Checking the two files /etc/passwd and /etc/shadow on a standard Linux distro, it appears all entries are duplicated in both files:
/etc/passwd, all entries are duplicated (2 lines for each entry, including for root and the user name)/etc/shadow, all entries are similarly duplicated.Any thoughts as to why and how does that happen? And remediation if need be?
Cheers.
This is unexpected and non standard. Each username should have exactly one entry in /etc/passwd and no more than one entry in /etc/shadow.
Remediation should be handled with care. For starters I'd get a root shell up and running, and I wouldn't log out of it until I was sure I could safely log in after my editing. Second, I'd take a copy of both files (and note permissions and ownerships) in case I had to revert.
Then I'd use something like sort -u /etc/passwd and check visually to see if that resolved the duplication. Same for /etc/shadow.
If not, I'd take an account for which I knew the login details, and I'd discard the second of each duplicate. For both files. Trying to login, if it worked I'd apply the same logic to all entries in both files.
Otherwise I'd need to see some concrete example entries.
Basically, you will need to fix the problem by visual inspection.
grep searching for a username and then copying through the remainder, but forgetting that certain patterns match everywhere (. for example, or even something as silly as matching a username om wrongly against all users' /home/... directories) The major difference is that they contain different pieces of data. passwd contains the users' public information (UID, full name, home directory), while shadow contains the hashed password and the password expiry data. The reasons for the division are partly historical.
https://unix.stackexchange.com/a/461055/568212
passwd stores general user info and shadow stores user passwd info. Somewhat longer answer: passwd is the file where the user information (like username, user ID, group ID, location of home directory, login shell, ...) is stored when a new user is created. shadow is the file where important information (like an encrypted form of the password of a user, the day the password expires, whether or not the passwd has to be changed, the minimum and maximum time between password changes, ...) is stored when a new user is created.
https://askubuntu.com/questions/445361/what-is-difference-between-etc-shadow-and-etc-passwd
https://man7.org/linux/man-pages/man5/passwd.5.html
https://man7.org/linux/man-pages/man5/shadow.5.html
First question is where are these duplicate user IDs? If they are in /etc/passwd then it is a sure sign that the system has not been maintained properly. AIX keeps user information in files other than /etc/passwd and /etc/shadow, which are only there for compatibility reasons. You need to use tools like rmuser to remove users, and I would recommend that you remove all instances of usernames which are duplicated and then re-create the required user IDs using mkuser to ensure that the correct information is present in files other than /etc/passwd. Make sure you document the attributes of each duplicated user before proceeding with the initial deletions. If you have entries in ODM which are not present in the /etc/passwd file, then you will have to look into using the ODM commands like odmdelete, but I will caution you with a big warning that if used incorrectly you could render your system unusable. If the userIDs are not in /etc/passwd then you can use the 'sort -u' command to sort the list, but please ensure that this isn't used on /etc/passwd. There are free passwd parsers out there which perform the correct manipulations if required.
https://community.spiceworks.com/topic/2405340-to-remove-duplicate-entries-from-list-if-userids
Find all the shell used among all the duplicate users in etc/passwd file
/etc/shadow(e.g. 2 root entry) ?pwckutility helpful to validate + correct the files