Subject: kuser destroys all passwords if /etc/shadow isn't present Package: kuser Version: 4:3.4.2-1 Severity: grave Justification: renders package unusable
*** Please type your report below this line *** When I attempted to add a new user (for testing purposes), kuser apparently replaced the password field in /etc/passwd with "x" for all users. It then reported it was unable to open /etc/shadow and exited. This left things so that no login by anyone was possible, which made it difficult to repair the damage! I don't use shadow passwords, and there is no /etc/shadow file present. I know of no Debian policy that requires /etc/shadow to be present. If kuser can't deal with a system where /etc/shadow isn't present, it should NOT leave the system unusable and unreparable. I suppose this is related to kuser editing files directly, as discussed in bug#248145. I have not checked what happens if /etc/shadow exists but "/sbin/shadowconfig off" has been executed, because I dislike the sensation of having all logins impossible. If kuser can't behave better, then I think the Debian installation should at least check for the existence of /etc/shadow and, if it's not present, at least warn the user during installation of potential disaster. regards, cgm -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.2 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages kuser depends on: ii kdelibs4c2 4:3.4.2-4 core libraries for all KDE applica ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libgcc1 1:4.0.2-2 GCC support library ii libqt3-mt 3:3.3.5-1 Qt GUI Library (Threaded runtime v ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3 kuser recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
