lock, triple checking the password). i mostly shrugged it off since there are reports of it being a SDDM bug, but this shadow error makes me think otherwise.

OK, I just tried to translate that. I guess it is saying there are missing entries in /etc/gshadow. Try comparing /etc/group and /etc/gshadow

it basically says that, yeah. i’m sorry for not providing a translation beforehand. the contents of /etc/group are considerably longer than the ones in /etc/shadow. for example, /etc/shadow is missing contents such as autologin, network, users, audio, nopasswdlogin… , should i run grpck once more to try adding these groups to /etc/shadow ?

Yes. Hopefully it asks you to add the missing groups.

running grpck prompted me to add missing groups, but restarting the shadow.service gives a different error now:

jun 19 12:26:51 suisei systemd[1]: Started Verify integrity of password and group files.
jun 19 12:26:51 suisei sh[4218]: usuario «root»: el programa «/usr/bin/zsh» no existe (can't find /usr/bin/zsh/

doing su also gives the same zsh not found error. i don’t know why it asks me for zsh, even though i use bash…

~ > echo $SHELL
/bin/bash

the group issue seems to be fixed now at least, since grpck doesn’t ask me to add groups anymore.

It looks like the user root has it’s shell set to zsh.

I would recommend putting that back to bash. It is generally not a good a idea to change root’s default shell. If you want to use zsh when you are root just type exec zsh

~ > cat /etc/shells 
# Pathnames of valid login shells.
# See shells(5) for details.

/bin/sh
/bin/bash
/usr/bin/git-shell

how do i change the root user to bash? and would i need to apply these changes to /etc/passwd and /etc/shadow?

Don’t edit those files directly. Use a command to change that.

There are lots of ways to change a user’s shell. One way is:

sudo chsh -s /bin/bash root

doing sudo chsh -s /bin/bash root effectively changed my root’s default shell to bash, along with the root entry within /etc/passwd. doing sudo systemctl restart shadow.service works with no issues in systemctl --failed, so i’ll mark the grpck reply as the solution for this. thanks so much!!

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.