[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
Hey Chris! Any reason you only released the focal one? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Bionic: Fix Committed Status in shadow source package in Focal: Fix Released Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: Fix Released Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw After configuring your account, connect to youd device via SSH: ssh @localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all. * In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters. [Other Info] Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
This bug was fixed in the package shadow - 1:4.8.1-1ubuntu5.20.04.2 --- shadow (1:4.8.1-1ubuntu5.20.04.2) focal; urgency=medium [ Michael Vogt ] * debian/patches/1010_extrausers.patch: Add automatic detection of "extrausers" for usermod -G (LP: #1959375) -- Alberto Mardegan Mon, 14 Mar 2022 11:26:09 +0300 ** Changed in: shadow (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Bionic: Fix Committed Status in shadow source package in Focal: Fix Released Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: Fix Released Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw After configuring your account, connect to youd device via SSH: ssh @localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all. * In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters. [Other Info] Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
Yeeah, ok. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Bionic: Fix Committed Status in shadow source package in Focal: Fix Committed Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: Fix Released Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw After configuring your account, connect to youd device via SSH: ssh @localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all. * In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters. [Other Info] Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Bionic: Fix Committed Status in shadow source package in Focal: Fix Committed Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: Fix Released Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw After configuring your account, connect to youd device via SSH: ssh @localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all. * In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters. [Other Info] Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
Hi Brian, I finally tested the new packages on Ubuntu Core 18 (with the bionic packages) and Ubuntu Core 20 (with the focal ones). I first tried to reproduce the issue in Ubuntu Desktop, by making /etc/groups and /etc/passwd read-only and indeed I couldn't add my user to a group, but unfortunately then I couldn't get the extrausers database setup correctly, so I gave up and just ran a quick smoke test to verify that the new binaries work as expected and instead focused on Ubuntu Core, that's where we initially had the issue. The only problem is that I didn't test the entire deb packages, since the root FS in UC is read-only and not debian-based, but I just extrated the binaries from the passwd deb package and bind-mounted them over the original UC ones. Then I was able to add my user to a group, without needing to specify the --extrausers parameter. I hope that this is good enough as a verification. ** Tags removed: verification-needed-bionic verification-needed-focal ** Tags added: verification-done-bionic verification-done-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Bionic: Fix Committed Status in shadow source package in Focal: Fix Committed Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: Fix Released Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw After configuring your account, connect to youd device via SSH: ssh @localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all. * In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters. [Other Info] Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
Hello Michael, or anyone else affected, Accepted shadow into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shadow/1:4.8.1-1ubuntu5.20.04.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: shadow (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-focal ** Changed in: shadow (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Bionic: Fix Committed Status in shadow source package in Focal: Fix Committed Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: Fix Released Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw After configuring your account, connect to youd device via SSH: ssh @localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all. * In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters. [Other Info] Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Changed in: shadow (Ubuntu Bionic) Status: New => In Progress ** Changed in: shadow (Ubuntu Focal) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Bionic: In Progress Status in shadow source package in Focal: In Progress Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: Fix Released Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw After configuring your account, connect to youd device via SSH: ssh @localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all. * In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters. [Other Info] Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
This bug was fixed in the package shadow - 1:4.8.1-2ubuntu2 --- shadow (1:4.8.1-2ubuntu2) jammy; urgency=medium [ Michael Vogt ] * debian/patches/1010_extrausers.patch: Add automatic detection of "extrausers" for usermod -G (LP: #1959375) -- Alberto Mardegan Mon, 14 Mar 2022 11:59:13 +0300 ** Changed in: shadow (Ubuntu Jammy) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: Fix Released Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw After configuring your account, connect to youd device via SSH: ssh @localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all. * In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters. [Other Info] Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Description changed: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: - qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ - -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ - -device virtio-net-pci,netdev=mynet0 \ - -drive file=,format=raw + qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ + -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ + -device virtio-net-pci,netdev=mynet0 \ + -drive file=,format=raw - + After configuring your account, connect to youd device via SSH: + ssh @localhost -p 8022 + + And issue these commands + + sudo snap install microk8s --channel=latest/edge/stable + + # microk8s is going to eat up all your disk space, so stop it as soon + # as the prompt comes back: + sudo microk8s stop + + # Add your user to the microk8s group + sudo usermod -G snap_microk8s $(whoami) + + The last command will fail unless this bug is fixed. If the bug is + fixed, the command will succeed, and after logging out and in again, you + can verify that you've been added to the snap_microk8s group by running + the "groups" command. + + + [Where problems could occur] + + * The patch only touches error code paths and adds a fallback mechanism + in them. Therefore, "normal" operations, where these commands would have + succeeded before, will not be affected at all. + + * In those cases when usermod fails because it failed to find or load + the requested user/group, we reset the user/group database paths to our + writable user/group databases, and retry the operation. Note that the + path for our database is hardcoded in the program source, so the + security risk seems contained. We do not add additional command-line + parameters. + + + [Other Info] Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: New Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw After configuring your account, connect to youd device via SSH: ssh @localhost -p 8022 And issue these commands sudo snap install microk8s --channel=latest/edge/stable # microk8s is going to eat up all your disk space, so stop it as soon # as the prompt comes back: sudo microk8s stop # Add your user to the microk8s group sudo usermod -G snap_microk8s $(whoami) The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command. [Where problems could occur] * The patch only touches error code paths and adds a fall
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Description changed: + [Impact] + + * In order to use the microk8s snap in Ubuntu Core, one currently needs + to be root. This is far from optimal, since normally (on desktop and + server installations) this is not necessary. + + * This make it hard to provide consistent documentation on microk8s + across all supported device, if we have to take the "sudo" command into + account, and how file permissions for generated files might be affected. + + + [Test Plan] + + The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are + as following (replace "" with the actual path of your Ubuntu + Core image file: + + qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ + -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ + -device virtio-net-pci,netdev=mynet0 \ + -drive file=,format=raw + + + + + Original bug description + + Currently doing something like: - sudo usermod -a -G snap_microk8s dbeamonte + sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with - usermod: /etc/group.15965: Read-only file system + usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: New Bug description: [Impact] * In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary. * This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected. [Test Plan] The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "" with the actual path of your Ubuntu Core image file: qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \ -netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \ -device virtio-net-pci,netdev=mynet0 \ -drive file=,format=raw Original bug description Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
Marking as Invalid for Impish, since the issue only happens with a read- only rootfs like we use in Ubuntu Core, and UC is only based on LTS releases. ** Changed in: shadow (Ubuntu Impish) Status: New => Won't Fix ** Changed in: shadow (Ubuntu Impish) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: Won't Fix Status in shadow source package in Jammy: New Bug description: Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Patch added: "debdiff for Bionic" https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568639/+files/0001-Bionic-patch-for-LP-1959375.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: New Status in shadow source package in Jammy: New Bug description: Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Patch added: "debdiff for Jammy" https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568614/+files/0001-Jammy-changes-for-LP-1797786.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: New Status in shadow source package in Jammy: New Bug description: Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Patch removed: "debdiff for Focal" https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568607/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch ** Patch added: "debdiff for Focal" https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568613/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: New Status in shadow source package in Jammy: New Bug description: Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Patch removed: "Patch for focal" https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568568/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch ** Patch added: "debdiff for Focal" https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568607/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: New Status in shadow source package in Jammy: New Bug description: Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
I tested a newer version of the patch that Michael sent me, and I verify that it works properly :-) I'm attaching it here; it includes changes to the 1015_add_zsys_support.patch, but that's only as a result of a quilt refresh, since the patch did not apply cleanly anymore (since src/usermod.c was modified in our patch before). I've been testing this on Focal. ** Patch added: "Patch for focal" https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568568/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: New Status in shadow source package in Jammy: New Bug description: Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: New Status in shadow source package in Jammy: New Bug description: Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Patch added: "debdiff for the PPA jammy test upload" https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5557912/+files/shadow_4.8.1-2ubuntu2~ppa1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: New Status in shadow source package in Jammy: New Bug description: Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959375] Re: [SRU] Please support group manipulation with "extrausers"
** Patch added: "Proposed (untested) patch" https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5557911/+files/shadow-lp1959375.diff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1959375 Title: [SRU] Please support group manipulation with "extrausers" Status in shadow package in Ubuntu: New Status in shadow source package in Bionic: New Status in shadow source package in Focal: New Status in shadow source package in Impish: New Status in shadow source package in Jammy: New Bug description: Currently doing something like: sudo usermod -a -G snap_microk8s dbeamonte on a Ubuntu Core system will fail with usermod: /etc/group.15965: Read-only file system This is because the existing usermod patches to detect the extrausers file do not cover this case. Attached a simple patch that enables it. I will give this patch a test run in our image PPA for jammy and if things look good I would like upload to 22.04 and SRU for 20.04 and 18.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
