Gerhard Schrenk
2005-Mar-10 14:10 UTC
[Adduser-devel] Bug#298883: adduser --system should add users without expire period
Package: adduser Version: 3.59 Severity: wishlist ''adduser --system'' adds apparently users with expire and warn period from /etc/login.defs For example it reads the following setting in /etc/login.defs PASS_MAX_DAYS 183 PASS_MIN_DAYS 0 PASS_WARN_AGE 183 Example: After 1/2 year after upgrading to sarge logcheck (which added a new system user) suddenly stopped mailing its reports. Sarge default settings are PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_WARN_AGE 7 Maybe ''PASS_MAX_DAYS 0'' instead of 99999 would be the sane setting for _system_ users, if it would mean no expire period at all?? But this is not documented in shadow(5) and I have not verified this value is sane. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, ''testing'') Architecture: i386 (i686) Kernel: Linux 2.4.26-ow2-wjq Locale: LANG=C, LC_CTYPE= (charmap=ANSI_X3.4-1968) Versions of packages adduser depends on: ii debconf 1.4.30.11 Debian configuration management sy ii passwd 1:4.0.3-30.7 Change and administer password and ii perl-base 5.8.4-6 The Pathologically Eclectic Rubbis -- debconf information: * adduser/homedir-permission: false
Marc Haber
2005-Mar-18 17:10 UTC
[Adduser-devel] Bug#298883: adduser --system should add users without expire period
On Thu, Mar 10, 2005 at 03:10:28PM +0100, Gerhard Schrenk wrote:> ''adduser --system'' adds apparently users with expire and warn period > from /etc/login.defs > > For example it reads the following setting in /etc/login.defs > PASS_MAX_DAYS 183 > PASS_MIN_DAYS 0 > PASS_WARN_AGE 183 > > Example: After 1/2 year after upgrading to sarge logcheck (which added a > new system user) suddenly stopped mailing its reports.Yuck. Did the account actually have a password? Can you please verify whether useradd -x 99999 will create an account without that restriction? The only possible fix for _adduser_ would be to ignore PASS_MAX_DAYS for system account creation. Is that what you''re suggesting? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Gerhard Schrenk
2005-Mar-21 15:16 UTC
[Adduser-devel] Bug#298883: adduser --system should add users without expire period
* Marc Haber <mh+debian-packages@zugschlus.de> [2005-03-18 18:10]:> On Thu, Mar 10, 2005 at 03:10:28PM +0100, Gerhard Schrenk wrote: > > ''adduser --system'' adds apparently users with expire and warn period > > from /etc/login.defs > > > > For example it reads the following setting in /etc/login.defs > > PASS_MAX_DAYS 183 > > PASS_MIN_DAYS 0 > > PASS_WARN_AGE 183 > > > > Example: After 1/2 year after upgrading to sarge logcheck (which added a > > new system user) suddenly stopped mailing its reports. > > Yuck. > > Did the account actually have a password?No password. Before I fixed it the shadow entry was gandalf:/.home/gandalf/gps# getent shadow logcheck logcheck:!:12656:0:183:183::: The system account logcheck was not in woody. It has been introduced in unstable/sarge. From /usr/share/doc/logcheck/NEWS.Debian.gz: |logcheck (1.2.19-2) unstable; urgency=low | | * As of version 1.2.19, logcheck no longer runs as root. | Logcheck runs as user logcheck which has been created | and added to group adm upon configuration. | | If you have customized your configuration, | you will need to be sure that your | logs are readable by the logcheck user. I upgraded from woody -> sarge on 26 Aug 2004. On 26 Feb 2004 logcheck stopped mailing. For sshd and sslwrap I had the same insane entries (183:183 instead of 99999:7; without password).