Bug#1030253: gnome-control-center: Creating a user via "gnome-control-center user-accounts" results in a user with shell set to nologin

2023-02-01 Thread Simon McVittie 
Control: severity -1 serious
Control: tags -1 + patch pending

On Wed, 01 Feb 2023 at 19:53:32 +, Simon McVittie wrote:
> If I understand correctly, what gnome-control-center wants to do is
> to create a user with an invalid password (unable to log in), and then
> as a separate D-Bus transaction, do something to its password: either
> change the password, or put it into a state where the user can log in
> unauthenticated and will be prompted for a new password.
> 
> Probably it should now be using --disabled-password instead of
> --disabled-login to get that effect? adduser maintainers: is my guess
> correct?

Looking at adduser source code, it seems I was right about that being
the desired change. Fix pending in
https://salsa.debian.org/freedesktop-team/accountsservice/-/commit/9a479abc241af68ea2fc7e8ec896ac0ab2a39c58

> For now I'm only escalating this to important, but I think it probably
> deserves to be RC for accountsservice.

This triggered #1030262, which I think is enough to make it RC.

smcv

Bug#1030253: gnome-control-center: Creating a user via "gnome-control-center user-accounts" results in a user with shell set to nologin

2023-02-01 Thread Simon McVittie 
Control: reassign -1 accountsservice 22.08.8-1
Control: severity -1 important

(Quoting full text for Cc'd packages' maintainers)

On Wed, 01 Feb 2023 at 19:09:07 +0200, Timo Lindfors wrote:
> Steps to reproduce:
> 1) Run "gnome-control-center user-accounts"
> 2) Click "Unlock..."
> 3) Enter root password
> 4) Click "Add User..."
> 5) Enter "demo2" as Name and Username and click "Add".
> 6) Select "Switch User..." from gnome power menu
> 7) Login as "demo2"
> 8) Enter new password when prompted
> 9) Start a browser
> 10) Start a terminal
> 
> Expected results:
> 9) Browser starts
> 10) Terminal starts
> 
> Actual results:
> 9) Browser starts
> 10) Terminal starts but immediately closes
> 
> More info:
> 
> This issue does not occur in Debian 11 so it is a
> regression. /etc/passwd contains the following line:
> 
> demo2:x:1002:1002:demo2,,,:/home/demo2:/usr/sbin/nologin
> 
> It seems that gnome-control-center calls accounts-daemon over dbus to
> create the user. It does not specify the shell in the dbus
> call. accounts-daemon eventually ends up calling
> 
> adduser --quiet --disabled-login --gecos demo2 demo2
> 
> It seems that the behavior of adduser has changed. In Debian 11 this
> creates a user with a shell but in adduser 3.130 it creates a user
> with shell set to nologin.
> 
> Please reassign if you believe this issue should be assigned to
> accounts-daemon or adduser.

I'm pretty sure this is not a gnome-control-center bug: creating a
user via accounts-daemon's D-Bus API should have sufficiently sensible
defaults that this doesn't happen (and gnome-control-center doesn't have
UI for the equivalent of chsh, so it shouldn't be second-guessing what
the default shell is).

I believe the adduser behaviour change is intentional, in
,
which would point to this being an accountsservice (accounts-daemon) bug:
it needs updating to work correctly with the adduser behaviour change.

If I understand correctly, what gnome-control-center wants to do is
to create a user with an invalid password (unable to log in), and then
as a separate D-Bus transaction, do something to its password: either
change the password, or put it into a state where the user can log in
unauthenticated and will be prompted for a new password.

Probably it should now be using --disabled-password instead of
--disabled-login to get that effect? adduser maintainers: is my guess
correct?

For now I'm only escalating this to important, but I think it probably
deserves to be RC for accountsservice.

smcv

Bug#1030253: gnome-control-center: Creating a user via "gnome-control-center user-accounts" results in a user with shell set to nologin

2023-02-01 Thread Timo Lindfors 
Package: gnome-control-center
Version: 1:43.2-2
Severity: normal
X-Debbugs-Cc: timo.lindf...@iki.fi, timo.lindf...@iki.fi

Steps to reproduce:
1) Run "gnome-control-center user-accounts"
2) Click "Unlock..."
3) Enter root password
4) Click "Add User..."
5) Enter "demo2" as Name and Username and click "Add".
6) Select "Switch User..." from gnome power menu
7) Login as "demo2"
8) Enter new password when prompted
9) Start a browser
10) Start a terminal

Expected results:
9) Browser starts
10) Terminal starts

Actual results:
9) Browser starts
10) Terminal starts but immediately closes

More info:

This issue does not occur in Debian 11 so it is a
regression. /etc/passwd contains the following line:

demo2:x:1002:1002:demo2,,,:/home/demo2:/usr/sbin/nologin

It seems that gnome-control-center calls accounts-daemon over dbus to
create the user. It does not specify the shell in the dbus
call. accounts-daemon eventually ends up calling

adduser --quiet --disabled-login --gecos demo2 demo2

It seems that the behavior of adduser has changed. In Debian 11 this
creates a user with a shell but in adduser 3.130 it creates a user
with shell set to nologin.

