Ubuntu
user-setup package

user-setup-apply breaks if home directory already exists and encrypted-home selected (?)

Bug #321345 reported by Jessie Morris
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
user-setup (Ubuntu)
Fix Released
Medium
Colin Watson
Jaunty
Fix Released
Medium
Colin Watson

Bug Description

I recently did a fresh install of Jaunty from the alternate AMD64 CD. I booted up and found I couldn't update, etc. I tried to run "su" to log in as root and couldn't figure out the password. So, I rebooted into recovery mode and added myself to the sudoers file. Then, all was fine and dandy.

Revision history for this message
Colin Watson (cjwatson) wrote :

That's very odd. Please attach /var/log/installer/syslog so that I can see if any errors were logged during installation.

Changed in debian-installer:
status: New → Incomplete
Revision history for this message
Jessie Morris (jessieamorris) wrote :

I looked through it and saw a couple of buffer errors, and a couple of "fatal errors" from modules not getting loaded correctly, I believe. And I never knew that log was there. Good to know. :)

Revision history for this message
Jessie Morris (jessieamorris) wrote :
Download full text (470.3 KiB)

Jan 25 22:56:34 syslogd started: BusyBox v1.10.2
Jan 25 22:56:34 kernel: klogd started: BusyBox v1.10.2 (Ubuntu 1:1.10.2-2ubuntu1)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS EBDA/lowmem at: 0009dc00/0009dc00
Jan 25 22:56:34 kernel: [ 0.000000] Initializing cgroup subsys cpuset
Jan 25 22:56:34 kernel: [ 0.000000] Initializing cgroup subsys cpu
Jan 25 22:56:34 kernel: [ 0.000000] Linux version 2.6.28-4-generic (buildd@crested) (gcc version 4.3.3 20081217 (prerelease) (Ubuntu 4.3.2-2ubuntu9) ) #9-Ubuntu SMP Tue Jan 6 19:33:48 UTC 2009 (Ubuntu 2.6.28-4.9-generic)
Jan 25 22:56:34 kernel: [ 0.000000] Command line: BOOT_IMAGE=/install/vmlinuz file=/cdrom/preseed/kubuntu.seed initrd=/install/initrd.gz quiet --
Jan 25 22:56:34 kernel: [ 0.000000] KERNEL supported cpus:
Jan 25 22:56:34 kernel: [ 0.000000] Intel GenuineIntel
Jan 25 22:56:34 kernel: [ 0.000000] AMD AuthenticAMD
Jan 25 22:56:34 kernel: [ 0.000000] Centaur CentaurHauls
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-provided physical RAM map:
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 0000000000000000 - 000000000009dc00 (usable)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 000000000009dc00 - 00000000000a0000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 00000000000d2000 - 0000000000100000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 0000000000100000 - 0000000077f10000 (usable)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 0000000077f10000 - 0000000077f18000 (ACPI data)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 0000000077f18000 - 0000000077f80000 (ACPI NVS)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 0000000077f80000 - 0000000080000000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] BIOS-e820: 00000000fff80000 - 0000000100000000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] DMI present.
Jan 25 22:56:34 kernel: [ 0.000000] Phoenix BIOS detected: BIOS may corrupt low RAM, working it around.
Jan 25 22:56:34 kernel: [ 0.000000] last_pfn = 0x77f10 max_arch_pfn = 0x3ffffffff
Jan 25 22:56:34 kernel: [ 0.000000] Scanning 0 areas for low memory corruption
Jan 25 22:56:34 kernel: [ 0.000000] modified physical RAM map:
Jan 25 22:56:34 kernel: [ 0.000000] modified: 0000000000000000 - 0000000000010000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] modified: 0000000000010000 - 000000000009dc00 (usable)
Jan 25 22:56:34 kernel: [ 0.000000] modified: 000000000009dc00 - 00000000000a0000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] modified: 00000000000d2000 - 0000000000100000 (reserved)
Jan 25 22:56:34 kernel: [ 0.000000] modified: 0000000000100000 - 0000000077f10000 (usable)
Jan 25 22:56:34 kernel: [ 0.000000] modified: 0000000077f10000 - 0000000077f18000 (ACPI data)
Jan 25 22:56:34 kernel: [ 0.000000] modified: 0000000077f18000 - 0000000077f80000 (ACPI NVS)
Jan 25 22:56:34 ker...

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Hi Jessie-

I'm trying to debug this from an ecryptfs standpoint, in case the bug might be there.

Can you confirm whether or not you selected the option for encrypting your home directory?

Also, can you clarify if you used pre-seeding for this installation or not?

:-Dustin

Revision history for this message
Colin Watson (cjwatson) wrote :

Well, here's the guts of the problem:

Jan 25 23:18:06 user-setup: The home directory `/home/jessie' already exists. Not copying from `/etc/skel'.
Jan 25 16:18:06 chfn[5843]: changed user `jessie' information
Jan 25 23:18:06 finish-install: cat: can't open '/dev/shm/.ecryptfs-jessie': No such file or directory
Jan 25 23:18:06 finish-install: warning: /usr/lib/finish-install.d/06user-setup returned error code 1

You apparently selected encrypted-home. Is it possible that /home/jessie already existed? (That isn't *wrong*, but it's something that I don't think the current encrypted-home implementation can account for.)

Changed in user-setup:
status: Incomplete → Confirmed
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Per discussion in IRC, this bug is valid, but not easily solvable from the ecryptfs/adduser perspective.

If your home directory already exists, we cannot very well attempt to set it up for encryption at that point.

It would take a live migration of any data that might already live in /home/jesse into the encrypted setup.

I am working on some a "live migration" mechanism for after-the-fact or dist-upgrading users who decide that they want to encrypt their home directories. But that won't be in the installer.

As Colin suggested in IRC, the best thing to do is to detect this situation, and error out appropriately...

<cjwatson> so user-setup will need to say "sorry Dave, I can't do that" and then carry on unencrypted, IMO

:-Dustin

Revision history for this message
Jessie Morris (jessieamorris) wrote :

Yes, I did have my previous home folder present. I didn't format that partition, and it WAS unencrypted. I would have to agree with Dustin, that it would be good to have an error occur. Check to see if there is a folder already present at /home/user and if so, spit out an error saying, "Encrypting not possible for existing folders." How do I go about making changes to these things? I would love to get involved in developing Kubuntu.

Revision history for this message
Colin Watson (cjwatson) wrote :

It's not as trivial as you might think, since installer UI changes require learning enough about debconf to write a debconf template and arrange for it to be displayed. The debconf-devel(7) manual page in the debconf-doc package gives a general outline.

Feel free to hop into #ubuntu-installer on irc.ubuntu.com if you're keen on helping, though!

Changed in user-setup:
importance: Undecided → Medium
status: Confirmed → Triaged
Revision history for this message
Colin Watson (cjwatson) wrote :

Also, http://wiki.ubuntu.com/InstallerDevelopment has an introduction to installer work, with a number of useful links.

Revision history for this message
Colin Watson (cjwatson) wrote :

Whoops, I slacked on this and we're past UI freeze now. How about we simply don't offer the encrypt-home option if there's an existing home directory? That might confuse people a little bit who are looking for it, but for the most part I think it would be an improvement over allowing it to be selected but then breaking.

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Colin-

Yes, that was the understanding I had, per our discussion in IRC. If the user's home directory already exists, don't allow encrypting-home. The ecryptfs side simply cannot do the right thing in that case, without trampling existing data.

How you handle it in the installer is up to you. Simply not displaying the encrypt-home radio button in that case seems like a reasonable solution.

:-Dustin

Colin Watson (cjwatson)
Changed in user-setup (Ubuntu Jaunty):
assignee: nobody → cjwatson
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package user-setup - 1.23ubuntu16

---------------
user-setup (1.23ubuntu16) jaunty; urgency=low

  * Don't offer encrypting the home directory if the selected user's home
    directory already exists (LP: #321345).
  * Update Ubuntu-specific strings from Launchpad.

 -- Colin Watson <email address hidden> Wed, 01 Apr 2009 12:38:09 +0100

Changed in user-setup:
status: Fix Committed → Fix Released
Revision history for this message
Scott Hinchley (scott-hinchley) wrote :

This will also fail on a fresh install when selecting encrypted home directory, even when the home directory does not exist.
...
Jul 27 22:14:21 in-target: kbd is already the newest version.
Jul 27 22:14:21 in-target: 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Jul 27 22:14:21 finish-install: info: Running /usr/lib/finish-install.d/05speakup
Jul 27 22:14:21 finish-install: info: Running /usr/lib/finish-install.d/06user-setup
Jul 27 22:14:21 user-setup: Shadow passwords are now on.
Jul 27 22:14:21 anna-install: Installing crypto-modules
Jul 27 22:14:21 user-setup: Adding user `shin' ...
Jul 27 22:14:21 user-setup: Adding new group `shin' (1000) ...
Jul 27 17:14:21 groupadd[11340]: new group: name=shin, GID=1000
Jul 27 22:14:22 user-setup: Adding new user `shin' (1000) with group `shin' ...
Jul 27 17:14:22 useradd[11344]: new user: name=shin, UID=1000, GID=1000, home=/home/shin, shell=/bin/bash
Jul 27 22:14:22 user-setup: Creating home directory `/home/shin' ...
Jul 27 22:14:22 user-setup: Setting up encryption ...
Jul 27 22:14:22 user-setup: ERROR: Can't get ecryptfs version, ecryptfs kernel module not loaded?
Jul 27 22:14:22 user-setup: adduser: `/usr/bin/ecryptfs-setup-private -b -u shin' returned error code 1. Exiting.
Jul 27 22:14:22 finish-install: cat: /dev/shm/.ecryptfs-shin: No such file or directory
Jul 27 22:14:22 finish-install: warning: /usr/lib/finish-install.d/06user-setup returned error code 1
Jul 27 22:14:22 finish-install: info: Running /usr/lib/finish-install.d/07atl2
Jul 27 22:14:22 finish-install: info: Running /usr/lib/finish-install.d/07preseed
Jul 27 22:14:22 finish-install: info: Running /usr/lib/finish-install.d/10bind-mount
Jul 27 22:14:22 finish-install: info: Running /usr/lib/finish-install.d/10clock-setup
...

These other issues also look to be fresh installs that use encrypted home directories that have problems (https://bugs.launchpad.net/ubuntu/+source/user-setup/+bug/321430 and here https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/366894).

Though this may be more related to the /usr/bin/ecryptfs-setup-private failing because the ecryptfs module is not loaded, but from a user standpoint everything looked to work, until you try to do any Admin tasks, then you run into the "not in sudoers file".

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.