> Can you please verify whether useradd -x 99999 will create an account > without that restriction?Um. No. gandalf:/home/gandalf/gps# useradd -x 99999 testit useradd: invalid option -- x usage: useradd [-u uid [-o]] [-g group] [-G group,...] [-d home] [-s shell] [-c comment] [-m [-k template]] [-f inactive] [-e expire ] [-p passwd] name useradd -D [-g group] [-b base] [-s shell] [-f inactive] [-e expire ] Do you mean useradd -e 99999? gandalf:/home/gandalf/gps# grep ^PASS /etc/login.defs PASS_MAX_DAYS 183 PASS_MIN_DAYS 0 PASS_WARN_AGE 183 PASS_MAX_LEN 8 gandalf:/home/gandalf/gps# useradd -e 99999 testit gandalf:/home/gandalf/gps# getent passwd testit testit:x:11322:100::/home/testit: gandalf:/home/gandalf/gps# getent shadow testit testit:!:12863:0:183:183::17324:> The only possible fix for _adduser_ would be to ignore PASS_MAX_DAYS > for system account creation. Is that what you''re suggesting?Yes. I think this should be the sane default behaviour for ''adduser --system''. Only adduser and adduser.conf is mentioned in debian policy section 9.2.2 (and neither useradd nor /etc/login.defs). I suppose you should fix this independant of what useradd ist doing. But maybe the right thing is to actually fix useradd?? At least its manpage does not mention /etc/login.defs. Therefore I have cc''ed its maintainers. -- Gerhard
Marc Haber
2005-Apr-16 17:12 UTC
[Adduser-devel] Bug#298883: Re: adduser --system should add users without expire period
retitle #298883 PASS_MAX_DAYS in /etc/login.defs creates expiring system accounts - on hold until #304934 is fixed thanks Hi, On Mon, Mar 21, 2005 at 04:16:41PM +0100, Gerhard Schrenk wrote:> gandalf:/home/gandalf/gps# useradd -x 99999 testit > useradd: invalid option -- x > usage: useradd [-u uid [-o]] [-g group] [-G group,...] > [-d home] [-s shell] [-c comment] [-m [-k template]] > [-f inactive] [-e expire ] [-p passwd] name > useradd -D [-g group] [-b base] [-s shell] > [-f inactive] [-e expire ] > > Do you mean useradd -e 99999?No. I don''t know where the -x came from in my mind. But, alas, it looks like useradd doesn''t allow the PASS_MAX_DAYS to be overridden on the command line, making this bug unfixable within adduser. I have thus opened a bug against useradd (#304934) to allow this, and will implement the appropriate option as soon as useradd provides the needed facility.> > The only possible fix for _adduser_ would be to ignore PASS_MAX_DAYS > > for system account creation. Is that what you''re suggesting? > > Yes. I think this should be the sane default behaviour for ''adduser --system''. > Only adduser and adduser.conf is mentioned in debian policy section 9.2.2 (and > neither useradd nor /etc/login.defs). I suppose you should fix this independant > of what useradd ist doing.Policy 9.2.2 is right - Packages should use adduser to create system accounts. And this doesn''t work right because the useradd backend isn''t sufficiently flexible.> But maybe the right thing is to actually fix useradd??Yes.> At least its manpage > does not mention /etc/login.defs.That sounds like a documentation bug, as the login.defs manpage clearly says that useradd reads login.defs> Therefore I have cc''ed its maintainers.Good ;) Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Debian Bug Tracking System
2005-Apr-16 17:18 UTC
[Adduser-devel] Processed: Re: Re: adduser --system should add users without expire period
Processing commands for control@bugs.debian.org:> retitle #298883 PASS_MAX_DAYS in /etc/login.defs creates expiring system accounts - on hold until #304934 is fixedBug#298883: adduser --system should add users without expire period Changed Bug title.> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Alexander Gattin
2005-Apr-16 18:37 UTC
[Adduser-devel] Bug#298883: [Pkg-shadow-devel] Re: Re: adduser --system should add users without expire period
Hi! On Sat, Apr 16, 2005 at 07:12:54PM +0200, Marc Haber wrote:> No. I don''t know where the -x came from in my mind. But, alas, it > looks like useradd doesn''t allow the PASS_MAX_DAYS to be overridden on > the command line, making this bug unfixable within adduser.OK. We will elaborate on this issue. I suspect this is fixed in upstream.> I have thus opened a bug against useradd (#304934) to allow this, and will > implement the appropriate option as soon as useradd provides the > needed facility.Would you like me to Cc the bug #298883 when adding comments to 304934?> > But maybe the right thing is to actually fix useradd?? > Yes._All_ should work as expected. I don''t think that having "-e" option is just for using default value anyway. -- WBR, xrgtn
