Adduser devel - Sep 2005 - Bug#327144: adduser: calls chage even when shadow passwords aren''t being used

Package: adduser
Version: 3.67

adduser calls (as far as I can determine, not knowing perl) chage for
new system accounts unconditionally. chage fails when shadow passwords
are not being used. This causes some packages to fail to install (at
least under piuparts in a chroot).

Would it make sense to only call chage when /etc/shadow exists or
possibly only if the newly created account is in /etc/shadow?
(Alternatively, if shadowless configurations are to be unsupported, that
is fine by me, I''ll fix piuparts to make such chroots.)

On Thu, Sep 08, 2005 at 01:45:39AM +0300, Lars Wirzenius
wrote:
> adduser calls (as far as I can determine, not knowing perl) chage for
> new system accounts unconditionally. chage fails when shadow passwords
> are not being used. This causes some packages to fail to install (at
> least under piuparts in a chroot).
passwd upstream has again changed the error code that adduser tries to
catch in that case.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

On Thu, Sep 08, 2005 at 01:45:39AM +0300, Lars Wirzenius
wrote:
> adduser calls (as far as I can determine, not knowing perl) chage for
> new system accounts unconditionally. chage fails when shadow passwords
> are not being used.
Actually, it shouldn''t, starting with version 3.65:
  * do not abort if chage returns exit code 3. This is an indication
    that password aging cannot be set due to shadow not being enabled.
    Closes: #316089, #317944.

The only chage call, in line 397, has its return code handled in this
way.

However, the experimental version of shadow returns a different error
code on chage failure due to shadow not enabled, and adduser is not
yet adapted. Which version of shadow do you have installed?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

to, 2005-09-08 kello 07:24 +0200, Marc Haber kirjoitti:
> However, the experimental version of shadow returns a different error
> code on chage failure due to shadow not enabled, and adduser is not
> yet adapted. Which version of shadow do you have installed?
The version in etch, 3.67 (same version in unstable, according to
packages.qa.debian.org). The following is the error messages I get,
I''ve
attached the entire piuparts log file (the log is for bcron-run, which
tries to use adduser).

  chage: can''t open shadow password fileadduser: `/usr/bin/chage -M
99999 cron''
returned error code 1.  Aborting.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: bcron-run.log
Type: text/x-log
Size: 17185 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20050908/6cd00ca4/bcron-run-0001.bin

On Thu, Sep 08, 2005 at 12:57:04PM +0300, Lars Wirzenius
wrote:
> to, 2005-09-08 kello 07:24 +0200, Marc Haber kirjoitti:
> > However, the experimental version of shadow returns a different error
> > code on chage failure due to shadow not enabled, and adduser is not
> > yet adapted. Which version of shadow do you have installed?
> 
> The version in etch, 3.67 (same version in unstable, according to
> packages.qa.debian.org). The following is the error messages I get,
I''ve
> attached the entire piuparts log file (the log is for bcron-run, which
> tries to use adduser).
> 
>   chage: can''t open shadow password fileadduser: `/usr/bin/chage
-M
> 99999 cron''
> returned error code 1.  Aborting.
Obviously, shadow in etch does not return a special error code, and
decided that it is better to fail for non-shadow setups instead of
ignoring all errors which would have been the alternative here.

This issue is going to be around until the experimental shadow has
migrated to etch and an adapted adduser has been uploaded.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

tags #327144 confirmed
retitle #327144 shadow >= 1:4.0.3-37 needed for systems without shadow
passwords
thanks

adduser 3.64 introduced code which uses chage to override forced
password changes for system accounts (see #298883).

This code unfortunately fails on systems that don''t have shadow
passwords enabled since on non-shadow system no password aging is
possible.

