cloud-init locks out user `ubuntu` after upgrade from 22.04 to 24.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Noble |
Invalid
|
High
|
Unassigned | ||
ubuntu-release-upgrader (Ubuntu) |
Invalid
|
High
|
Nick Rosbrook | ||
Noble |
Fix Released
|
High
|
Nick Rosbrook |
Bug Description
[Impact]
Since Jammy, desktop metapackages have gained a Recommends: cloud-init, which means that cloud-init will be installed on upgrades to Noble. On the first boot following the upgrade, cloud-init will run because as far as cloud-init can detect, this is the first boot. However, this is wrong, and we do not want cloud-init to run after the upgrade.
One practical impact of this is that by default, cloud-init creates user `ubuntu` with `lock_passwd: true`. If the upgraded machine already has a user `ubuntu`, they will be locked out.
[Test Plan]
The proposed patch is for ubuntu-
Test #1:
This test must be done on 22.04 desktop where cloud-init is not installed.
1. Confirm that cloud-init is not installed
$ apt policy cloud-init
2. Do an upgrade
$ do-release-upgrade -d
3. After the upgrade, confirm that /etc/cloud/
$ cat /etc/cloud/
4. Reboot, and confirm that cloud-init does not run
$ systemctl status cloud-init.target
$ cat /run/cloud-
Test #2:
This test must be done on 22.04 server where cloud-init is installed. A LXD container works.
1. Confirm that cloud-init is installed:
$ apt policy cloud-init
2. Do an upgrade
$ do-release-upgrade -d
3. After the upgrade, confirm that cloud-init was not disabled by ubuntu-
$ stat /etc/cloud/
[Where problems could occur]
It is important that the correct file is created to correctly disable cloud-init. Regressions would be related to whether or not this file is created in the correct circumstances.
[Original Description]
After performing an upgrade, and then rebooting, I am no longer able to login with my user "ubuntu". I get an authentication failure with both the graphical login screen, and when attempting to login on a non-graphical tty.
Dropping to a rescue shell, I can see this in the logs:
root@xubuntu:~# journalctl -b --grep pam
Aug 02 11:52:45 xubuntu systemd[1]: systemd 255.4-1ubuntu8.2 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OP>
Aug 02 11:53:00 xubuntu lightdm[1422]: pam_unix(
Aug 02 11:53:00 xubuntu (systemd)[1472]: pam_unix(
Aug 02 11:53:00 xubuntu lightdm[1422]: gkr-pam: couldn't unlock the login keyring.
Aug 02 11:53:01 xubuntu lightdm[1584]: pam_succeed_
Aug 02 11:53:40 xubuntu lightdm[1584]: pam_unix(
Aug 02 11:53:42 xubuntu lightdm[1604]: pam_succeed_
Aug 02 11:53:49 xubuntu lightdm[1604]: pam_unix(
Aug 02 11:53:51 xubuntu lightdm[1605]: pam_succeed_
Aug 02 11:53:58 xubuntu lightdm[1607]: pam_succeed_
Aug 02 11:53:59 xubuntu lightdm[1607]: gkr-pam: unable to locate daemon control file
Aug 02 11:53:59 xubuntu lightdm[1607]: gkr-pam: stashed password to try later in open session
Aug 02 11:53:59 xubuntu lightdm[1422]: pam_unix(
Aug 02 11:53:59 xubuntu lightdm[1607]: pam_unix(
Aug 02 11:54:00 xubuntu (systemd)[1614]: pam_unix(
Aug 02 11:54:00 xubuntu lightdm[1607]: gkr-pam: unlocked login keyring
Aug 02 11:54:10 xubuntu (sd-pam)[1473]: pam_unix(
Aug 02 11:55:01 xubuntu CRON[2417]: pam_unix(
Aug 02 11:55:01 xubuntu CRON[2417]: pam_unix(
Other notes:
(1) During the upgrade, the screen saver was disabled. I know this has been a bug in the past, but I do not believe it is the cause here.
(2) A work around for this is to drop into a rescue shell, and from root, run e.g. `passwd ubuntu` to reset the user's password.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: libpam-modules 1.5.3-5ubuntu5.1
ProcVersionSign
Uname: Linux 6.8.0-39-generic x86_64
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckR
CloudArchitecture: x86_64
CloudID: none
CloudName: none
CloudPlatform: none
CloudSubPlatform: config
CurrentDesktop: XFCE
Date: Fri Aug 2 11:55:51 2024
InstallationDate: Installed on 2024-07-30 (3 days ago)
InstallationMedia: Xubuntu 22.04.4 LTS "Jammy Jellyfish" - Release amd64 (20240216.1)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-
XDG_RUNTIME_
SourcePackage: pam
UpgradeStatus: Upgraded to noble on 2024-08-02 (0 days ago)
mtime.conffile.
tags: |
added: foundations-todo removed: rls-nn-incoming |
Changed in ubuntu-release-upgrader (Ubuntu Noble): | |
importance: | Undecided → High |
Changed in ubuntu-release-upgrader (Ubuntu): | |
importance: | Undecided → Medium |
importance: | Medium → High |
Changed in ubuntu-release-upgrader (Ubuntu Noble): | |
assignee: | nobody → Nick Rosbrook (enr0n) |
status: | New → Triaged |
Changed in ubuntu-release-upgrader (Ubuntu): | |
status: | New → Triaged |
assignee: | nobody → Nick Rosbrook (enr0n) |
Changed in ubuntu-release-upgrader (Ubuntu Noble): | |
milestone: | none → ubuntu-24.04.1 |
description: | updated |
description: | updated |
Prior to upgrade, was this system configured for passwordless login?