Marc Haber
2005-Apr-17 16:39 UTC
[Adduser-devel] Bug#298883: Re: Re: adduser --system should add users without expire period
retitle #298883 PASS_MAX_DAYS set in /etc/login.defs results in expiring system accounts tags #298883 confirmed pending thanks On Sat, Apr 16, 2005 at 07:12:54PM +0200, Marc Haber wrote:> No. I don''t know where the -x came from in my mind. But, alas, it > looks like useradd doesn''t allow the PASS_MAX_DAYS to be overridden on > the command line, making this bug unfixable within adduser.This is of course wrong. adduser now uses chage to set a 99999 expiry period for passwords on system accounts, overwriting whatever default might be. This fix has been committed to svn. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Debian Bug Tracking System
2005-Apr-17 16:48 UTC
[Adduser-devel] Processed: Re: Re: Re: adduser --system should add users without expire period
Processing commands for control@bugs.debian.org:> retitle #298883 PASS_MAX_DAYS set in /etc/login.defs results in expiring system accountsBug#298883: PASS_MAX_DAYS in /etc/login.defs creates expiring system accounts - on hold until #304934 is fixed Changed Bug title.> tags #298883 confirmed pendingBug#298883: PASS_MAX_DAYS set in /etc/login.defs results in expiring system accounts There were no tags set. Tags added: confirmed, pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2005-Jun-18 18:48 UTC
[Adduser-devel] Bug#298883: marked as done (PASS_MAX_DAYS set in /etc/login.defs results in expiring system accounts)
Your message dated Sat, 18 Jun 2005 14:32:08 -0400 with message-id <E1Dji6y-00049i-00@newraff.debian.org> and subject line Bug#298883: fixed in adduser 3.64 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at maintonly) by bugs.debian.org; 10 Mar 2005 14:10:33 +0000>From gps@mittelerde.physik.uni-konstanz.de Thu Mar 10 06:10:33 2005Return-path: <gps@mittelerde.physik.uni-konstanz.de> Received: from honk1.physik.uni-konstanz.de [134.34.140.224] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D9OMz-000210-00; Thu, 10 Mar 2005 06:10:33 -0800 Received: from localhost (localhost.localnet [127.0.0.1]) by honk1.physik.uni-konstanz.de (Postfix) with ESMTP id 41CA32BC3F for <maintonly@bugs.debian.org>; Thu, 10 Mar 2005 15:10:32 +0100 (CET) Received: from honk1.physik.uni-konstanz.de ([127.0.0.1]) by localhost (honk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17560-47 for <maintonly@bugs.debian.org>; Thu, 10 Mar 2005 15:10:28 +0100 (CET) Received: from gandalf.physik.uni-konstanz.de (gandalf.physik.uni-konstanz.de [134.34.140.5]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by honk1.physik.uni-konstanz.de (Postfix) with ESMTP id 8013A2BC3E for <maintonly@bugs.debian.org>; Thu, 10 Mar 2005 15:10:28 +0100 (CET) Received: by gandalf.physik.uni-konstanz.de (Postfix, from userid 504) id 2FC3BC; Thu, 10 Mar 2005 15:10:28 +0100 (CET) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Gerhard Schrenk <gps@mittelerde.physik.uni-konstanz.de> To: Debian Bug Tracking System <maintonly@bugs.debian.org> Subject: adduser --system should add users without expire period X-Mailer: reportbug 3.2 Date: Thu, 10 Mar 2005 15:10:28 +0100 Message-Id: <20050310141028.2FC3BC@gandalf.physik.uni-konstanz.de> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at honk.physik.uni-konstanz.de Delivered-To: maintonly@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: adduser Version: 3.59 Severity: wishlist ''adduser --system'' adds apparently users with expire and warn period from /etc/login.defs For example it reads the following setting in /etc/login.defs PASS_MAX_DAYS 183 PASS_MIN_DAYS 0 PASS_WARN_AGE 183 Example: After 1/2 year after upgrading to sarge logcheck (which added a new system user) suddenly stopped mailing its reports. Sarge default settings are PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_WARN_AGE 7 Maybe ''PASS_MAX_DAYS 0'' instead of 99999 would be the sane setting for _system_ users, if it would mean no expire period at all?? But this is not documented in shadow(5) and I have not verified this value is sane. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, ''testing'') Architecture: i386 (i686) Kernel: Linux 2.4.26-ow2-wjq Locale: LANG=C, LC_CTYPE= (charmap=ANSI_X3.4-1968) Versions of packages adduser depends on: ii debconf 1.4.30.11 Debian configuration management sy ii passwd 1:4.0.3-30.7 Change and administer password and ii perl-base 5.8.4-6 The Pathologically Eclectic Rubbis -- debconf information: * adduser/homedir-permission: false --------------------------------------- Received: (at 298883-close) by bugs.debian.org; 18 Jun 2005 18:38:19 +0000>From katie@ftp-master.debian.org Sat Jun 18 11:38:19 2005Return-path: <katie@ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DjiCx-0000bk-00; Sat, 18 Jun 2005 11:38:19 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1Dji6y-00049i-00; Sat, 18 Jun 2005 14:32:08 -0400 From: Marc Haber <mh+debian-packages@zugschlus.de> To: 298883-close@bugs.debian.org X-Katie: $Revision: 1.56 $ Subject: Bug#298883: fixed in adduser 3.64 Message-Id: <E1Dji6y-00049i-00@newraff.debian.org> Sender: Archive Administrator <katie@ftp-master.debian.org> Date: Sat, 18 Jun 2005 14:32:08 -0400 Delivered-To: 298883-close@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 2 Source: adduser Source-Version: 3.64 We believe that the bug you reported is fixed in the latest version of adduser, which is due to be installed in the Debian FTP archive: adduser_3.64.dsc to pool/main/a/adduser/adduser_3.64.dsc adduser_3.64.tar.gz to pool/main/a/adduser/adduser_3.64.tar.gz adduser_3.64_all.deb to pool/main/a/adduser/adduser_3.64_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 298883@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marc Haber <mh+debian-packages@zugschlus.de> (supplier of updated adduser package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 18 Jun 2005 17:09:56 +0000 Source: adduser Binary: adduser Architecture: source all Version: 3.64 Distribution: unstable Urgency: low Maintainer: Debian Adduser Developers <adduser-devel@lists.alioth.debian.org> Changed-By: Marc Haber <mh+debian-packages@zugschlus.de> Description: adduser - Add and remove users and groups Closes: 298834 298883 299489 300641 302837 303854 307599 308881 313517 Changes: adduser (3.64) unstable; urgency=low . * The "bring the svn changes to unstable while not having time to address the other valid bug reports" release. * try Priority: - to avoid override disparities * Updated Norwegian Bokmal debconf templates and program translations. Thanks to Hans Fredrik Nordhaug. (mh) Closes: #298834 * Re-generate adduser.pot, fix gettext bugs in deluser. Thanks to Hans Fredrik Nordhaug. (mh) * Now handles /etc/skel correctly even if it is not readable for a normal user. Thanks to Chapko Dimitrij. (mh) Closes: #299489 * Zap program synopsis comments from the beginning. * Fix $ error in adduser.conf.5. Thanks to Kevin Ryde. (mh) Closes: #300641 * Add Finnish debconf templates. Thanks to Matti Pöllä. (mh) Closes: #303854 * Add Vietnamese debconf templates. Thanks to Clytie Siddall. (mh) Closes: #307599 * Fix broken --disabled-login --disabled-password handling. Thanks to Tokka Hastrup. (mh) Closes: #302837 * Use chage to override login.defs PASS_MAX_DAYS for system accounts. Thanks to Gerhard Schrenk. (mh) Closes: #298883 * fix misdocumentation of system user password status. Thanks to Shaul Karl. (mh) Closes: #308881 * add ubuntu patch to generate pot file during package build, and fix two s_print/s_printf invocations in deluser. Thanks to Martin Pitt. (mh) Closes: #313517 Files: 711979e2159409f4519768571b611c78 637 base important adduser_3.64.dsc 1c4c53c95b37ba4c243ed6f8590e1c0b 108282 base important adduser_3.64.tar.gz ed92dd4399e93b53faabde61b84f081a 99822 base important adduser_3.64_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkK0Z2EACgkQgZalRGu6PIRH8QCdErPp8TGAuX5EFZselB9u3FBk GNAAmwfZDgxddj55p0gR3EMrv3W2nItw =lJy0 -----END PGP SIGNATURE-----