You're right, I forgot to ping them! On Mon, Jul 1, 2024 at 11:45 AM Łukasz Zemczak <[email protected]> wrote:
> Did we get verification from the Ubuntu Core team if this actually fixes > the problem for them? Looks like it's a required step in the > verification. > > -- > You received this bug notification because you are a bug assignee. > https://bugs.launchpad.net/bugs/2063200 > > Title: > useradd --extrausers --groups tries to lock /etc/group > > Status in shadow package in Ubuntu: > Fix Released > Status in shadow source package in Jammy: > Invalid > Status in shadow source package in Mantic: > Won't Fix > Status in shadow source package in Noble: > Fix Committed > Status in shadow source package in Oracular: > Fix Released > > Bug description: > [ Impact ] > > On Ubuntu Core 24 calling the command line > > useradd --extrausers --groups somegroup somenewuser > > ... fails with: > > useradd: cannot lock /etc/group; try again later. > > It worked on 22.04. /etc is not writable. It also fails if somegroup > is a group in extrausers. > > [ Test Plan ] > > Part of the upload is adding an autopkgtest script testing useradd and > usermod in the extrausers+readonly-etc case. > > In addition, the following commands should be run as root in a fresh > container: > > ``` > # Install prerequisites > apt install libnss-extrausers > sed -i -r '/^(passwd|group|shadow|gshadow)/ s/$/ extrausers/' > /etc/nsswitch.conf # enable extrausers in group, passwd, shadow and gshadow > > # Sanity checks of "normal" path > groupadd etcgroup > useradd --groups etcgroup etcuser > id etcuser | grep etcgroup > groupadd etcgroup2 > usermod --groups etcgroup2 etcuser > id etcuser | grep etcgroup2 > useradd --groups nullgroup etcuser || echo Successfully rejected invalid > group > > ls /var/lib/extrausers/ # should be empty > > # Sanity checks of "extrausers" path in rw context > groupadd --extrausers extragroup > useradd --extrausers --groups extragroup extrauser # currently fails > id extrauser | grep extragroup > useradd --extrausers extrauser2 > id extrauser2 > > # Sanity checks of "extrausers" path in ro context > mv /etc /etc-rw > mkdir /etc > mount -o bind,ro /etc-rw /etc > groupadd --extrausers extragroup2 > useradd --extrausers --groups etcgroup extrauser3 > id extrauser4 | grep etcgroup > ``` > > Furthermore, validation from the Ubuntu Core team that this actually > fixes > their use case is required. > > [ Where problems could occur ] > > Regression potential is in the group validation stage of the `usermod` > and > `useradd` tools. Besides the usual risks related to C code, the various > failure > scenarios that come to mind are: > > * try to add the user to an non-existing local group, which would fail > further > down with a different error message > * actually fail to identify a valid local group > * Fail to either add the user to the system, or the user to the group > * Update the wrong file (/var/lib/extrausers/* vs /etc/*) > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2063200/+subscriptions > > Launchpad-Notification-Type: bug > Launchpad-Bug: distribution=ubuntu; sourcepackage=shadow; component=main; > status=Fix Released; importance=Undecided; assignee= > [email protected]; > Launchpad-Bug: distribution=ubuntu; distroseries=jammy; > sourcepackage=shadow; component=main; status=Invalid; importance=Undecided; > assignee=None; > Launchpad-Bug: distribution=ubuntu; distroseries=mantic; > sourcepackage=shadow; component=main; status=Won't Fix; > importance=Undecided; assignee=None; > Launchpad-Bug: distribution=ubuntu; distroseries=noble; > sourcepackage=shadow; component=main; status=Fix Committed; > importance=High; [email protected]; > Launchpad-Bug: distribution=ubuntu; distroseries=oracular; > sourcepackage=shadow; component=main; status=Fix Released; > importance=Undecided; [email protected]; > Launchpad-Bug-Tags: foundations-todo regression-proposed verification-done > verification-done-noble > Launchpad-Bug-Information-Type: Public > Launchpad-Bug-Private: no > Launchpad-Bug-Security-Vulnerability: no > Launchpad-Bug-Commenters: janitor marius-vollmer-gmail schopin sil2100 > tjaalton ubuntu-sru-bot valentin.david vorlon > Launchpad-Bug-Reporter: Valentin David (valentin.david) > Launchpad-Bug-Modifier: Łukasz Zemczak (sil2100) > Launchpad-Message-Rationale: Assignee > Launchpad-Message-For: schopin > > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063200 Title: useradd --extrausers --groups tries to lock /etc/group To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2063200/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
