Hello Valentin, or anyone else affected, Accepted shadow into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shadow/1:4.13+dfsg1-4ubuntu3.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-noble. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Description changed: [ Impact ] On Ubuntu Core 24 calling the command line useradd --extrausers --groups somegroup somenewuser ... fails with: useradd: cannot lock /etc/group; try again later. It worked on 22.04. /etc is not writable. It also fails if somegroup is a group in extrausers. [ Test Plan ] Part of the upload is adding an autopkgtest script testing useradd and usermod in the extrausers+readonly-etc case. In addition, the following commands should be run as root in a fresh container: ``` # Install prerequisites apt install libnss-extrausers - vim /etc/nsswitch.conf # enable extrausers in group, passwd, shadow and gshadow + sed -i -r -e'/^(passwd|group|shadow|gshadow)/ s/$/ extrausers/' /etc/nsswitch.conf # enable extrausers in group, passwd, shadow and gshadow # Sanity checks of "normal" path groupadd etcgroup useradd --groups etcgroup etcuser id etcuser | grep etcgroup groupadd etcgroup2 usermod --groups etcgroup2 etcuser id etcuser | grep etcgroup2 useradd --groups nullgroup etcuser || echo Successfully rejected invalid group ls /var/lib/extrausers/ # should be empty # Sanity checks of "extrausers" path in rw context groupadd --extrausers extragroup useradd --extrausers --groups extragroup extrauser # currently fails id extrauser | grep extragroup useradd --extrausers extrauser2 id extrauser2 usermod --extrausers --groups extragroup extrauser2 id extrauser2 | grep extragroup # Sanity checks of "extrausers" path in ro context mv /etc /etc-rw mkdir /etc mount -o bind,ro /etc-rw /etc groupadd --extrausers extragroup2 useradd --extrausers --groups etcgroup extrauser3 id extrauser4 | grep etcgroup usermod --extrausers --groups extragroup2 extrauser3 id extrauser4 | grep extragroup2 ``` - Furthermore, validation from the Ubuntu Core team that this actually fixes their use case is required. [ Where problems could occur ] Regression potential is in the group validation stage of the `usermod` and `useradd` tools. Besides the usual risks related to C code, the various failure scenarios that come to mind are: * try to add the user to an non-existing local group, which would fail further - down with a different error message + down with a different error message * actually fail to identify a valid local group * Fail to either add the user to the system, or the user to the group * Update the wrong file (/var/lib/extrausers/* vs /etc/*) ** Changed in: shadow (Ubuntu Noble) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063200 Title: useradd --extrausers --groups tries to lock /etc/group To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2063200/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
