>Number: 6570
>Category: system
>Synopsis: locking a user with userdel -p ambiguity
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Feb 27 16:00:01 GMT 2011
>Closed-Date:
>Last-Modified:
>Originator:
>Release:
>Organization:
>Environment:
System : OpenBSD 4.8
Details : OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
Architecture: OpenBSD.i386
Machine : i386
>Description:
the description of 'userdel -p user' contradicts its implementation.
>How-To-Repeat:
$ sudo adduser test
$ sudo userdel -D
preserve false
$ sudo userdel -p test
usage: userdel -D [-p preserve-value]
userdel [-prv] user
$ sudo userdel -p yes test
$ echo $?
0
according to userdel(8):
In the second form of the command, after setting any defaults, and then
reading values from /etc/usermgmt.conf, the following command line
options are processed:
-p Preserve the user information in the password file, but do not
allow the user to login, by switching the password to an
``impossible'' one, and by setting the user's shell to the
nologin(8) program. This option can be helpful in preserving a
user's files for later use by members of that person's group
after the user has moved on. This value can also be set in the
/etc/usermgmt.conf file, using the `preserve' field. If the
field has any of the values `true', `yes', or a non-zero number,
then user information preservation will take place.
/usr/src/usr.sbin/user/user.c:1949:
#ifdef EXTENSIONS
case 'p':
defaultfield = 1;
u.u_preserve = (strcmp(optarg, "true") == 0) ? 1 :
(strcmp(optarg, "yes") == 0) ? 1 :
atoi(optarg);
break;
#endif
seems like the "second form" is not implemented..
>Fix:
i am not a fan of overloading parameters like in this case.
but i find the need to use userdel(8) for locking illogical
in the first place. i think locking constitutes "modifying"
a user's state, and as such, i expected usermod(8) to have
this functionality (something like NetBSD's usermod -C,
although i don't like usermod -C yes / usermod -C no).
i think the old style "bsd way" would be to have a separate
parameter for locking and unlocking:
$ sudo usermod -D user # lock user (Disable)
$ sudo usermod -U user # Unlock user
or some such.
i know changing basic system utilities parameters is a no-no,
but in this case it's not working as advertised anyway.
obviously, the other solution involves fixing userdel,
either its man page that would include "-p yes" in the
second form as well (in which case the faq itself is wrong)
or implementing the second form in userdel as per documentation.
dmesg:
OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Duron(tm) Processor ("AuthenticAMD" 686-class, 64KB L2 cache) 1 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 536440832 (511MB)
avail mem = 517705728 (493MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/12/02, BIOS32 rev. 0 @ 0xfdae0, SMBIOS
rev. 2.3 @ 0xf0630 (22 entries)
bios0: vendor American Megatrends Inc. version "07.00T" date 04/02/01
bios0: ECS 735FSX
apm0 at bios0: Power Management spec V1.2
apm0: AC on, no battery
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7760/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:02:0 ("SiS 85C503 System" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xf400
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "SiS 735 PCI" rev 0x01
sisagp0 at pchb0
agp0 at sisagp0: aperture at 0xd0000000, size 0x4000000
ppb0 at pci0 dev 1 function 0 "SiS 86C201 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "NVIDIA GeForce FX 5200" rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 2 function 0 "SiS 85C503 System" rev 0x00
ohci0 at pci0 dev 2 function 2 "SiS 5597/5598 USB" rev 0x07: irq 5, version
1.0, legacy support
ohci1 at pci0 dev 2 function 3 "SiS 5597/5598 USB" rev 0x07: irq 10, version
1.0, legacy support
pciide0 at pci0 dev 2 function 5 "SiS 5513 EIDE" rev 0xd0: 735: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD800BB-55HEA0>
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
rl0 at pci0 dev 13 function 0 "Realtek 8139" rev 0x10: irq 12, address
00:08:a1:77:6d:50
rlphy0 at rl0 phy 0: RTL internal PHY
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
it0 at isa0 port 0x2e/2: IT8705F rev 2, EC port 0x290
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 "SiS OHCI root hub" rev 1.00/1.00 addr 1
usb1 at ohci1: USB revision 1.0
uhub1 at usb1 "SiS OHCI root hub" rev 1.00/1.00 addr 1
biomask efed netmask ffed ttymask ffff
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
>Release-Note:
>Audit-Trail:
>Unformatted:
