>Number: 6570 >Category: system >Synopsis: locking a user with userdel -p ambiguity >Confidential: yes >Severity: serious >Priority: medium >Responsible: bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Sun Feb 27 16:00:01 GMT 2011 >Closed-Date: >Last-Modified: >Originator: >Release: >Organization: >Environment: System : OpenBSD 4.8 Details : OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
Architecture: OpenBSD.i386 Machine : i386 >Description: the description of 'userdel -p user' contradicts its implementation. >How-To-Repeat: $ sudo adduser test $ sudo userdel -D preserve false $ sudo userdel -p test usage: userdel -D [-p preserve-value] userdel [-prv] user $ sudo userdel -p yes test $ echo $? 0 according to userdel(8): In the second form of the command, after setting any defaults, and then reading values from /etc/usermgmt.conf, the following command line options are processed: -p Preserve the user information in the password file, but do not allow the user to login, by switching the password to an ``impossible'' one, and by setting the user's shell to the nologin(8) program. This option can be helpful in preserving a user's files for later use by members of that person's group after the user has moved on. This value can also be set in the /etc/usermgmt.conf file, using the `preserve' field. If the field has any of the values `true', `yes', or a non-zero number, then user information preservation will take place. /usr/src/usr.sbin/user/user.c:1949: #ifdef EXTENSIONS case 'p': defaultfield = 1; u.u_preserve = (strcmp(optarg, "true") == 0) ? 1 : (strcmp(optarg, "yes") == 0) ? 1 : atoi(optarg); break; #endif seems like the "second form" is not implemented.. >Fix: i am not a fan of overloading parameters like in this case. but i find the need to use userdel(8) for locking illogical in the first place. i think locking constitutes "modifying" a user's state, and as such, i expected usermod(8) to have this functionality (something like NetBSD's usermod -C, although i don't like usermod -C yes / usermod -C no). i think the old style "bsd way" would be to have a separate parameter for locking and unlocking: $ sudo usermod -D user # lock user (Disable) $ sudo usermod -U user # Unlock user or some such. i know changing basic system utilities parameters is a no-no, but in this case it's not working as advertised anyway. obviously, the other solution involves fixing userdel, either its man page that would include "-p yes" in the second form as well (in which case the faq itself is wrong) or implementing the second form in userdel as per documentation. dmesg: OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Duron(tm) Processor ("AuthenticAMD" 686-class, 64KB L2 cache) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 536440832 (511MB) avail mem = 517705728 (493MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/12/02, BIOS32 rev. 0 @ 0xfdae0, SMBIOS rev. 2.3 @ 0xf0630 (22 entries) bios0: vendor American Megatrends Inc. version "07.00T" date 04/02/01 bios0: ECS 735FSX apm0 at bios0: Power Management spec V1.2 apm0: AC on, no battery acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7760/160 (8 entries) pcibios0: PCI Interrupt Router at 000:02:0 ("SiS 85C503 System" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc0000/0xf400 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "SiS 735 PCI" rev 0x01 sisagp0 at pchb0 agp0 at sisagp0: aperture at 0xd0000000, size 0x4000000 ppb0 at pci0 dev 1 function 0 "SiS 86C201 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "NVIDIA GeForce FX 5200" rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 "SiS 85C503 System" rev 0x00 ohci0 at pci0 dev 2 function 2 "SiS 5597/5598 USB" rev 0x07: irq 5, version 1.0, legacy support ohci1 at pci0 dev 2 function 3 "SiS 5597/5598 USB" rev 0x07: irq 10, version 1.0, legacy support pciide0 at pci0 dev 2 function 5 "SiS 5513 EIDE" rev 0xd0: 735: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: <WDC WD800BB-55HEA0> wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) rl0 at pci0 dev 13 function 0 "Realtek 8139" rev 0x10: irq 12, address 00:08:a1:77:6d:50 rlphy0 at rl0 phy 0: RTL internal PHY isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 it0 at isa0 port 0x2e/2: IT8705F rev 2, EC port 0x290 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 "SiS OHCI root hub" rev 1.00/1.00 addr 1 usb1 at ohci1: USB revision 1.0 uhub1 at usb1 "SiS OHCI root hub" rev 1.00/1.00 addr 1 biomask efed netmask ffed ttymask ffff mtrr: Pentium Pro MTRR support softraid0 at root root on wd0a swap on wd0b dump on wd0b >Release-Note: >Audit-Trail: >Unformatted: