set password in "user accounts panel' won't remove user from "nopasswdlogin" in all cases

Bug #1667222 reported by Yuan-Chen Cheng on 2017-02-23
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OEM Priority Project
unity-control-center (Ubuntu)

Bug Description

Step to reproduce

1. add the current login user to "nopasswdlogin" group by
 1.1 launch "user accounts panel" in unity-control-center
 1.2 Click "Unlock" at the top right, and enter the user's password.
 1.3. Click the dots to the right of "Password", to open the dialog where you can change the password mode.
 1.4 In the combo box at the top, select "Log in without a password". Save the dialog.
 1.5 Open a terminal, and execute `grep nopasswdlogin /etc/group'. Note that the current user is present.
2. log out, and confirm password is not needed to login.
3. launch launch "user accounts panel" in unity-control-center again.
4. change the login user's password

Expected behavior
1. new user password is set without any warning message, and user is removed from group "nopasswdlogin".

Current behavior
1. system prompt "Authentication is required to change user data", and the only way out is press cancel.
2. after press cancel, new user password is set, but the user is still in "nopasswdlogin" group. (checked by `grep nopasswdlogin /etc/group`)

Note: this is still reproducible even use the new unity-control-center in LP: #1630156.

information type: Proprietary → Public
affects: unity-control-center → unity-control-center (Ubuntu)
description: updated
Will Cooke (willcooke) wrote :

I can't reproduce this on 16.04 because I can't find the combobox from 1.4. I wonder if this is an OEM specific feature?
Screenshot attached showing what I see.

Changed in unity-control-center (Ubuntu):
status: New → Incomplete
Yuan-Chen Cheng (ycheng-twn) wrote :

@willcooke, can you confirm if you did step 1.2 to unlock ?

From the picture you attached in #1, you didn't unlock.

tags: added: desktop
Will Cooke (willcooke) wrote :

Yup, you're right. I could swear I was unlocking it.

Ok, so after following the steps I can confirm that setting a new password for the user after it has been set to not require a password to log in, does indeed keep the user in the nopasswd group, and so even though you have set a new password for the user you do not need to use it to log in.

However - I'm not sure if this is a bug or a feature.

My rationale is that setting a password for the user could be considered orthogonal to actually requiring that user to *use* the password in order to log in, as opposed to say, unlocking the user panel in settings.

I will speak to the team and see what people think.

Changed in unity-control-center (Ubuntu):
status: Incomplete → Confirmed
Changed in oem-priority:
importance: Critical → High
Changed in oem-priority:
importance: High → Medium
Changed in oem-priority:
importance: Medium → Low
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments