Ubuntu
adduser package

adduser should support managing additional password/shadow/group files from libnss-extrausers

Bug #1323732 reported by Oliver Grawert
48
This bug affects 8 people
Affects Status Importance Assigned to Milestone
adduser (Debian)
Confirmed
Unknown
adduser (Ubuntu)
Fix Released
High
Steve Langasek
Ubuntu ubuntu-14.07
Vivid
Confirmed
Undecided
Unassigned

Bug Description

with our readonly system-image setup when adding a user or changing a password using the /etc/{passwd,shadow,group} is not actually possible.
we plan to solve this via using libnss-extrausers and patching the config in /etc/nsswitch.conf at image build-time. this way we can make /var/lib/extrausers writable and use passwd,shadow and group from there.

unfortunately adduser is not able to operate on these files in the non-standard location. to set a user password (for having a properly working lock screen), add new users or drop the "nopasswordlogin" group from the phablet user it needs to learn handling these files so that we do not need to use weird hacks to manage users on system-image installs.

Related branches

lp:~sergiusens/ubuntu/wily/adduser/extrausers
Approved for merging into lp:ubuntu/wily/adduser
Ubuntu branches: Pending requested
Diff: 214 lines (+75/-18)
5 files modified
AdduserCommon.pm (+1/-0)
adduser (+64/-17)
adduser.conf (+3/-0)
debian/changelog (+6/-0)
debian/control (+1/-1)
lp:ubuntu/wily-proposed/shadow
lp:ubuntu/wily-proposed/adduser
Oliver Grawert (ogra)
Changed in adduser (Ubuntu):
importance: Undecided → High
assignee: nobody → Steve Langasek (vorlon)
Revision history for this message
Michael Terry (mterry) wrote :

Poke on this. We'd like to land support for using PAM on the phone within the next few weeks.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in adduser (Ubuntu):
status: New → Confirmed
Steve Langasek (vorlon)
Changed in adduser (Ubuntu):
milestone: none → ubuntu-14.07
Michael Vogt (mvo)
Changed in adduser (Ubuntu):
status: Confirmed → In Progress
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Hm. I don't think I like this patch =)

In Clearlinux.org we use nss-altfiles, not extrausers project. And I have extensively patched shadow to support altfiles. Ideally I would like that support to be reviewed and landed upstream. Specifically all system accounts & groups are defined in altfiles, yet one can do things like "add this system account to this system group" in which case relevant stanzas from system data files is copied and stored in files under /etc/.

Can we merge this support in shadow? At the moment it seems like clearlinux.org, ubuntu (snappy), fedora (atomic) are using altfiles/extrausers and all would want proper support in shadow of setups with split system-provided accounts & user/admin modified accounts.

Revision history for this message
Oliver Grawert (ogra) wrote :

does nss-altfiles allow us to keep a readonly locked down /etc/passwd|shadow|group|gshadow ? it is pretty essential that adduser can not change system accounts that are in one of the above files in our readonly setup, can nss-altfiles provide such a level of lockdown ?

Michael Vogt (mvo)
Changed in adduser (Ubuntu):
status: In Progress → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in adduser (Debian):
status: Unknown → New
Revision history for this message
Steve Langasek (vorlon) wrote :

Once the dust has settled on the implementation, I think we want to look at whether this is SRUable to vivid for use in core and phone there.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in adduser (Ubuntu Vivid):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in adduser (Debian):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.