Please reassign if you believe this issue should be assigned to
accounts-daemon or adduser.

best regards,
Timo Lindfors

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-2-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-control-center depends on:
ii  accountsservice   22.08.8-1+b1
ii  apg   2.2.3.dfsg.1-5+b2
ii  colord1.4.6-2.1
ii  desktop-base  12.0.2
ii  desktop-file-utils0.26-1
ii  gnome-control-center-data 1:43.2-2
ii  gnome-desktop3-data   43.1-1
ii  gnome-settings-daemon 43.0-4
ii  gsettings-desktop-schemas 43.0-1
ii  libaccountsservice0   22.08.8-1+b1
ii  libadwaita-1-01.2.1-2
ii  libc6 2.36-8
ii  libcairo2 1.16.0-7
ii  libcolord-gtk4-1  0.3.0-3
ii  libcolord21.4.6-2.1
ii  libcups2  2.4.2-1+b2
ii  libepoxy0 1.5.10-1
ii  libfontconfig12.14.1-3
ii  libgcr-base-3-1   3.41.1-1+b1
ii  libgdk-pixbuf-2.0-0   2.42.10+dfsg-1+b1
ii  libglib2.0-0  2.74.5-1
ii  libgnome-bg-4-2   43.1-1
ii  libgnome-bluetooth-ui-3.0-13  42.5-2
ii  libgnome-desktop-4-2  43.1-1
ii  libgnome-rr-4-2   43.1-1
ii  libgnutls30   3.7.8-4
ii  libgoa-1.0-0b 3.46.0-1
ii  libgoa-backend-1.0-1  3.46.0-1
ii  libgsound01.0.3-2
ii  libgtk-3-03.24.36-2
ii  libgtk-4-14.8.3+ds-1+b1
ii  libgtop-2.0-112.40.0-2
ii  libgudev-1.0-0237-2
ii  libibus-1.0-5 1.5.27-4
ii  libkrb5-3 1.20.1-1
ii  libmalcontent-0-0 0.11.0-3
ii  libmm-glib0   1.20.4-1
ii  libnm01.40.10-1
ii  libnma-gtk4-0 1.10.6-1
ii  libpango-1.0-01.50.12+ds-1
ii  libpangocairo-1.0-0   1.50.12+ds-1
ii  libpolkit-gobject-1-0 122-2
ii  libpulse-mainloop-glib0   16.1+dfsg1-2+b1
ii  libpulse0 16.1+dfsg1-2+b1
ii  libpwquality1 1.4.5-1+b1
ii  libsecret-1-0 0.20.5-3
ii  libsmbclient  2:4.17.5+dfsg-1
ii  libsnapd-glib-2-1 1.63-4
ii  libudisks2-0  2.9.4-4
ii  libupower-glib3   0.99.20-2
ii  libwacom9 2.5.0-1
ii  libx11-6  2:1.8.3-3
ii  libxi62:1.8-1+b1
ii  libxml2   2.9.14+dfsg-1.1+b3
ii  webp-pixbuf-loader0.0.5-5

Versions of packages gnome-control-center recommends:
ii  cracklib-runtime  2.9.6-5+b1
ii  cups-pk-helper0.2.6-1+b1
ii  gkbd-capplet  3.28.1-1
ii  gnome-bluetooth-sendto42.5-2
ii  gnome-online-accounts 3.46.0-1
ii  gnome-remote-desktop  43.3-1
ii  gnome-user-docs   43.0-1
ii  gnome-user-share  43.0-1
ii  iso-codes 4.12.0-1
ii  libcanberra-pulse 0.30-10
ii  libnss-myhostname 252.4-2
ii  libspa-0.2-bluetooth  0.3.65-1
ii  malcontent-gui0.11.0-3
ii  network-manager-gnome 1.30.0-2
ii  polkitd   122-2
ii  power-profiles-daemon 0.12-1+b1
ii  realmd0.17.1-1
ii  rygel 0.42.0-2
ii  rygel-tracker 0.42.0-2
ii