yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #82303
[Bug 1872995] [NEW] expiredate is not working if also setting a password.
Public bug reported:
We're building an OVA based on https://cloud-
images.ubuntu.com/releases/bionic/release/ubuntu-18.04-server-cloudimg-
amd64.ova
Our cloud-init config includes this:
--- 8< ---
users:
- name: foo
groups: "users, admin, adm, systemd-journal"
lock_passwd: false
plain_text_passwd: 'Foo1!'
shell: /bin/bash
sudo: ALL=(ALL) NOPASSWD:ALL
# this forces the password to be changed at first login
expiredate: 2012-09-01
--- >8 ---
If I run it just like that, I end up with an entry in /etc/shadow that
reads:
--- 8< ---
foo:$6$R....:18367:0:99999:7:::
--- >8 ---
Thus the password is not expired (1970-01-01 + 18367d is today). Looking
at the logs, I find:
--- 8< ---
2020-04-15 14:18:57,292 - __init__.py[DEBUG]: Adding user foo
2020-04-15 14:18:57,292 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: ['useradd', 'foo', '--groups', 'users,admin,adm,systemd-journal', '--shell', '/bin/bash', '-m']
2020-04-15 14:18:57,479 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: chpasswd for foo
--- >8 ---
I'm not sure if the bug is that --expiredate is not passed to useradd or
that the later password change resets the date (that sounds more
plausible) or both. I also found in the same code
(cloudinit/distros/__init__.py) a expire_passwd() function, but it
doesn't seem to be called from this module.
For the moment I can work this around by expiring the password by hand
myself with the exact code from that last function.
** Affects: cloud-init
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1872995
Title:
expiredate is not working if also setting a password.
Status in cloud-init:
New
Bug description:
We're building an OVA based on https://cloud-
images.ubuntu.com/releases/bionic/release/ubuntu-18.04-server-
cloudimg-amd64.ova
Our cloud-init config includes this:
--- 8< ---
users:
- name: foo
groups: "users, admin, adm, systemd-journal"
lock_passwd: false
plain_text_passwd: 'Foo1!'
shell: /bin/bash
sudo: ALL=(ALL) NOPASSWD:ALL
# this forces the password to be changed at first login
expiredate: 2012-09-01
--- >8 ---
If I run it just like that, I end up with an entry in /etc/shadow that
reads:
--- 8< ---
foo:$6$R....:18367:0:99999:7:::
--- >8 ---
Thus the password is not expired (1970-01-01 + 18367d is today).
Looking at the logs, I find:
--- 8< ---
2020-04-15 14:18:57,292 - __init__.py[DEBUG]: Adding user foo
2020-04-15 14:18:57,292 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: ['useradd', 'foo', '--groups', 'users,admin,adm,systemd-journal', '--shell', '/bin/bash', '-m']
2020-04-15 14:18:57,479 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: chpasswd for foo
--- >8 ---
I'm not sure if the bug is that --expiredate is not passed to useradd
or that the later password change resets the date (that sounds more
plausible) or both. I also found in the same code
(cloudinit/distros/__init__.py) a expire_passwd() function, but it
doesn't seem to be called from this module.
For the moment I can work this around by expiring the password by hand
myself with the exact code from that last function.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1872995/+subscriptions
Follow ups