To avoid having to ignore _all_ errors returned by chage, shadow
1:4.0.3-37 up to 1:4.0.11.1-1 had chage return 3 on non-shadow
systems. adduser 3.65 ignores return code 3 from chage, emitting a
warning only.

adduser 3.65 and up, combined with passwd << 1:4.0.3-37 do not support
non-shadow systems.

adduser 3.67.0 will force a reasonably recent passwd version to make
this clear. For older adduser versions, people will have package
installations fail, but will hopefully find this bug report in the BTS.

Unfortunately, shadow upstream decided to change chage''s "no
shadow
passwords" return code from 3 to 15. The adduser maintaines tried to
avoid this by coordinating with the shadow people, but they decided to
change the return code again nevertheless.

A later version of adduser will thus depend on passwd >= 1:4.0.12 to
synchronize the chage return code with is ignored with passwd.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Processing commands for control@bugs.debian.org:
> tags #327144 confirmed
Bug#327144: adduser: calls chage even when shadow passwords aren''t
being used
There were no tags set.
Tags added: confirmed
> retitle #327144 shadow >= 1:4.0.3-37 needed for systems without shadow
passwords
Bug#327144: adduser: calls chage even when shadow passwords aren''t
being used
Changed Bug title.
> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Your message dated Thu, 08 Sep 2005 10:17:03 -0700
with message-id <E1EDQ1H-000713-00@spohr.debian.org>
and subject line Bug#327144: fixed in adduser 3.67.0
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Sep 2005 22:46:22
+0000
>From liw@iki.fi Wed Sep 07 15:46:22 2005
Return-path: <liw@iki.fi>
Received: from ip212-226-168-228.adsl.kpnqwest.fi (esme.liw.iki.fi)
[212.226.168.228]
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1ED8gP-00010M-00; Wed, 07 Sep 2005 15:46:21 -0700
Received: by esme.liw.iki.fi (Postfix, from userid 1000)
	id A284A75C2AE; Thu,  8 Sep 2005 01:45:39 +0300 (EEST)
Subject: adduser: calls chage even when shadow passwords aren''t being
used
From: Lars Wirzenius <liw@iki.fi>
To: submit@bugs.debian.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: Thu, 08 Sep 2005 01:45:39 +0300
Message-Id: <1126133139.7236.43.camel@esme.liw.iki.fi>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.2 
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: adduser
Version: 3.67

adduser calls (as far as I can determine, not knowing perl) chage for
new system accounts unconditionally. chage fails when shadow passwords
are not being used. This causes some packages to fail to install (at
least under piuparts in a chroot).

Would it make sense to only call chage when /etc/shadow exists or
possibly only if the newly created account is in /etc/shadow?
(Alternatively, if shadowless configurations are to be unsupported, that
is fine by me, I''ll fix piuparts to make such chroots.)


---------------------------------------
Received: (at 327144-close) by bugs.debian.org; 8 Sep 2005 17:20:35
+0000
>From katie@spohr.debian.org Thu Sep 08 10:20:35 2005
Return-path: <katie@spohr.debian.org>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
	id 1EDQ1H-000713-00; Thu, 08 Sep 2005 10:17:03 -0700
From: Marc Haber <mh+debian-packages@zugschlus.de>
To: 327144-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#327144: fixed in adduser 3.67.0
Message-Id: <E1EDQ1H-000713-00@spohr.debian.org>
Sender: Archive Administrator <katie@spohr.debian.org>
Date: Thu, 08 Sep 2005 10:17:03 -0700
Delivered-To: 327144-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: adduser
Source-Version: 3.67.0

