touch-packages team mailing list archive

Thread
Date

[Bug 1475749] Re: usermod --add-subuids fails for users not in /etc/passwd

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Chris J Arges <1475749@xxxxxxxxxxxxxxxxxx>
Date: Wed, 22 Jul 2015 13:44:02 -0000
Reply-to: Bug 1475749 <1475749@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hello kevin, or anyone else affected,

Accepted shadow into vivid-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/shadow/1:4.1.5.1-1.1ubuntu4.1 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Also affects: shadow (Ubuntu Vivid)
   Importance: Undecided
       Status: New

** Changed in: shadow (Ubuntu Vivid)
       Status: New => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1475749

Title:
  usermod --add-subuids fails for users not in /etc/passwd

Status in Canonical System Image:
  New
Status in shadow package in Ubuntu:
  Fix Released
Status in shadow source package in Vivid:
  Fix Committed

Bug description:
  [SRU justification]
  The (distro patched) subuid/subgid support in the shadow 'usermod' command only works with users present in /etc/passwd.  As /etc/subuid and /etc/subgid are separate databases that do not require modification of /etc/passwd, this is an unnecessary restriction that appears to be due to a simple logic bug in the patch and not as a deliberate design decision.  As Ubuntu Touch and Ubuntu Snappy systems will as a class have users in different NSS backends from /etc/passwd, and lxc should be supported for these users with uid namespacing, this bug warrants fixing.

  [Test case]
  1. Install the libnss-extrausers package
  2. Enable it by running "sudo sed -i -e'/passwd:/ s/$/ extrausers/' /etc/nsswitch.conf"
  3. Create a test user by running "echo 'testuser:x:2000:2000::/nonexistent:/bin/false' | sudo tee /var/lib/extrausers/passwd"
  4. Attempt to add subuids for this user by running "sudo usermod --add-subuids 10000-12000 testuser"
  5. Confirm that this fails with the error message "usermod: user 'testuser' does not exist in /etc/passwd"
  6. Install the new version of the 'passwd' package
  7. Repeat the test from step 4
  8. Confirm that the command now succeeds, and the user's entry has been added to /etc/subuid
  9. Clean up by running 'sudo usermod --del-subuids 10000-12000 testuser" and removing the /var/lib/extrausers/passwd file

  [Regression potential]
  This is a targeted bugfix in the behavior of usermod, and users are unlikely to be relying on the usermod command failing for non-local users.

  [Original report]
  currently we have need to utilize lxc on vivid+stable overlay which requires adding subuser & subgroup ids.
  unfortunately, usermod currently fails since phablet password is readonly

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1475749/+subscriptions

References

[Bug 1475749] [NEW] changes to phablet to enable moduser on vivid+stable overlay ppa
From: kevin gunn, 2015-07-17