Disabling 'Login without a password' does not remove user from the nopasswdlogin group

Bug #906081 reported by Paul Donohue on 2011-12-18
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
gnome-control-center (Ubuntu)
Low
Unassigned

Bug Description

Fresh install of Ubuntu Oneiric. Created a new user account using 'adduser' on the command line, then set 'Login without a password' via 'User Management' in gnome-control-center. After performing some additional initial configuration of the box, went back to 'User Management', disabled 'Login without a password', and configured a password for the user. On subsequent reboots, was still able to login without a password. Tried enabling and disabling 'Login without a password' several times via 'User Management', but eventually had to manually remove the user from the 'nopasswdlogin' group to disable this feature.

Changed in gnome-control-center (Ubuntu):
importance: Undecided → Low
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-control-center (Ubuntu):
status: New → Confirmed
AZ (m-dev) wrote :

This was with a fresh saucy install (Nov 23 2013). I added a new user using gnome-control-center without setting a password. Then the admin set the password for the user, removing the automatic login toggle.
Though, the user remained in the nopasswdlogin group, so it could login without any password. No indication of this was shown in gnome-control-center. By manually removing the user from that group (deluser xxx nopasswdlogin), the issue was resolved for that user.

So this bug report is about not removing the user from the nopasswdlogin group.

On Ubuntu Trusty Tahr(14.04.2 LTS).

On an existing user account, after a while, I set 'Login without a password' via 'User Management' in gnome-control-center.

Now I disabled 'Login without a password', and configured a password for the user. On subsequent reboots, I am still able to login without a password.

'groups' command shows that this account is still a part of 'nopasswdlogin' group.
[reworded original bug description]

I am of the opinion that the source of the bug lies in not reversing the operation (of adding username to 'nopasswordlogin' group). Should I be checking in the source code of gnome-control-center?

Any suggestions/RTFMs?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers