Bug#722296: base-passwd: update-passwd adds gnats to passwd but not shadow
Control: merge 471691 -1 On 2017-09-13 19:34 +0200, Sven Joachim wrote: > On 2013-09-09 17:51 -0400, Eric Cooper wrote: > >> Package: base-passwd >> Version: 3.5.28 >> Severity: normal >> >> I had removed the gnats account on my system since I had no use for >> it, not realizing that it was one of the "standard" ones. On the next >> upgrade of base-passwd, it prompted me as follows: >> >> Setting up base-passwd (3.5.28) ... >> >> update-passwd has found some differences between your system accounts >> and the current Debian defaults. It is advisable to allow update-passwd >> to change your system; without those changes some packages might not work >> correctly. For more documentation on the Debian account policies please >> see /usr/share/doc/base-passwd/README. >> >> The list of proposed changes is: >> >> Adding group "gnats" (41) >> Adding user "gnats" (41) >> Would commit 2 changes >> >> It is highly recommended that you allow update-passwd to make these >> changes >> (a backup file of modified files is made with the extension .org so you >> can >> always restore the current settings). >> >> May I update your system? [Y/n] >> Okay, I am going to make the necessary updates now >> Adding group "gnats" (41) >> Adding user "gnats" (41) >> 2 changes have been made, rewriting files >> Writing passwd-file to /etc/passwd >> Writing shadow-file to /etc/shadow >> Writing group-file to /etc/group >> >> But in fact no gnats entry was made to /etc/shadow: >> >> # pwck -q >> no matching password file entry in /etc/shadow >> add user 'gnats' in /etc/shadow? y >> pwck: the files have been updated > > Indeed. I had a look at the update-passwd source, and there are > functions read_shadow and write_shadow to read and write the shadow > file, but nowhere is there any code to process new/deleted/changed > entries in it. So write_shadow will write back /etc/shadow with the > same content read_shadow had read. Going through the bug list again, I found that the problem had already been reported as #471691. Cheers, Sven
Bug#722296: base-passwd: update-passwd adds gnats to passwd but not shadow
On 2013-09-09 17:51 -0400, Eric Cooper wrote: > Package: base-passwd > Version: 3.5.28 > Severity: normal > > I had removed the gnats account on my system since I had no use for > it, not realizing that it was one of the "standard" ones. On the next > upgrade of base-passwd, it prompted me as follows: > > Setting up base-passwd (3.5.28) ... > > update-passwd has found some differences between your system accounts > and the current Debian defaults. It is advisable to allow update-passwd > to change your system; without those changes some packages might not work > correctly. For more documentation on the Debian account policies please > see /usr/share/doc/base-passwd/README. > > The list of proposed changes is: > > Adding group "gnats" (41) > Adding user "gnats" (41) > Would commit 2 changes > > It is highly recommended that you allow update-passwd to make these > changes > (a backup file of modified files is made with the extension .org so you > can > always restore the current settings). > > May I update your system? [Y/n] > Okay, I am going to make the necessary updates now > Adding group "gnats" (41) > Adding user "gnats" (41) > 2 changes have been made, rewriting files > Writing passwd-file to /etc/passwd > Writing shadow-file to /etc/shadow > Writing group-file to /etc/group > > But in fact no gnats entry was made to /etc/shadow: > > # pwck -q > no matching password file entry in /etc/shadow > add user 'gnats' in /etc/shadow? y > pwck: the files have been updated Indeed. I had a look at the update-passwd source, and there are functions read_shadow and write_shadow to read and write the shadow file, but nowhere is there any code to process new/deleted/changed entries in it. So write_shadow will write back /etc/shadow with the same content read_shadow had read. There are even these comments: , | /* Check if new accounts should be made on the system. Please note we don't | * add accounts to shadow here; those will be made automatically at a later | * stage where we verify the contents of the shadow database | */ ` , | /* Check if accounts should be removed. Like with process_new_accounts we | * don't update shadow here since it is verified at a later stage anyway. | * We will only remove accounts in our range (uids 0-99). | */ ` Perhaps "at a later stage" is referring to code that needs yet to be written, because it is simply not there. Cheers, Sven
Bug#722296: base-passwd: update-passwd adds gnats to passwd but not shadow
Package: base-passwd Version: 3.5.28 Severity: normal I had removed the gnats account on my system since I had no use for it, not realizing that it was one of the "standard" ones. On the next upgrade of base-passwd, it prompted me as follows: Setting up base-passwd (3.5.28) ... update-passwd has found some differences between your system accounts and the current Debian defaults. It is advisable to allow update-passwd to change your system; without those changes some packages might not work correctly. For more documentation on the Debian account policies please see /usr/share/doc/base-passwd/README. The list of proposed changes is: Adding group "gnats" (41) Adding user "gnats" (41) Would commit 2 changes It is highly recommended that you allow update-passwd to make these changes (a backup file of modified files is made with the extension .org so you can always restore the current settings). May I update your system? [Y/n] Okay, I am going to make the necessary updates now Adding group "gnats" (41) Adding user "gnats" (41) 2 changes have been made, rewriting files Writing passwd-file to /etc/passwd Writing shadow-file to /etc/shadow Writing group-file to /etc/group But in fact no gnats entry was made to /etc/shadow: # pwck -q no matching password file entry in /etc/shadow add user 'gnats' in /etc/shadow? y pwck: the files have been updated -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (400, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages base-passwd depends on: ii libc6 2.17-92+b1 base-passwd recommends no packages. base-passwd suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org