Adduser devel - Oct 2005 - Bug#150186: adduser, deluser screw up /etc/passwd NIS "+::::::" entry

On Wed, Mar 24, 2004 at 11:39:05AM +0100, Marc Haber
wrote:
> adduser uses useradd from the passwd package to do the real work.
> Please verify if the behavior can be reproduced when directly calling
> the low level tool, and reassign to passwd in this case.
No reply has been received to this question.

This bug will be closed on 2005-12-31 if no answer is delivered by then.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Marc Haber wrote:
> On Wed, Mar 24, 2004 at 11:39:05AM +0100, Marc Haber wrote:
> 
>>adduser uses useradd from the passwd package to do the real work.
>>Please verify if the behavior can be reproduced when directly calling
>>the low level tool, and reassign to passwd in this case.
My apologies for taking so long to reply.

First, for reference, I''ve upgraded my cluster to sarge, so the version
of adduser is now 3.63, and that of passwd is 4.0.3-31sarge5.

As far as I can tell, the problem does appear to be with adduser, not
useradd.  Useradd called by itself does not fuss with the NIS line in
/etc/passwd.  Please see the command session below (this was run on the
NIS master):

maia[42]:~# tail -n 3 /etc/passwd
Debian-exim:x:107:107::/var/spool/exim4:/bin/false
privoxy:x:103:65534::/etc/privoxy:/bin/false
+::::::
maia[43]:~# useradd testuser
maia[44]:~# tail -n 3 /etc/passwd
privoxy:x:103:65534::/etc/privoxy:/bin/false
testuser:x:1501:100::/home/testuser:
+::::::
maia[45]:~# adduser test2
Adding user `test2''...
make: Entering directory `/var/yp''
make[1]: Entering directory `/var/yp/analysis.borex''
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating netid.byname...
Updating shadow.byname...
make[1]: Leaving directory `/var/yp/analysis.borex''
make: Leaving directory `/var/yp''
Adding new group `test2'' (1019).
make: Entering directory `/var/yp''
make[1]: Entering directory `/var/yp/analysis.borex''
Updating netid.byname...
make[1]: Leaving directory `/var/yp/analysis.borex''
make: Leaving directory `/var/yp''
Adding new user `test2'' (1019) with group `test2''.
make: Entering directory `/var/yp''
make[1]: Entering directory `/var/yp/analysis.borex''
Updating netid.byname...
make[1]: Leaving directory `/var/yp/analysis.borex''
make: Leaving directory `/var/yp''
Creating home directory `/home/test2''.
Copying files from `/etc/skel''
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for test2
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [y/N] y
make: Entering directory `/var/yp''
make[1]: Entering directory `/var/yp/analysis.borex''
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
Updating shadow.byname...
make[1]: Leaving directory `/var/yp/analysis.borex''
make: Leaving directory `/var/yp''
maia[46]:~# tail -n 3 /etc/passwd
testuser:x:1501:100::/home/testuser:
test2:x:1019:1019:,,,:/home/test2:/bin/bash
+::0:0:::


I attach the contents of my /etc/adduser.conf and
/usr/local/sbin/adduser.local.

Please let me know if you need further information (NIS config files,
etc.) and I will be better about replying quickly.

regards,

-- 
Kevin B. McCarty <kmccarty@princeton.edu>   Physics Department
WWW: http://www.princeton.edu/~kmccarty/    Princeton University
GPG: public key ID 4F83C751                 Princeton, NJ 08544
-------------- next part --------------

# /etc/adduser.conf: `adduser'' configuration.
# See adduser(8) and adduser.conf(5) for full documentation.

# The DSHELL variable specifies the default login shell on your
# system.
DSHELL=/bin/bash

# The DHOME variable specifies the directory containing users'' home
# directories.
DHOME=/home

# If GROUPHOMES is "yes", then the home directories will be created as
# /home/groupname/user.
GROUPHOMES=no

# If LETTERHOMES is "yes", then the created home directories will have
# an extra directory - the first letter of the user name. For example:
# /home/u/user.
LETTERHOMES=no

# The SKEL variable specifies the directory containing "skeletal" user
# files; in other words, files such as a sample .profile that will be
# copied to the new user''s home directory when it is created.
SKEL=/etc/skel

# FIRST_SYSTEM_UID to LAST_SYSTEM_UID inclusive is the range for UIDs
# for dynamically allocated administrative and system accounts.
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999

# FIRST_UID to LAST_UID inclusive is the range of UIDs of dynamically
# allocated user accounts.
FIRST_UID=1000
LAST_UID=29999

# The USERGROUPS variable can be either "yes" or "no".  If
"yes" each
# created user will be given their own group to use as a default, and
# their home directories will be g+s.  If "no", each created user will
# be placed in the group whose gid is USERS_GID (see below).
USERGROUPS=yes

# If USERGROUPS is "no", then USERS_GID should be the GID of the group
# `users'' (or the equivalent group) on your system.
USERS_GID=100

# If QUOTAUSER is set, a default quota will be set from that user with
# `edquota -p QUOTAUSER newuser''
QUOTAUSER=""

# If DIR_MODE is set, directories will be created with the specified
# mode. Otherwise the default mode 0755 will be used.
DIR_MODE=0755

