← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1872995] [NEW] expiredate is not working if also setting a password.

 

Public bug reported:

We're building an OVA based on https://cloud-
images.ubuntu.com/releases/bionic/release/ubuntu-18.04-server-cloudimg-
amd64.ova

Our cloud-init config includes this:

--- 8< ---
users:
  - name: foo
    groups: "users, admin, adm, systemd-journal"
    lock_passwd: false
    plain_text_passwd: 'Foo1!'
    shell: /bin/bash
    sudo: ALL=(ALL) NOPASSWD:ALL
    # this forces the password to be changed at first login
    expiredate: 2012-09-01
--- >8 ---

If I run it just like that, I end up with an entry in /etc/shadow that
reads:

--- 8< ---
foo:$6$R....:18367:0:99999:7:::
--- >8 ---

Thus the password is not expired (1970-01-01 + 18367d is today). Looking
at the logs, I find:

--- 8< ---
2020-04-15 14:18:57,292 - __init__.py[DEBUG]: Adding user foo
2020-04-15 14:18:57,292 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: ['useradd', 'foo', '--groups', 'users,admin,adm,systemd-journal', '--shell', '/bin/bash', '-m']
2020-04-15 14:18:57,479 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: chpasswd for foo
--- >8 ---

I'm not sure if the bug is that --expiredate is not passed to useradd or
that the later password change resets the date (that sounds more
plausible) or both. I also found in the same code
(cloudinit/distros/__init__.py) a expire_passwd() function, but it
doesn't seem to be called from this module.

For the moment I can work this around by expiring the password by hand
myself with the exact code from that last function.

** Affects: cloud-init
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1872995

Title:
  expiredate is not working if also setting a password.

Status in cloud-init:
  New

Bug description:
  We're building an OVA based on https://cloud-
  images.ubuntu.com/releases/bionic/release/ubuntu-18.04-server-
  cloudimg-amd64.ova

  Our cloud-init config includes this:

  --- 8< ---
  users:
    - name: foo
      groups: "users, admin, adm, systemd-journal"
      lock_passwd: false
      plain_text_passwd: 'Foo1!'
      shell: /bin/bash
      sudo: ALL=(ALL) NOPASSWD:ALL
      # this forces the password to be changed at first login
      expiredate: 2012-09-01
  --- >8 ---

  If I run it just like that, I end up with an entry in /etc/shadow that
  reads:

  --- 8< ---
  foo:$6$R....:18367:0:99999:7:::
  --- >8 ---

  Thus the password is not expired (1970-01-01 + 18367d is today).
  Looking at the logs, I find:

  --- 8< ---
  2020-04-15 14:18:57,292 - __init__.py[DEBUG]: Adding user foo
  2020-04-15 14:18:57,292 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: ['useradd', 'foo', '--groups', 'users,admin,adm,systemd-journal', '--shell', '/bin/bash', '-m']
  2020-04-15 14:18:57,479 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: chpasswd for foo
  --- >8 ---

  I'm not sure if the bug is that --expiredate is not passed to useradd
  or that the later password change resets the date (that sounds more
  plausible) or both. I also found in the same code
  (cloudinit/distros/__init__.py) a expire_passwd() function, but it
  doesn't seem to be called from this module.

  For the moment I can work this around by expiring the password by hand
  myself with the exact code from that last function.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1872995/+subscriptions


Follow ups