Launchpad has imported 11 comments from the remote bug at
https://bugs.freedesktop.org/show_bug.cgi?id=44408.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2012-01-03T05:08:01+00:00 Joudanzuki wrote:

Apparently, this (new?) login component has completely changed the
(unwritten?) agreements about what users should be filtered out of the
user list in the login dialog.

Traditionally, when presenting a list of users to choose from when
logging in, a user whose login shell is specified as /bin/nologin will
not be included in the list.

Having a filter list as an extra method is okay (see bug 41908), but
it's not the traditional method, and silently changing the behavior is a
potential security risk.

If, in keeping with the (in my opinion, ill-advised) shift to
capabilities, it is deemed desirable to go with a configurable lower
limit on numeric user ids and a filter list, there should at least be
some serious public discussion (as, on distro user lists) before the
change is implemented, and there should be an incubation period during
which both the filter list and the nologin shell are recognized.

I personally would prefer the traditional behavior be kept. There is no
reason, on desktops or servers, for /bin/nologin users to be offered the
opportunity to log in, in most cases. For those that prefer a separate
filter list, the configuration file could be allowed to override the
traditional behavior on a per-user basis, whether to show or hide.
(Reference bug 41908.)

If the change was made to accommodate wireless carriers who might be
deluded about the ability to "keep the platform more secure" by
preventing all non-graphical logins, it would be better to add a
/bin/guiloginonly default shell value.

Filtering on lack of specified password is a good option, but is also
contrary to traditional administration techniques. If such behavior is
to be included, it should be set or unset in the configuration files, as
well.

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/5

------------------------------------------------------------------------
On 2012-02-14T00:40:12+00:00 Matthias Clasen wrote:

Looks like the code to do nologin filtering got lost when moving things
from gdm to the accountsservice. We should bring it back.

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/6

------------------------------------------------------------------------
On 2012-03-07T11:30:13+00:00 Bastien Nocera wrote:

Created attachment 58111
Don't use hard-coded minimal UID to exclude users

We should instead filter on the login shell used.

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/9

------------------------------------------------------------------------
On 2012-03-07T11:37:23+00:00 Bastien Nocera wrote:

Created attachment 58113
Filter users on nologin rather than minimal UID

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/10

------------------------------------------------------------------------
On 2012-03-07T11:38:53+00:00 Bastien Nocera wrote:

Requires the patch from:
https://bugs.freedesktop.org/show_bug.cgi?id=47045
but you might be able to merge it in if you're not interested in the transient 
correctness ;)

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/11

------------------------------------------------------------------------
On 2012-03-07T13:46:05+00:00 Matthias Clasen wrote:

Comment on attachment 58111
Don't use hard-coded minimal UID to exclude users

Review of attachment 58111:
-----------------------------------------------------------------

Not sure I agree with this one.
Yes, we should filter on the login shell. But that doesn't mean that we should 
ignore the minimal uid

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/12

------------------------------------------------------------------------
On 2012-03-07T13:47:34+00:00 Matthias Clasen wrote:

Comment on attachment 58111
Don't use hard-coded minimal UID to exclude users

Review of attachment 58111:
-----------------------------------------------------------------

Just looking at my /etc/passwd, there's odd things like sync and halt,
which are not /sbin/nologin

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/13

------------------------------------------------------------------------
On 2012-03-12T18:36:42+00:00 Bastien Nocera wrote:

(In reply to comment #5)
<snip>
> Not sure I agree with this one.
> Yes, we should filter on the login shell. But that doesn't mean that we should
> ignore the minimal uid

The minimal UID is only useful to create new users, nothing else. In
fact it creates problems with perfectly normal administration policies
(like adding new users should start from UID 5000, but users local to
the machine get 500 and above, for example).

(In reply to comment #6)
> Just looking at my /etc/passwd, there's odd things like sync and halt, which
> are not /sbin/nologin

They're already ignored, see the daemon->priv->exclusions hash_table
that has every item in default_excludes[] added.