# If SETGID_HOME is "yes" home directories for users with their own
# group the setgid bit will be set. This was the default for
# versions << 3.13 of adduser. Because it has some bad side effects we
# no longer do this per default. If you want it nevertheless you can
# still set it here.
SETGID_HOME=no
-------------- next part --------------
#!/bin/sh
# This script is called by adduser after it finishes setting up.
# Two corrections that must be made:

# 1) Change +::0:0::: back to +:::::: in /etc/passwd
# 2) Update NIS info

PATH=/usr/bin:/bin

# Commented out the next three lines to test whether bug #150186 still happens:
#umask 022
#sed -e ''s,+::0:0:,+::::,g'' /etc/passwd > /etc/passwd.tmp
#mv /etc/passwd.tmp /etc/passwd

# since we''ve changed password files, need to update NIS again
# I''ve tried commenting the following line out, but it makes no
difference
# to bug #150186; also, of course, commenting it out means that the exported
# NIS data isn''t updated properly.
make -C /var/yp

On Thu, Nov 17, 2005 at 08:47:03AM -0500, Kevin B. McCarty
wrote:
> maia[45]:~# adduser test2
Please retry with the --debug flag, so that we can see the exact
command lines passed to the low-level tools. Then please re-try
issueing these command lines manually and see whether the /etc/passwd
file gets mangled as well.
> Please let me know if you need further information (NIS config files,
> etc.) and I will be better about replying quickly.
I am sorry, I neither have time, nor resources to build a NIS test
bed, but I still don''t think that adduser is a fault.

$ grep ''/etc'' /usr/sbin/adduser /usr/sbin/deluser
/usr/share/perl5/Debian/AdduserCommon.pm
/usr/sbin/adduser:#      --conf FILE      use FILE instead of /etc/adduser.conf
/usr/sbin/adduser:$defaults = "/etc/adduser.conf";
/usr/sbin/adduser:$config{"skel"} = "/etc/skel";
/usr/sbin/deluser:#     --home <dir>            remove home only if
/etc/passwd home dir
/usr/sbin/deluser:#     --conf | -c FILE  use FILE instead of /etc/deluser.conf
/usr/sbin/deluser:$defaults = "/etc/deluser.conf";
/usr/sbin/deluser:$config{"skel"} = "/etc/skel";
/usr/sbin/deluser:$config{"no_del_paths"} = "^/$ ^/lost+found/.*
^/media/.* ^/mnt/.* ^/etc/.* ^/bin/.* ^/boot/.* ^/dev/.* ^/lib/.* ^/proc/.*
^/root/.* ^/sbin/.* ^/tmp/.* ^/sys/.* ^/srv/.* ^/opt/.* ^/initrd/.* ^/usr/.*
^/var/.*";
/usr/sbin/deluser:read_config("/etc/adduser.conf");
/usr/sbin/deluser:    if(system("grep", "-q",
"^.*:.*:.*:$gr_gid:.*:.*:.*\$", "/etc/passwd") == 0) {
/usr/sbin/deluser:  --home <dir>              remove home only if
/etc/passwd home dir
/usr/share/perl5/Debian/AdduserCommon.pm:    if(-f "/etc/default/nis")
{
/usr/share/perl5/Debian/AdduserCommon.pm:        $nisconfig =
"/etc/default/nis";
/usr/share/perl5/Debian/AdduserCommon.pm:    } elsif(-f
"/etc/init.d/nis") {
/usr/share/perl5/Debian/AdduserCommon.pm:        $nisconfig =
"/etc/init.d/nis";

If I''m not mistaken, there is no code going to do write access on
/etc/passwd.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Processing commands for control@bugs.debian.org:
> reassign 150186 passwd 1:4.0.3-31sarge5
Bug#150186: adduser,deluser screw up /etc/passwd NIS "+::::::" entry
Bug reassigned from package `adduser'' to `passwd''.
> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

reassign 150186 passwd 1:4.0.3-31sarge5
thanks

Marc Haber wrote:
> On Thu, Nov 17, 2005 at 08:47:03AM -0500, Kevin B. McCarty wrote:
> 
>>maia[45]:~# adduser test2
> 
> 
> Please retry with the --debug flag, so that we can see the exact
> command lines passed to the low-level tools. Then please re-try
> issueing these command lines manually and see whether the /etc/passwd
> file gets mangled as well.
Thank you, with the --debug flag I''ve been able to find the problem.

adduser at some point calls "/usr/bin/passwd <newuser>" and it
is that
which messes up the NIS line in /etc/passwd.  I have no idea why it is
changing anything in /etc/passwd other than the line for the requested
user.  The useradd and chfn programs, on the other hand, seem blameless.

Demonstration (after already adding a test user "foo"):

maia[28]:~# tail -n 3 /etc/passwd
privoxy:x:103:65534::/etc/privoxy:/bin/false
foo:x:1501:100:,,,:/home/foo:/bin/false
+::::::
maia[29]:~# /usr/bin/passwd foo
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
maia[30]:~# tail -n 3 /etc/passwd
privoxy:x:103:65534::/etc/privoxy:/bin/false
foo:x:1501:100:,,,:/home/foo:/bin/false
+::0:0:::

Reassigning to passwd (the version in Sarge) as you requested.

regards,

-- 
Kevin B. McCarty <kmccarty@princeton.edu>   Physics Department
WWW: http://www.princeton.edu/~kmccarty/    Princeton University
GPG: public key ID 4F83C751                 Princeton, NJ 08544