Ubuntu
gnome-control-center package

"Login without password" option effectively locks super user out!

Bug #1070449 reported by Mikko Saarinen
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gnome-control-center (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

I installed Ubuntu 12.10 with the option to log my main user with a password.
Then I added two other users and changed all three accounts to log in without a password.

This nulled my main user's password and stopped the ability to sudo and make any system wide changes!
Also the password can not be set back on, as there is no valid password to authorize any actions! In effect, you are completely left without a super user for your computer and cannot install updates or programs or do a whole lot of anything.

There is a remedy to this and it is to go to the terminal and typing passwd, after which you can re-set your password. However this is not clear to many users, and that's why the Users panel simply should not be able to null your password even if you prefer to login without one.

Very critical to get fixed asap!

See original description
Mikko Saarinen (mikk0)
description: updated
description: updated
Revision history for this message
Alistair Buxton (a-j-buxton) wrote :

To be clear: the problem here is that the password change dialog in user accounts inside gnome control center demands that you enter your existing password. This isn't possible after you have previously cleared the password.

Changing the password at terminal with passwd works, but causes the greeter to misbehave.

Changed in ubiquity (Ubuntu):
status: New → Confirmed
affects: ubiquity (Ubuntu) → gnome-control-center (Ubuntu)
Revision history for this message
Alistair Buxton (a-j-buxton) wrote :

Greeter bug, probably related: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1100989

Revision history for this message
Mikko Saarinen (mikk0) wrote :

I disagree that this bug is greeter related (even if you set your new password, you haven't told greeter to use it to login, but there is still the option chosen to log in without one).

What this does, which is more serious for the new user, it's that it disables the admin password and effectively locks you out of any maintenance activities.

The logical way would be to inform PAM that this account may be used to log in without password, but leave the user password otherwise intact so sudo can still make use of it so the user still has access to elevated rights when needed.

My two cents for this old bug, because I think it still affects the current distribution too, though I can't test it at the moment.

Revision history for this message
Alistair Buxton (a-j-buxton) wrote :

I meant the other bug is greeter related, and it is triggered by the most obvious workaround for this bug - recreating your password using passwd at terminal. The root issue is probably the same so if someone makes a fix for either bug they should probably make sure it addresses both scenarios. The way you suggest does indeed sound logical but I don't know much about PAM.

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Thank you for reporting this bug to Ubuntu.
Ubuntu 12.10 (quantal) reached end-of-life on May 16, 2014.

See this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

We appreciate that this bug may be old and you might not be interested in discussing it any more. But if you are then please upgrade to the latest Ubuntu version and re-test. If you then find the bug is still present in the newer Ubuntu version, please add a comment here telling us which new version it is in and change the bug status to Confirmed.

Changed in gnome-control-center (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.