The same scheme work for GDM in the past.

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/14

------------------------------------------------------------------------
On 2012-03-12T18:37:05+00:00 Bastien Nocera wrote:

(In reply to comment #5)
<snip>
> Not sure I agree with this one.
> Yes, we should filter on the login shell. But that doesn't mean that we should
> ignore the minimal uid

The minimal UID is only useful to create new users, nothing else. In
fact it creates problems with perfectly normal administration policies
(like adding new users should start from UID 5000, but users local to
the machine get 500 and above, for example).

(In reply to comment #6)
> Just looking at my /etc/passwd, there's odd things like sync and halt, which
> are not /sbin/nologin

They're already ignored, see the daemon->priv->exclusions hash_table
that has every item in default_excludes[] added.

The same scheme work for GDM in the past.

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/15

------------------------------------------------------------------------
On 2012-03-24T15:07:59+00:00 Matthias Clasen wrote:

Comment on attachment 58111
Don't use hard-coded minimal UID to exclude users

Review of attachment 58111:
-----------------------------------------------------------------

Ok, after rereading the docs for UID_MIN, I agree now.

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/16

------------------------------------------------------------------------
On 2012-03-26T19:41:04+00:00 Rstrode wrote:

I've pushed this in now with a few changes to also catch /bin/false and
/usr/sbin/nologin.

Reply at:
https://bugs.launchpad.net/accountsservice/+bug/908140/comments/17


** Changed in: accountsservice
       Status: Unknown => Fix Released

** Changed in: accountsservice
   Importance: Unknown => Critical

** Bug watch added: freedesktop.org Bugzilla #47045
   https://bugs.freedesktop.org/show_bug.cgi?id=47045

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to accountsservice in Ubuntu.
https://bugs.launchpad.net/bugs/908140

Title:
  [user-accounts]: segfault in um_user_set_icon_file()

Status in D-Bus interfaces for querying and manipulating user account 
information:
  Fix Released
Status in GNOME Control Center:
  Unknown
Status in “accountsservice” package in Ubuntu:
  Triaged
Status in “accountsservice” source package in Precise:
  Triaged

Bug description:
  User account was not possible when i gave in the Icon then gnome closed
  I had installed ubuntu in german language but it always changes after restart

  ProblemType: Crash
  DistroRelease: Ubuntu 11.10
  Package: gnome-control-center 1:3.2.0-0ubuntu6
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
  Uname: Linux 3.0.0-12-generic i686
  ApportVersion: 1.23-0ubuntu3
  Architecture: i386
  CasperVersion: 1.287
  CrashCounter: 1
  Date: Fri Dec 23 14:31:44 2011
  ExecutablePath: /usr/bin/gnome-control-center
  LiveMediaBuild: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111012)
  ProcCmdline: gnome-control-center --overview
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SegvAnalysis:
   Segfault happened at: 0x17e2103d:    mov    0x10(%eax),%eax
   PC (0x17e2103d) ok
   source "0x10(%eax)" (0x00000010) not located in a known VMA region (needed 
readable region)!
   destination "%eax" ok
  SegvReason: reading NULL VMA
  Signal: 11
  SourcePackage: gnome-control-center
  StacktraceTop:
   ?? () from /usr/lib/control-center-1/panels/libuser-accounts.so
   ?? () from /usr/lib/control-center-1/panels/libuser-accounts.so
   g_cclosure_marshal_VOID__VOID () from 
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0
   g_closure_invoke () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
   ?? () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
  Title: gnome-control-center crashed with SIGSEGV in 
g_cclosure_marshal_VOID__VOID()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
  usr_lib_gnome-control-center:
   deja-dup           20.0-0ubuntu3
   gnome-bluetooth    3.2.0-0ubuntu1
   indicator-datetime 0.3.0-0ubuntu3

To manage notifications about this bug go to:
https://bugs.launchpad.net/accountsservice/+bug/908140/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to