Ubuntu
gnome-system-tools package

users-admin removes from groups users not in /etc/passwd (ADS, LDAP)

Bug #164475 reported by renbag
8
Affects Status Importance Assigned to Milestone
GST
Fix Released
Medium
gnome-system-tools (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: gnome-system-tools

I've set up several machines running Ubuntu 7.04 and 7.10 which are integrated in an Active Directory Network (ADS) controlled by a Windows Server. I did this using samba and winbind, and now these machines can be used with local and domain accounts (domain accounts are not listed in /etc/passwd but are managed by winbind).
To allow some domain users to gain administrative privileges I added them manually to the admin group with 'adduser'. After that, if you use System -> Administration -> Users and Groups to add a new user or delete an existing one, all the domain users (not local users) which were granted admin rights will lose their privileges. This happens because they are deleted from the admin group in /etc/group.
The problem does not occur when using the command line utility (adduser).

This bug was originally reported in https://bugs.launchpad.net/ubuntu/+source/gnome-system-tools/+bug/26338
(comment 57) and is related also to this upstream bug: http://bugzilla.gnome.org/show_bug.cgi?id=489187
It may be considered as a second test case, as described in these bugs.

Revision history for this message
Basilio Kublik (sourcercito) wrote :

Hi Renzo
Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering is this still an issue for you?, could you please try under the development version Hardy Heron?

Thanks in advance.

Changed in gnome-system-tools:
assignee: nobody → sourcercito
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
renbag (renbag) wrote :

I have reproduced the bug today in hardy, after a dist-upgrade to current packages.
Adding a new local user deletes the privileges granted to a domain user by the command line utility.
The difference in hardy is that when you try to delete the newly created user, it is not really removed from /etc/passwd and /etc/group.
This seems to me as a new bug in gnome-system-tools...

The integration in active directory was made following the documentation reported at:
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

I did not try, until now, what happens if the ADS integration is made using the new 'likewise-open' package.

Revision history for this message
Antje H. (anthe1) wrote :

This is also a problem with LDAP-users. I have to add some of my LDAP-users to local groups (using an editor), to grant them access to local devices (usb, audio) - and every time I use the users-admin they are deleted.

It seams, the users-admin is deleting all not-local users from /etc/group.

Revision history for this message
Martin Mai (mrkanister-deactivatedaccount-deactivatedaccount) wrote :

We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.

Revision history for this message
Antje H. (anthe1) wrote :

At an old 7.04 machine I have the old problem and a new. The new created user (with users-admin) doesn't appear in /etc/passwd and not all groups are displayed.

At some newer installations (8.04 LTS, Server) it's not better:
---- snip ----
ah@scarlatti:~$ sudo users-admin &
[2] 26300
ah@scarlatti:~$
** (users-admin:26300): CRITICAL **: Unable to lookup session information for process '26300'
---------------
The window opens, but there are no informations and all buttons are grey.

But it's better this way - nobody can use the users-admin.

Revision history for this message
Martin Mai (mrkanister-deactivatedaccount-deactivatedaccount) wrote :

Hm...same problem with Intrepid. I think the problem is that users-admin uses policykit (doesn't it?) because when you type "users-admin" instead of "sudo users-admin" it works.

Revision history for this message
James Jones (jamesjones01) wrote :

I can confirm that the problem Antje H. describes is still present in Karmic Koala.

Revision history for this message
Milan Bouchet-Valat (nalimilan) wrote :

I think I understand the issue, which is not related to upstream bug 489187 (cited in description) now, since it's been fixed properly. The problem may come from liboobs that removes users it doesn't know about (see new upstream report).

I can hardly see how using PolicyKit instead of 'sudo users-admin' would change anything. James, con you confirm you're starting users-admin the right way, i.e. from the menus or with 'users-admin'?

Changed in gnome-system-tools (Ubuntu):
assignee: Basilio Kublik (sourcercito) → nobody
importance: Low → Medium
status: Incomplete → Triaged
summary: - users-admin deletes privileges granted to ADS domain users with the
- command line utility (adduser)
+ users-admin removes from groups users not in /etc/passwd (ADS, LDAP)
Bug Watch Updater (bug-watch-updater)
Changed in gst:
importance: Unknown → Medium
status: Unknown → Fix Released
Revision history for this message
JC Hulce (soaringsky) wrote :

The upstream fixed version has landed in Ubuntu.

Changed in gnome-system-tools (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.