Lars Wirzenius
2005-Sep-07 23:08 UTC
Bug#327144: adduser: calls chage even when shadow passwords aren''t being used
Package: adduser Version: 3.67 adduser calls (as far as I can determine, not knowing perl) chage for new system accounts unconditionally. chage fails when shadow passwords are not being used. This causes some packages to fail to install (at least under piuparts in a chroot). Would it make sense to only call chage when /etc/shadow exists or possibly only if the newly created account is in /etc/shadow? (Alternatively, if shadowless configurations are to be unsupported, that is fine by me, I''ll fix piuparts to make such chroots.)
Marc Haber
2005-Sep-08 05:18 UTC
[Adduser-devel] Bug#327144: adduser: calls chage even when shadow passwords aren''t being used
On Thu, Sep 08, 2005 at 01:45:39AM +0300, Lars Wirzenius wrote:> adduser calls (as far as I can determine, not knowing perl) chage for > new system accounts unconditionally. chage fails when shadow passwords > are not being used. This causes some packages to fail to install (at > least under piuparts in a chroot).passwd upstream has again changed the error code that adduser tries to catch in that case. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Marc Haber
2005-Sep-08 05:39 UTC
[Adduser-devel] Bug#327144: adduser: calls chage even when shadow passwords aren''t being used
On Thu, Sep 08, 2005 at 01:45:39AM +0300, Lars Wirzenius wrote:> adduser calls (as far as I can determine, not knowing perl) chage for > new system accounts unconditionally. chage fails when shadow passwords > are not being used.Actually, it shouldn''t, starting with version 3.65: * do not abort if chage returns exit code 3. This is an indication that password aging cannot be set due to shadow not being enabled. Closes: #316089, #317944. The only chage call, in line 397, has its return code handled in this way. However, the experimental version of shadow returns a different error code on chage failure due to shadow not enabled, and adduser is not yet adapted. Which version of shadow do you have installed? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Lars Wirzenius
2005-Sep-08 10:10 UTC
[Adduser-devel] Bug#327144: adduser: calls chage even when shadow passwords aren''t being used
to, 2005-09-08 kello 07:24 +0200, Marc Haber kirjoitti:> However, the experimental version of shadow returns a different error > code on chage failure due to shadow not enabled, and adduser is not > yet adapted. Which version of shadow do you have installed?The version in etch, 3.67 (same version in unstable, according to packages.qa.debian.org). The following is the error messages I get, I''ve attached the entire piuparts log file (the log is for bcron-run, which tries to use adduser). chage: can''t open shadow password fileadduser: `/usr/bin/chage -M 99999 cron'' returned error code 1. Aborting. -------------- next part -------------- A non-text attachment was scrubbed... Name: bcron-run.log Type: text/x-log Size: 17185 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20050908/6cd00ca4/bcron-run-0001.bin
Marc Haber
2005-Sep-08 12:49 UTC
[Adduser-devel] Bug#327144: adduser: calls chage even when shadow passwords aren''t being used
On Thu, Sep 08, 2005 at 12:57:04PM +0300, Lars Wirzenius wrote:> to, 2005-09-08 kello 07:24 +0200, Marc Haber kirjoitti: > > However, the experimental version of shadow returns a different error > > code on chage failure due to shadow not enabled, and adduser is not > > yet adapted. Which version of shadow do you have installed? > > The version in etch, 3.67 (same version in unstable, according to > packages.qa.debian.org). The following is the error messages I get, I''ve > attached the entire piuparts log file (the log is for bcron-run, which > tries to use adduser). > > chage: can''t open shadow password fileadduser: `/usr/bin/chage -M > 99999 cron'' > returned error code 1. Aborting.Obviously, shadow in etch does not return a special error code, and decided that it is better to fail for non-shadow setups instead of ignoring all errors which would have been the alternative here. This issue is going to be around until the experimental shadow has migrated to etch and an adapted adduser has been uploaded. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Marc Haber
2005-Sep-08 17:22 UTC
[Adduser-devel] Bug#327144: adduser: calls chage even when shadow passwords aren''t being used
