2022-01-28 08:58:30 |
Michael Vogt |
bug |
|
|
added bug |
2022-01-28 08:59:34 |
Michael Vogt |
nominated for series |
|
Ubuntu Bionic |
|
2022-01-28 08:59:34 |
Michael Vogt |
bug task added |
|
shadow (Ubuntu Bionic) |
|
2022-01-28 08:59:34 |
Michael Vogt |
nominated for series |
|
Ubuntu Impish |
|
2022-01-28 08:59:34 |
Michael Vogt |
bug task added |
|
shadow (Ubuntu Impish) |
|
2022-01-28 08:59:34 |
Michael Vogt |
nominated for series |
|
Ubuntu Jammy |
|
2022-01-28 08:59:34 |
Michael Vogt |
bug task added |
|
shadow (Ubuntu Jammy) |
|
2022-01-28 08:59:34 |
Michael Vogt |
nominated for series |
|
Ubuntu Focal |
|
2022-01-28 08:59:34 |
Michael Vogt |
bug task added |
|
shadow (Ubuntu Focal) |
|
2022-01-28 09:00:55 |
Michael Vogt |
attachment added |
|
Proposed (untested) patch https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5557911/+files/shadow-lp1959375.diff |
|
2022-01-28 09:34:41 |
Michael Vogt |
attachment added |
|
debdiff for the PPA jammy test upload https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5557912/+files/shadow_4.8.1-2ubuntu2~ppa1.debdiff |
|
2022-01-28 12:26:44 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2022-03-14 06:06:53 |
Alberto Mardegan |
attachment added |
|
Patch for focal https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568568/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch |
|
2022-03-14 08:32:11 |
Alberto Mardegan |
attachment removed |
Patch for focal https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568568/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch |
|
|
2022-03-14 08:32:39 |
Alberto Mardegan |
attachment added |
|
debdiff for Focal https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568607/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch |
|
2022-03-14 09:04:37 |
Alberto Mardegan |
attachment removed |
debdiff for Focal https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568607/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch |
|
|
2022-03-14 09:05:09 |
Alberto Mardegan |
attachment added |
|
debdiff for Focal https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568613/+files/0001-Add-automatic-detection-of-extrausers-for-usermod-G.patch |
|
2022-03-14 09:05:38 |
Alberto Mardegan |
attachment added |
|
debdiff for Jammy https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568614/+files/0001-Jammy-changes-for-LP-1797786.patch |
|
2022-03-14 10:53:13 |
Alberto Mardegan |
attachment added |
|
debdiff for Bionic https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1959375/+attachment/5568639/+files/0001-Bionic-patch-for-LP-1959375.patch |
|
2022-03-14 13:58:05 |
Alberto Mardegan |
shadow (Ubuntu Impish): status |
New |
Won't Fix |
|
2022-03-14 13:58:20 |
Alberto Mardegan |
shadow (Ubuntu Impish): importance |
Undecided |
Low |
|
2022-03-14 14:33:47 |
Alberto Mardegan |
description |
Currently doing something like:
sudo usermod -a -G snap_microk8s dbeamonte
on a Ubuntu Core system will fail with
usermod: /etc/group.15965: Read-only file system
This is because the existing usermod patches to detect
the extrausers file do not cover this case. Attached
a simple patch that enables it. I will give this patch
a test run in our image PPA for jammy and if things look
good I would like upload to 22.04 and SRU for 20.04 and
18.04. |
[Impact]
* In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary.
* This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected.
[Test Plan]
The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "<uc.img>" with the actual path of your Ubuntu Core image file:
qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \
-netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \
-device virtio-net-pci,netdev=mynet0 \
-drive file=<uc.img>,format=raw
<to be continued>
Original bug description
========================
Currently doing something like:
sudo usermod -a -G snap_microk8s dbeamonte
on a Ubuntu Core system will fail with
usermod: /etc/group.15965: Read-only file system
This is because the existing usermod patches to detect
the extrausers file do not cover this case. Attached
a simple patch that enables it. I will give this patch
a test run in our image PPA for jammy and if things look
good I would like upload to 22.04 and SRU for 20.04 and
18.04. |
|
2022-03-15 07:18:32 |
Alberto Mardegan |
description |
[Impact]
* In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary.
* This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected.
[Test Plan]
The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "<uc.img>" with the actual path of your Ubuntu Core image file:
qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \
-netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \
-device virtio-net-pci,netdev=mynet0 \
-drive file=<uc.img>,format=raw
<to be continued>
Original bug description
========================
Currently doing something like:
sudo usermod -a -G snap_microk8s dbeamonte
on a Ubuntu Core system will fail with
usermod: /etc/group.15965: Read-only file system
This is because the existing usermod patches to detect
the extrausers file do not cover this case. Attached
a simple patch that enables it. I will give this patch
a test run in our image PPA for jammy and if things look
good I would like upload to 22.04 and SRU for 20.04 and
18.04. |
[Impact]
* In order to use the microk8s snap in Ubuntu Core, one currently needs to be root. This is far from optimal, since normally (on desktop and server installations) this is not necessary.
* This make it hard to provide consistent documentation on microk8s across all supported device, if we have to take the "sudo" command into account, and how file permissions for generated files might be affected.
[Test Plan]
The issue can be reproduced on Ubuntu Core 18, 20 and 22. The steps are as following (replace "<uc.img>" with the actual path of your Ubuntu Core image file:
qemu-system-x86_64 -enable-kvm -smp 2 -m 1500 \
-netdev user,id=mynet0,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \
-device virtio-net-pci,netdev=mynet0 \
-drive file=<uc.img>,format=raw
After configuring your account, connect to youd device via SSH:
ssh <user>@localhost -p 8022
And issue these commands
sudo snap install microk8s --channel=latest/edge/stable
# microk8s is going to eat up all your disk space, so stop it as soon
# as the prompt comes back:
sudo microk8s stop
# Add your user to the microk8s group
sudo usermod -G snap_microk8s $(whoami)
The last command will fail unless this bug is fixed. If the bug is fixed, the command will succeed, and after logging out and in again, you can verify that you've been added to the snap_microk8s group by running the "groups" command.
[Where problems could occur]
* The patch only touches error code paths and adds a fallback mechanism in them. Therefore, "normal" operations, where these commands would have succeeded before, will not be affected at all.
* In those cases when usermod fails because it failed to find or load the requested user/group, we reset the user/group database paths to our writable user/group databases, and retry the operation. Note that the path for our database is hardcoded in the program source, so the security risk seems contained. We do not add additional command-line parameters.
[Other Info]
Original bug description
========================
Currently doing something like:
sudo usermod -a -G snap_microk8s dbeamonte
on a Ubuntu Core system will fail with
usermod: /etc/group.15965: Read-only file system
This is because the existing usermod patches to detect
the extrausers file do not cover this case. Attached
a simple patch that enables it. I will give this patch
a test run in our image PPA for jammy and if things look
good I would like upload to 22.04 and SRU for 20.04 and
18.04. |
|
2022-03-17 06:32:17 |
Launchpad Janitor |
shadow (Ubuntu Jammy): status |
New |
Fix Released |
|
2022-03-17 09:32:22 |
Michael Vogt |
shadow (Ubuntu Bionic): status |
New |
In Progress |
|
2022-03-17 09:32:25 |
Michael Vogt |
shadow (Ubuntu Focal): status |
New |
In Progress |
|
2022-03-22 20:54:13 |
Brian Murray |
shadow (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2022-03-22 20:54:15 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-03-22 20:54:17 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2022-03-22 20:54:19 |
Brian Murray |
tags |
patch |
patch verification-needed verification-needed-focal |
|
2022-03-22 20:55:53 |
Brian Murray |
shadow (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2022-03-22 20:55:58 |
Brian Murray |
tags |
patch verification-needed verification-needed-focal |
patch verification-needed verification-needed-bionic verification-needed-focal |
|
2022-05-12 11:18:43 |
Alberto Mardegan |
tags |
patch verification-needed verification-needed-bionic verification-needed-focal |
patch verification-done-bionic verification-done-focal verification-needed |
|
2022-05-12 11:51:06 |
Alberto Mardegan |
tags |
patch verification-done-bionic verification-done-focal verification-needed |
patch verification-done verification-done-bionic verification-done-focal |
|
2022-05-18 02:11:57 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2022-05-18 02:43:20 |
Launchpad Janitor |
shadow (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2022-06-29 04:58:03 |
Launchpad Janitor |
shadow (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|