lock passwd implemented wrong on FreeBSD
Bug #1854594 reported by
Mina Galić
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Medium
|
Mina Galić |
Bug Description
(changing bug description after triage)
on FreeBSD, lock_passwd is implemented as `pw usermod <user> -h -`
This does not lock the account. It prompts for a password change on the console during cloud-init run.
To lock an account, we have to execute: `pw lock <name>`.
tags: | added: freebsd |
description: | updated |
Changed in cloud-init: | |
status: | New → Triaged |
importance: | Undecided → Medium |
summary: |
- lock passwd doesn't work on non-GNU passwd + lock passwd implemented wrong on FreeBSD |
description: | updated |
Changed in cloud-init: | |
status: | Incomplete → Invalid |
To post a comment you must log in.
i think i misinterpreted the failure here…
I got a password prompt for root, and assumed it came from a `passwd -l root` call, but the same could be easily true of the equally wrong implementation we have here:
def lock_passwd(self, name):
util. subp([' pw', 'usermod', name, '-h', '-'])
util. logexc( LOG, "Failed to lock user %s", name)
try:
except Exception as e:
raise e
this means, modify this user, read input from the FD supplied after -h, in this case, stdin.