← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #83022

[Bug 1872995] Re: expiredate is not working if also setting a password.

  Thread PreviousDate PreviousThread Next 
[Expired for cloud-init because there has been no activity for 60 days.]

** Changed in: cloud-init
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1872995

Title:
  expiredate is not working if also setting a password.

Status in cloud-init:
  Expired

Bug description:
  We're building an OVA based on https://cloud-
  images.ubuntu.com/releases/bionic/release/ubuntu-18.04-server-
  cloudimg-amd64.ova

  Our cloud-init config includes this:

  --- 8< ---
  users:
    - name: foo
      groups: "users, admin, adm, systemd-journal"
      lock_passwd: false
      plain_text_passwd: 'Foo1!'
      shell: /bin/bash
      sudo: ALL=(ALL) NOPASSWD:ALL
      # this forces the password to be changed at first login
      expiredate: 2012-09-01
  --- >8 ---

  If I run it just like that, I end up with an entry in /etc/shadow that
  reads:

  --- 8< ---
  foo:$6$R....:18367:0:99999:7:::
  --- >8 ---

  Thus the password is not expired (1970-01-01 + 18367d is today).
  Looking at the logs, I find:

  --- 8< ---
  2020-04-15 14:18:57,292 - __init__.py[DEBUG]: Adding user foo
  2020-04-15 14:18:57,292 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: ['useradd', 'foo', '--groups', 'users,admin,adm,systemd-journal', '--shell', '/bin/bash', '-m']
  2020-04-15 14:18:57,479 - util.py[DEBUG]: Running hidden command to protect sensitive input/output logstring: chpasswd for foo
  --- >8 ---

  I'm not sure if the bug is that --expiredate is not passed to useradd
  or that the later password change resets the date (that sounds more
  plausible) or both. I also found in the same code
  (cloudinit/distros/__init__.py) a expire_passwd() function, but it
  doesn't seem to be called from this module.

  For the moment I can work this around by expiring the password by hand
  myself with the exact code from that last function.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1872995/+subscriptions

References

  Thread PreviousDate PreviousThread Next