[Bug 281252] New: Locked account created by: useradd -r -g nx -d /var/lib/nxserver/home -s /usr/bin/nxserver nx
https://bugzilla.novell.com/show_bug.cgi?id=281252 Summary: Locked account created by: useradd -r -g nx -d /var/lib/nxserver/home -s /usr/bin/nxserver nx Product: openSUSE 10.2 Version: Final Platform: i686 OS/Version: openSUSE 10.2 Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: mvdv@spamcop.net QAContact: qa@suse.de The following arose in the course of installing FreeNX, see bug #280403. It seems that the default is to create a locked account, if this is intended behavior it isn't documented in the useradd --help or man useradd. So I'm assuming this is not intended. useradd -r -g nx -d /var/lib/nxserver/home -s /usr/bin/nxserver nx # passwd -S nx nx LK 06/03/2007 0 99999 7 -1 passwd -d nx # passwd -S nx nx NP 06/03/2007 0 99999 7 -1 Now the account functions as required by FreeNX/NX. My classification of this bug might be incorrect - but it didn't seem to be a kernel issue? Feel free to reclassify. HTH -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=281252 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@novell.com AssignedTo|security-team@suse.de |sndirsch@novell.com Platform|i686 |All ------- Comment #1 from meissner@novell.com 2007-06-06 01:11 MST ------- its more an issue of the FreeNX package. thje useradd behaviour is fine. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=281252 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |mvdv@spamcop.net ------- Comment #2 from sndirsch@novell.com 2007-06-06 02:15 MST ------- locked account means what? Do you think it's a good idea to remove the password of nx user? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=281252 ------- Comment #3 from mvdv@spamcop.net 2007-06-06 03:50 MST ------- Thanks for looking at this. The nx user is created by the FreeNX install script as indicated - which looks like it is intentionally without a password? In trying to work out why this account was locked I looked at the password file it showed '!' in the place of the password field - some digging around indicated ! means no password.... so I figured no harm in deleting nothing and viola, the user account is unlocked, and usable.... for the Free NX aplication at least. The nx user can't log on to the (local) machine and authenticates itself using ssh keys. Anyway, it seemed a bug to be created in a locked state? Oh BTW, I should have pointed out if you try passwd -u nx The account is _not_ unlocked... this definitely makes it a passwd issue - no? The 'passwd -u' behavior I haven't confirmed on x86_64 Personally it seems weird to lock an account that doesn't have a password - but I'm a linux novice - there are probably good reasons and it is probably documented as the default behavior - I (and the FreeNX crowd) just didn't see it Regards -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=281252 mvdv@spamcop.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mvdv@spamcop.net Status|NEEDINFO |NEW Info Provider|mvdv@spamcop.net | ------- Comment #4 from mvdv@spamcop.net 2007-06-06 04:00 MST ------- Removing the needinfo. sorry -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=281252 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |mvdv@spamcop.net ------- Comment #5 from sndirsch@novell.com 2007-06-06 04:31 MST ------- Could you discuss this on the FreeNX mailinlist, please? Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=281252 mvdv@spamcop.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|mvdv@spamcop.net | Resolution| |INVALID ------- Comment #6 from mvdv@spamcop.net 2007-06-06 04:52 MST ------- OK useradd -r -g nx -d /var/lib/nxserver/home -s /usr/bin/nxserver nx creates a locked account (expected behavior) passwd - u nx cannot unlock the account (expected?) passwd -d nx is the (only?) way to get the account into a NP state..... I agree with comment #2. Anyway, I take your point. Changing status to invalid :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com