touch-packages team mailing list archive

Thread
Date

[Bug 1475749] Re: usermod --add-subuids fails for users not in /etc/passwd

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1475749@xxxxxxxxxxxxxxxxxx>
Date: Wed, 04 Nov 2015 16:44:01 -0000
Reply-to: Bug 1475749 <1475749@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package shadow - 1:4.1.5.1-1.1ubuntu4.1

---------------
shadow (1:4.1.5.1-1.1ubuntu4.1) vivid; urgency=medium

  * debian/patches/userns/subuids-nonlocal-users: Don't limit
    subuid/subgid support to local users.  Closes LP: #1475749.

 -- Steve Langasek <steve.langasek@xxxxxxxxxx>  Mon, 20 Jul 2015
22:58:18 -0700

** Changed in: shadow (Ubuntu Vivid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1475749

Title:
  usermod --add-subuids fails for users not in /etc/passwd

Status in Canonical System Image:
  Fix Released
Status in shadow package in Ubuntu:
  Fix Released
Status in shadow source package in Vivid:
  Fix Released

Bug description:
  [SRU justification]
  The (distro patched) subuid/subgid support in the shadow 'usermod' command only works with users present in /etc/passwd.  As /etc/subuid and /etc/subgid are separate databases that do not require modification of /etc/passwd, this is an unnecessary restriction that appears to be due to a simple logic bug in the patch and not as a deliberate design decision.  As Ubuntu Touch and Ubuntu Snappy systems will as a class have users in different NSS backends from /etc/passwd, and lxc should be supported for these users with uid namespacing, this bug warrants fixing.

  [Test case]
  1. Install the libnss-extrausers package
  2. Enable it by running "sudo sed -i -e'/passwd:/ s/$/ extrausers/' /etc/nsswitch.conf"
  3. Create a test user by running "echo 'testuser:x:2000:2000::/nonexistent:/bin/false' | sudo tee /var/lib/extrausers/passwd"
  4. Attempt to add subuids for this user by running "sudo usermod --add-subuids 10000-12000 testuser"
  5. Confirm that this fails with the error message "usermod: user 'testuser' does not exist in /etc/passwd"
  6. Install the new version of the 'passwd' package
  7. Repeat the test from step 4
  8. Confirm that the command now succeeds, and the user's entry has been added to /etc/subuid
  9. Clean up by running 'sudo usermod --del-subuids 10000-12000 testuser" and removing the /var/lib/extrausers/passwd file

  [Regression potential]
  This is a targeted bugfix in the behavior of usermod, and users are unlikely to be relying on the usermod command failing for non-local users.

  [Original report]
  currently we have need to utilize lxc on vivid+stable overlay which requires adding subuser & subgroup ids.
  unfortunately, usermod currently fails since phablet password is readonly

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1475749/+subscriptions

References

[Bug 1475749] [NEW] changes to phablet to enable moduser on vivid+stable overlay ppa
From: kevin gunn, 2015-07-17