adduser should support managing additional password/shadow/group files from libnss-extrausers
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | adduser (Debian) |
Confirmed
|
Unknown
|
||
| | adduser (Ubuntu) |
High
|
Steve Langasek | ||
| | Vivid |
Undecided
|
Unassigned | ||
Bug Description
with our readonly system-image setup when adding a user or changing a password using the /etc/{passwd,
we plan to solve this via using libnss-extrausers and patching the config in /etc/nsswitch.conf at image build-time. this way we can make /var/lib/extrausers writable and use passwd,shadow and group from there.
unfortunately adduser is not able to operate on these files in the non-standard location. to set a user password (for having a properly working lock screen), add new users or drop the "nopasswordlogin" group from the phablet user it needs to learn handling these files so that we do not need to use weird hacks to manage users on system-image installs.
Related branches
- Ubuntu branches: Pending requested 2015-06-26
-
Diff: 214 lines (+75/-18)5 files modifiedAdduserCommon.pm (+1/-0)
adduser (+64/-17)
adduser.conf (+3/-0)
debian/changelog (+6/-0)
debian/control (+1/-1)
| Changed in adduser (Ubuntu): | |
| importance: | Undecided → High |
| assignee: | nobody → Steve Langasek (vorlon) |
| Michael Terry (mterry) wrote : | #1 |
| Launchpad Janitor (janitor) wrote : | #2 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in adduser (Ubuntu): | |
| status: | New → Confirmed |
| Changed in adduser (Ubuntu): | |
| milestone: | none → ubuntu-14.07 |
| Changed in adduser (Ubuntu): | |
| status: | Confirmed → In Progress |
| Dimitri John Ledkov (xnox) wrote : | #3 |
Hm. I don't think I like this patch =)
In Clearlinux.org we use nss-altfiles, not extrausers project. And I have extensively patched shadow to support altfiles. Ideally I would like that support to be reviewed and landed upstream. Specifically all system accounts & groups are defined in altfiles, yet one can do things like "add this system account to this system group" in which case relevant stanzas from system data files is copied and stored in files under /etc/.
Can we merge this support in shadow? At the moment it seems like clearlinux.org, ubuntu (snappy), fedora (atomic) are using altfiles/extrausers and all would want proper support in shadow of setups with split system-provided accounts & user/admin modified accounts.
| Oliver Grawert (ogra) wrote : | #4 |
does nss-altfiles allow us to keep a readonly locked down /etc/passwd|
| Changed in adduser (Ubuntu): | |
| status: | In Progress → Fix Released |
| Changed in adduser (Debian): | |
| status: | Unknown → New |
| Steve Langasek (vorlon) wrote : | #5 |
Once the dust has settled on the implementation, I think we want to look at whether this is SRUable to vivid for use in core and phone there.
| Launchpad Janitor (janitor) wrote : | #6 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in adduser (Ubuntu Vivid): | |
| status: | New → Confirmed |
| Changed in adduser (Debian): | |
| status: | New → Confirmed |
Poke on this. We'd like to land support for using PAM on the phone within the next few weeks.