touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #115713
[Bug 1475749] Re: usermod --add-subuids fails for users not in /etc/passwd
This bug was fixed in the package shadow - 1:4.1.5.1-1.1ubuntu4.1
---------------
shadow (1:4.1.5.1-1.1ubuntu4.1) vivid; urgency=medium
* debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users. Closes LP: #1475749.
-- Steve Langasek <steve.langasek@xxxxxxxxxx> Mon, 20 Jul 2015
22:58:18 -0700
** Changed in: shadow (Ubuntu Vivid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1475749
Title:
usermod --add-subuids fails for users not in /etc/passwd
Status in Canonical System Image:
Fix Released
Status in shadow package in Ubuntu:
Fix Released
Status in shadow source package in Vivid:
Fix Released
Bug description:
[SRU justification]
The (distro patched) subuid/subgid support in the shadow 'usermod' command only works with users present in /etc/passwd. As /etc/subuid and /etc/subgid are separate databases that do not require modification of /etc/passwd, this is an unnecessary restriction that appears to be due to a simple logic bug in the patch and not as a deliberate design decision. As Ubuntu Touch and Ubuntu Snappy systems will as a class have users in different NSS backends from /etc/passwd, and lxc should be supported for these users with uid namespacing, this bug warrants fixing.
[Test case]
1. Install the libnss-extrausers package
2. Enable it by running "sudo sed -i -e'/passwd:/ s/$/ extrausers/' /etc/nsswitch.conf"
3. Create a test user by running "echo 'testuser:x:2000:2000::/nonexistent:/bin/false' | sudo tee /var/lib/extrausers/passwd"
4. Attempt to add subuids for this user by running "sudo usermod --add-subuids 10000-12000 testuser"
5. Confirm that this fails with the error message "usermod: user 'testuser' does not exist in /etc/passwd"
6. Install the new version of the 'passwd' package
7. Repeat the test from step 4
8. Confirm that the command now succeeds, and the user's entry has been added to /etc/subuid
9. Clean up by running 'sudo usermod --del-subuids 10000-12000 testuser" and removing the /var/lib/extrausers/passwd file
[Regression potential]
This is a targeted bugfix in the behavior of usermod, and users are unlikely to be relying on the usermod command failing for non-local users.
[Original report]
currently we have need to utilize lxc on vivid+stable overlay which requires adding subuser & subgroup ids.
unfortunately, usermod currently fails since phablet password is readonly
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1475749/+subscriptions
References