tags #327144 confirmed retitle #327144 shadow >= 1:4.0.3-37 needed for systems without shadow passwords thanks adduser 3.64 introduced code which uses chage to override forced password changes for system accounts (see #298883). This code unfortunately fails on systems that don''t have shadow passwords enabled since on non-shadow system no password aging is possible. To avoid having to ignore _all_ errors returned by chage, shadow 1:4.0.3-37 up to 1:4.0.11.1-1 had chage return 3 on non-shadow systems. adduser 3.65 ignores return code 3 from chage, emitting a warning only. adduser 3.65 and up, combined with passwd << 1:4.0.3-37 do not support non-shadow systems. adduser 3.67.0 will force a reasonably recent passwd version to make this clear. For older adduser versions, people will have package installations fail, but will hopefully find this bug report in the BTS. Unfortunately, shadow upstream decided to change chage''s "no shadow passwords" return code from 3 to 15. The adduser maintaines tried to avoid this by coordinating with the shadow people, but they decided to change the return code again nevertheless. A later version of adduser will thus depend on passwd >= 1:4.0.12 to synchronize the chage return code with is ignored with passwd. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Debian Bug Tracking System
2005-Sep-08 17:22 UTC
[Adduser-devel] Processed: Re: Bug#327144: adduser: calls chage even when shadow passwords aren''t being used
Processing commands for control@bugs.debian.org:> tags #327144 confirmedBug#327144: adduser: calls chage even when shadow passwords aren''t being used There were no tags set. Tags added: confirmed> retitle #327144 shadow >= 1:4.0.3-37 needed for systems without shadow passwordsBug#327144: adduser: calls chage even when shadow passwords aren''t being used Changed Bug title.> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2005-Sep-08 17:45 UTC
[Adduser-devel] Bug#327144: marked as done (shadow >= 1:4.0.3-37 needed for systems without shadow passwords)
Your message dated Thu, 08 Sep 2005 10:17:03 -0700 with message-id <E1EDQ1H-000713-00@spohr.debian.org> and subject line Bug#327144: fixed in adduser 3.67.0 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 7 Sep 2005 22:46:22 +0000>From liw@iki.fi Wed Sep 07 15:46:22 2005Return-path: <liw@iki.fi> Received: from ip212-226-168-228.adsl.kpnqwest.fi (esme.liw.iki.fi) [212.226.168.228] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1ED8gP-00010M-00; Wed, 07 Sep 2005 15:46:21 -0700 Received: by esme.liw.iki.fi (Postfix, from userid 1000) id A284A75C2AE; Thu, 8 Sep 2005 01:45:39 +0300 (EEST) Subject: adduser: calls chage even when shadow passwords aren''t being used From: Lars Wirzenius <liw@iki.fi> To: submit@bugs.debian.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Thu, 08 Sep 2005 01:45:39 +0300 Message-Id: <1126133139.7236.43.camel@esme.liw.iki.fi> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 Delivered-To: submit@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: adduser Version: 3.67 adduser calls (as far as I can determine, not knowing perl) chage for new system accounts unconditionally. chage fails when shadow passwords are not being used. This causes some packages to fail to install (at least under piuparts in a chroot). Would it make sense to only call chage when /etc/shadow exists or possibly only if the newly created account is in /etc/shadow? (Alternatively, if shadowless configurations are to be unsupported, that is fine by me, I''ll fix piuparts to make such chroots.) --------------------------------------- Received: (at 327144-close) by bugs.debian.org; 8 Sep 2005 17:20:35 +0000>From katie@spohr.debian.org Thu Sep 08 10:20:35 2005Return-path: <katie@spohr.debian.org> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EDQ1H-000713-00; Thu, 08 Sep 2005 10:17:03 -0700 From: Marc Haber <mh+debian-packages@zugschlus.de> To: 327144-close@bugs.debian.org X-Katie: $Revision: 1.56 $ Subject: Bug#327144: fixed in adduser 3.67.0 Message-Id: <E1EDQ1H-000713-00@spohr.debian.org> Sender: Archive Administrator <katie@spohr.debian.org> Date: Thu, 08 Sep 2005 10:17:03 -0700 Delivered-To: 327144-close@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: adduser Source-Version: 3.67.0 We believe that the bug you reported is fixed in the latest version of adduser, which is due to be installed in the Debian FTP archive: adduser_3.67.0.dsc to pool/main/a/adduser/adduser_3.67.0.dsc adduser_3.67.0.tar.gz to pool/main/a/adduser/adduser_3.67.0.tar.gz adduser_3.67.0_all.deb to pool/main/a/adduser/adduser_3.67.0_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 327144@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marc Haber <mh+debian-packages@zugschlus.de> (supplier of updated adduser package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 8 Sep 2005 16:51:54 +0000 Source: adduser Binary: adduser Architecture: source all Version: 3.67.0 Distribution: unstable Urgency: low Maintainer: Debian Adduser Developers <adduser-devel@lists.alioth.debian.org> Changed-By: Marc Haber <mh+debian-packages@zugschlus.de> Description: adduser - Add and remove users and groups Closes: 327144 Changes: adduser (3.67.0) unstable; urgency=low . * the "please no more bugs from users of shadowless systems" release. (mh) Closes: #327144 * temporary branch * tighten dependencies to only allow installation with a passwd package whose chage returns 3 on "shadow password not enabled". * shadowless setups do only work with adduser older than 3.64, or with shadow younger than 1:4.0.3-37. Files: 38ff5696c83065344feeb5368448ba79 647 base important adduser_3.67.0.dsc 6703b16cdd7e16051cf2a256f518f03e 125327 base important adduser_3.67.0.tar.gz 6ce5fde2fc15485caa94c0a99b2717fb 110050 base important adduser_3.67.0_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkMgcBAACgkQgZalRGu6PISBmgCfcgPDy/wr54DsmaLLuhqb1S3I 92wAn0xTEE6LZgs2d4uPptbfV09D6rMe =yCuJ -----END PGP SIGNATURE-----
Debian Bug Tracking System
2006-Dec-16 15:38 UTC
[Adduser-devel] Bug#327144: marked as done (shadow >= 1:4.0.3-37 needed for systems without shadow passwords)
Your message dated Sat, 16 Dec 2006 15:29:27 +0100 with message-id <20061216142927.GA22096@nechayev.zugschlus.de> and subject line Bug#327144: fixed in adduser 3.67.0 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------- next part -------------- An embedded message was scrubbed... From: Lars Wirzenius <liw@iki.fi> Subject: adduser: calls chage even when shadow passwords aren''t being used Date: Thu, 08 Sep 2005 01:45:39 +0300 Size: 1600 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/9f1d3d8e/attachment-0002.mht -------------- next part -------------- An embedded message was scrubbed... From: Marc Haber <mh+debian-packages@zugschlus.de> Subject: Re: Bug#327144: fixed in adduser 3.67.0 Date: Sat, 16 Dec 2006 15:29:27 +0100 Size: 2080 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/9f1d3d8e/attachment-0003.mht
Debian Bug Tracking System
2006-Dec-16 15:39 UTC
[Adduser-devel] Bug#327144: marked as done (shadow >= 1:4.0.3-37 needed for systems without shadow passwords)
Your message dated Sat, 16 Dec 2006 15:27:53 +0100 with message-id <20061216142753.GA22047@nechayev.zugschlus.de> and subject line Re: postfix: Can''t install if /etc/shadow does not exist has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------- next part -------------- An embedded message was scrubbed... From: Lars Wirzenius <liw@iki.fi> Subject: adduser: calls chage even when shadow passwords aren''t being used Date: Thu, 08 Sep 2005 01:45:39 +0300 Size: 1600 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/bc0cc09a/attachment.mht -------------- next part -------------- An embedded message was scrubbed... From: Marc Haber <mh+debian-packages@zugschlus.de> Subject: Re: Re: postfix: Can''t install if /etc/shadow does not exist Date: Sat, 16 Dec 2006 15:27:53 +0100 Size: 1938 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/bc0cc09a/attachment-0001.mht
Debian Bug Tracking System
2006-Dec-16 15:40 UTC
[Adduser-devel] Bug#327144: marked as done (shadow >= 1:4.0.3-37 needed for systems without shadow passwords)
Your message dated Sat, 16 Dec 2006 15:26:26 +0100 with message-id <20061216142626.GA22003@nechayev.zugschlus.de> and subject line Bug#330743: Re: Bug#330743: cups-pdf: No longer installable when not using shadow passwords. has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------- next part -------------- An embedded message was scrubbed... From: Lars Wirzenius <liw@iki.fi> Subject: adduser: calls chage even when shadow passwords aren''t being used Date: Thu, 08 Sep 2005 01:45:39 +0300 Size: 1600 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/b18ba2bb/attachment.mht -------------- next part -------------- An embedded message was scrubbed... From: Marc Haber <mh+debian-packages@zugschlus.de> Subject: Re: Bug#330743: Re: Bug#330743: cups-pdf: No longer installable when not using shadow passwords. Date: Sat, 16 Dec 2006 15:26:26 +0100 Size: 1878 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/b18ba2bb/attachment-0001.mht