** Description changed: + [ Impact ] + On Ubuntu Core 24 calling the command line useradd --extrausers --groups somegroup somenewuser ... fails with: useradd: cannot lock /etc/group; try again later. It worked on 22.04. /etc is not writable. It also fails if somegroup is a group in extrausers. + + [ Test Plan ] + + Part of the upload is adding an autopkgtest script testing useradd and + usermod in the extrausers+readonly-etc case. + + In addition, the following commands should be run as root in a fresh + container: + + ``` + # Install prerequisites + apt install libnss-extrausers + vim /etc/nsswitch.conf # enable extrausers in group, passwd, shadow and gshadow + + # Sanity checks of "normal" path + groupadd etcgroup + useradd --groups etcgroup etcuser + id etcuser | grep etcgroup + groupadd etcgroup2 + usermod --groups etcgroup2 etcuser + id etcuser | grep etcgroup2 + useradd --groups nullgroup etcuser || echo Successfully rejected invalid group + + ls /var/lib/extrausers/ # should be empty + + # Sanity checks of "extrausers" path in rw context + groupadd --extrausers extragroup + useradd --extrausers --groups extragroup extrauser # currently fails + id extrauser | grep extragroup + useradd --extrausers extrauser2 + id extrauser2 + usermod --extrausers --groups extragroup extrauser2 + id extrauser2 | grep extragroup + + # Sanity checks of "extrausers" path in ro context + mv /etc /etc-rw + mkdir /etc + mount -o bind,ro /etc-rw /etc + groupadd --extrausers extragroup2 + useradd --extrausers --groups etcgroup extrauser3 + id extrauser4 | grep etcgroup + usermod --extrausers --groups extragroup2 extrauser3 + id extrauser4 | grep extragroup2 + ``` + + + Furthermore, validation from the Ubuntu Core team that this actually fixes + their use case is required. + + [ Where problems could occur ] + + Regression potential is in the group validation stage of the `usermod` and + `useradd` tools. Besides the usual risks related to C code, the various failure + scenarios that come to mind are: + + * try to add the user to an non-existing local group, which would fail further + down with a different error message + * actually fail to identify a valid local group + * Fail to either add the user to the system, or the user to the group + * Update the wrong file (/var/lib/extrausers/* vs /etc/*)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063200 Title: useradd --extrausers --groups tries to lock /etc/group To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2063200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