We believe that the bug you reported is fixed in the latest version of
adduser, which is due to be installed in the Debian FTP archive:

adduser_3.67.0.dsc
  to pool/main/a/adduser/adduser_3.67.0.dsc
adduser_3.67.0.tar.gz
  to pool/main/a/adduser/adduser_3.67.0.tar.gz
adduser_3.67.0_all.deb
  to pool/main/a/adduser/adduser_3.67.0_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 327144@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber <mh+debian-packages@zugschlus.de> (supplier of updated adduser
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  8 Sep 2005 16:51:54 +0000
Source: adduser
Binary: adduser
Architecture: source all
Version: 3.67.0
Distribution: unstable
Urgency: low
Maintainer: Debian Adduser Developers
<adduser-devel@lists.alioth.debian.org>
Changed-By: Marc Haber <mh+debian-packages@zugschlus.de>
Description: 
 adduser    - Add and remove users and groups
Closes: 327144
Changes: 
 adduser (3.67.0) unstable; urgency=low
 .
   * the "please no more bugs from users of shadowless systems"
     release. (mh) Closes: #327144
   * temporary branch
   * tighten dependencies to only allow installation with a passwd
     package whose chage returns 3 on "shadow password not enabled".
   * shadowless setups do only work with adduser older than 3.64, or
     with shadow younger than 1:4.0.3-37.
Files: 
 38ff5696c83065344feeb5368448ba79 647 base important adduser_3.67.0.dsc
 6703b16cdd7e16051cf2a256f518f03e 125327 base important adduser_3.67.0.tar.gz
 6ce5fde2fc15485caa94c0a99b2717fb 110050 base important adduser_3.67.0_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iEYEARECAAYFAkMgcBAACgkQgZalRGu6PISBmgCfcgPDy/wr54DsmaLLuhqb1S3I
92wAn0xTEE6LZgs2d4uPptbfV09D6rMe
=yCuJ
-----END PGP SIGNATURE-----

Your message dated Sat, 16 Dec 2006 15:29:27 +0100
with message-id <20061216142927.GA22096@nechayev.zugschlus.de>
and subject line Bug#327144: fixed in adduser 3.67.0
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

-------------- next part --------------
An embedded message was scrubbed...
From: Lars Wirzenius <liw@iki.fi>
Subject: adduser: calls chage even when shadow passwords aren''t being
used
Date: Thu, 08 Sep 2005 01:45:39 +0300
Size: 1600
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/9f1d3d8e/attachment-0002.mht
-------------- next part --------------
An embedded message was scrubbed...
From: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#327144: fixed in adduser 3.67.0
Date: Sat, 16 Dec 2006 15:29:27 +0100
Size: 2080
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/9f1d3d8e/attachment-0003.mht

Your message dated Sat, 16 Dec 2006 15:27:53 +0100
with message-id <20061216142753.GA22047@nechayev.zugschlus.de>
and subject line Re: postfix: Can''t install if /etc/shadow does not
exist
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

-------------- next part --------------
An embedded message was scrubbed...
From: Lars Wirzenius <liw@iki.fi>
Subject: adduser: calls chage even when shadow passwords aren''t being
used
Date: Thu, 08 Sep 2005 01:45:39 +0300
Size: 1600
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/bc0cc09a/attachment.mht
-------------- next part --------------
An embedded message was scrubbed...
From: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Re: postfix: Can''t install if /etc/shadow does not exist
Date: Sat, 16 Dec 2006 15:27:53 +0100
Size: 1938
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/bc0cc09a/attachment-0001.mht

Your message dated Sat, 16 Dec 2006 15:26:26 +0100
with message-id <20061216142626.GA22003@nechayev.zugschlus.de>
and subject line Bug#330743: Re: Bug#330743: cups-pdf: No longer installable
when not using shadow passwords.
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

-------------- next part --------------
An embedded message was scrubbed...
From: Lars Wirzenius <liw@iki.fi>
Subject: adduser: calls chage even when shadow passwords aren''t being
used
Date: Thu, 08 Sep 2005 01:45:39 +0300
Size: 1600
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/b18ba2bb/attachment.mht
-------------- next part --------------
An embedded message was scrubbed...
From: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#330743: Re: Bug#330743: cups-pdf: No longer installable when
	not using shadow passwords.
Date: Sat, 16 Dec 2006 15:26:26 +0100
Size: 1878
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20061216/b18ba2bb/attachment-0001.mht