← Back to team overview

desktop-packages team mailing list archive

[Bug 888355] [NEW] users-admin should not allow creation of users with encrypted home who aren't asked for password on login

 

Public bug reported:

Tested in Ubuntu 11.04 and 11.10.  Steps to reproduce:

1) Go to "Users and Groups" (users-admin)

2) Click "Add"

3) Pick any name

4) Check "Encrypt home folder to protect sensitive data"

5) Click "OK"

6) Set any password

7) Check "Don't ask for password on login"

8) Click OK

Expected result: An error is raised at some point, because the user will
not be able to log in.

Actual result: User is created normally.  On login, the user is not
prompted for their password, so the login fails.  In Ubuntu 11.04, some
cryptic error messages display and the GUI hangs; in Ubuntu 11.10,
you're returned to the login screen.  Since the user is not prompted for
their password, the home directory cannot be decrypted, so login will
fail.  The two options are contradictory, and it should be impossible to
select both.

It might also be worthwhile if the program responsible for login (gdm?)
detected this conflict and prompted the user for their password,
ignoring the preference not to be prompted.  However, the preferences
are still logically contradictory, so the administrator should not be
allowed to select both when creating a user.

Bug #581303 and Bug #577563 are related, but were filed against gdm and
eCryptfs.  The problem should still be fixed in users-admin regardless
of whether there's a workaround in gdm.

** Affects: gnome-system-tools (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-system-tools in Ubuntu.
https://bugs.launchpad.net/bugs/888355

Title:
  users-admin should not allow creation of users with encrypted home who
  aren't asked for password on login

Status in “gnome-system-tools” package in Ubuntu:
  New

Bug description:
  Tested in Ubuntu 11.04 and 11.10.  Steps to reproduce:

  1) Go to "Users and Groups" (users-admin)

  2) Click "Add"

  3) Pick any name

  4) Check "Encrypt home folder to protect sensitive data"

  5) Click "OK"

  6) Set any password

  7) Check "Don't ask for password on login"

  8) Click OK

  Expected result: An error is raised at some point, because the user
  will not be able to log in.

  Actual result: User is created normally.  On login, the user is not
  prompted for their password, so the login fails.  In Ubuntu 11.04,
  some cryptic error messages display and the GUI hangs; in Ubuntu
  11.10, you're returned to the login screen.  Since the user is not
  prompted for their password, the home directory cannot be decrypted,
  so login will fail.  The two options are contradictory, and it should
  be impossible to select both.

  It might also be worthwhile if the program responsible for login
  (gdm?) detected this conflict and prompted the user for their
  password, ignoring the preference not to be prompted.  However, the
  preferences are still logically contradictory, so the administrator
  should not be allowed to select both when creating a user.

  Bug #581303 and Bug #577563 are related, but were filed against gdm
  and eCryptfs.  The problem should still be fixed in users-admin
  regardless of whether there's a workaround in gdm.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-system-tools/+bug/888355/+subscriptions


Follow ups

References