[Bug 626517] New: texlive and kile are unusable after an upgrade from opensuse 11.2 to opensuse 11.3 ; all ls-R files contain only 2 lines
http://bugzilla.novell.com/show_bug.cgi?id=626517 http://bugzilla.novell.com/show_bug.cgi?id=626517#c0 Summary: texlive and kile are unusable after an upgrade from opensuse 11.2 to opensuse 11.3 ; all ls-R files contain only 2 lines Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: i586 OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: Installation AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: ndordea@computer.org QAContact: jsrain@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.6) Gecko/20100626 SUSE/3.6.6-1.2 Firefox/3.6.6 GTB5 Case : Upgrade opensuse 11.2 to opensuse 11.3 after upgrade Kile and texlive are unusable. All old ls-R files are lost All ls-R files have onle 2 lines % ls-R -- filename database for kpathsea; do not change this line. ./: latex warning: kpathsea: No usable entries in /etc/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /var/lib/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/lib/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/local/share/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/share/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /var/cache/texmf/fonts/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/share/lilypond/2.12.3/ls-R. warning: kpathsea: See the manual for how to generate ls-R. This is pdfTeX, Version 3.1415926-1.40.10 (TeX Live 2009/openSUSE) ** Please type the name of your input file. **\ kpathsea: Running mktexfmt latex.fmt warning: kpathsea: No usable entries in /etc/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /var/lib/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/lib/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/local/share/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/share/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /var/cache/texmf/fonts/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/share/lilypond/2.12.3/ls-R. warning: kpathsea: See the manual for how to generate ls-R. tcfmgr: config file `tcfmgr.map' (usually in $TEXMFMAIN/texconfig) not found. fmtutil: config file `fmtutil.cnf' not found. I can't find the format file `latex.fmt'! ------------------------------- sudo mktexlsr root's password: warning: kpathsea: No usable entries in /etc/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /var/lib/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/lib/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/local/share/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/share/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /var/cache/texmf/fonts/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/share/lilypond/2.12.3/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /etc/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /var/lib/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/lib/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/local/share/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/share/texmf/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /var/cache/texmf/fonts/ls-R. warning: kpathsea: See the manual for how to generate ls-R. warning: kpathsea: No usable entries in /usr/share/lilypond/2.12.3/ls-R. warning: kpathsea: See the manual for how to generate ls-R. mktexlsr: Updating /etc/texmf/ls-R... su: incorrect password mktexlsr: Updating /var/lib/texmf/main/ls-R... su: incorrect password mktexlsr: Updating /usr/local/share/texmf/ls-R... su: incorrect password mktexlsr: Updating /usr/share/lilypond/2.12.3/ls-R... su: incorrect password mktexlsr: Updating /usr/share/texmf/../../../var/lib/texmf/dist/ls-R... su: incorrect password mktexlsr: Updating /var/cache/texmf/fonts/ls-R... su: incorrect password mktexlsr: Updating /var/lib/texmf/ls-R... su: incorrect password mktexlsr: Done. Reproducible: Always Steps to Reproduce: 1. try to process a tex file in kile it fails ( look at output ) 2. or try to run a latex in batch 3. or try to run sudo mktexlsr same[similar] happens with sudo texhash Actual Results: Provided above Expected Results: latex and kile does not work produce latex associated files out and DVI That dvi file can be further processed by ocular --- display dvi dvi2ps --- generates a postscript file from dvi ps2pdf --- generates an pdf file from ps file created above other path ---- process the tex file via pdflatex it produces directly the pdf file -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c
yang xiaoyu
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c1
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c2
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c3
Nick Dordea
Nick? Do you have an answer on my questions in comment #1?
Hello Werner, Answers to your questions: 1. The SUSEconfig in not disabled, 2. I never used nobody user. It should have the SUSE configurations The mktexlsr as well as texhash fail regardless the user used to run them: root, sudo or an user I attach nobody records on /etc/passwd ----> nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash and /etc/shadow nobody:!!:14550:::::: On my system root, nobody, users are using /bin/bash only tomcat is based on /bin/sh tomcat:x:116:119:Apache Tomcat:/usr/share/tomcat6:/bin/sh mktexlsr uses #!/bin/sh while the nobody root etc uses /bin/bash Is this a problem? Once I had to change #!/bin/sh to #!/bin/bash . Should you have any questions, requests, comments please let me know. Best R -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c4
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c5
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c6
Nick Dordea
Try within a terminal
su - root
then do as root
su nobody
the last command should not require a password.
Done on a non-root terminal su - root provided root's password then ..... #whoami root # su nobody su: incorrect password -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c7
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c8
Nick Dordea
This should not happen ...
Thomas? Can you tell me how this can happen and how to avoid this?
AFAIC see from the inital report there are two exclamation marks and IMHO it should be only one within the entry for nobody in /etc/shadow
Hello ...
Please find below some testing I've done recently, as well as a work-around
solution. With it I can use both texlive and Kile
Please contact me if you have any questions.
I have 2 questions. Could you please have a look at them
1) Is it possible to have the nobody account deleted then recreated?
2) Part of the work-around I deleted 2 links
/usr/share/texmf/ls-R ----> ../../../var/lib/texmf/dist/ls-R
/usr/lib/texmf/lsr ----> /var/lib/texmf/main/lsr-R
The work-around builds them as files
Are the above links still necessary?
Thanks for help.
Nick
================================================================
The case of !! vs ! for nobody shadow record
i) initial
sudo grep nobody /etc/passwd /etc/shadow
/etc/passwd:nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
/etc/shadow:nobody:!!:14550::::::
ii) get nobody status
sudo passwd -S nobody
root's password:
nobody LK 11/02/2009 -1 -1 -1 -1 ====> nobody is loked
iii) try to unlock nobody
sudo passwd -u nobody
root's password:
account updated
iv) get the nobody shadow again
sudo grep nobody /etc/passwd /etc/shadow
/etc/passwd:nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
/etc/shadow:nobody:!:14550:::::: <==== now nobody has only one !
v) execute mktexlsr ......
It fails as described before su nobody [ invalid password ]
Question : Could you please help me to have nobody account back to i) case
For sure there is an issue with su vs nobody account
Try a work-around :
delete all bad ls-R created by mktexlsr
change mktexlsr to be insensitive to nobody account
check the ls-R files
A) delete the links to bas ls-R files
/usr/share/texmf/ls-R ----> ../../../var/lib/texmf/dist/ls-R
/usr/lib/texmf/lsr ----> /var/lib/texmf/main/lsr-R
B) rename all ls-R files to ls-R_bad
/usr/local/share/texmf
/usr/share/lilypond/2/12/3
/var/cache/texmf/fonts
/var/lib/texmf
/var/lib/texmf/main
/var/lib/texmf/dist
/etc/texmf
C) create mktexlsr_1 ( based on mktexlsr) by
replacing
nobody="$(id -un nobody)"
if test "$(id -ur 2> /dev/null)" = "0" -a -n "$nobody" ; then
grep -qE 'nobody:[^:]*:[0-9]+:0:0::::' /etc/shadow
if test $? -eq 0 ; then
echo "$progname: Warning the password of the user nobody has expired." >&2
echo " Please use program \`chage' to set maxdays to 99999." >&2
echo ""
exit 1
fi
runls () { su $nobody -s /bin/sh -c 'exec -a ls ls -LRa 2>/dev/null'; }
else
runls () { ls -LRa 2>/dev/null; }
fi
by
nobody="$(id -un nobody)"
if test "$(id -ur 2> /dev/null)" = "0" -a -n "$nobody" ; then
grep -qE 'nobody:[^:]*:[0-9]+:0:0::::' /etc/shadow
if test $? -eq 0 ; then
echo "$progname: Warning the password of the user nobody has expired." >&2
echo " Please use program \`chage' to set maxdays to 99999." >&2
echo ""
exit 1
fi
# runls () { su $nobody -s /bin/sh -c 'exec -a ls ls -LRa 2>/dev/null'; }
# su nobody fails
# ignore the nobody logic
runls () { ls -LRa 2>/dev/null; }
else
runls () { ls -LRa 2>/dev/null; }
fi
C) run sudo mktexlsr_1
sudo mktexlsr_1
root's password:
mktexlsr_1: Updating /etc/texmf/ls-R...
mktexlsr_1: Updating /usr/lib/texmf/ls-R...
mktexlsr_1: Updating /usr/local/share/texmf/ls-R...
mktexlsr_1: Updating /usr/share/lilypond/2.12.3/ls-R...
mktexlsr_1: Updating /usr/share/texmf/ls-R...
mktexlsr_1: Updating /var/cache/texmf/fonts/ls-R...
mktexlsr_1: Updating /var/lib/texmf/ls-R...
mktexlsr_1: Done.
D) analyze the outputs ......
/var/lib/texmf/main/ls-R and /var/lib/texmf/dist/ls-R not created
Run mktexlsr_1 to handle them .....
sudo mktexlsr_1 /var/lib/texmf/main /var/lib/texmf/dist
root's password:
mktexlsr_1: Updating /var/lib/texmf/main/ls-R...
mktexlsr_1: Updating /var/lib/texmf/dist/ls-R...
mktexlsr_1: Done.
E) for each ls-R created by C) and D) create a copy ls-R_good
F) get a list of all ls-R* files
/usr/local/share/texmf/ls-R
/usr/local/share/texmf/ls-R_bad
/usr/local/share/texmf/ls-R_good
/usr/share/lilypond/2.12.3/ls-R
/usr/share/lilypond/2.12.3/ls-R_bad
/usr/share/lilypond/2.12.3/ls-R_good
/usr/share/texmf/doc/context/manuals/reference/en/ls-R <--- old file not
affected by the upgrade
/usr/share/texmf/ls-R
/usr/share/texmf/ls-R_good
/usr/lib/texmf/ls-R
/usr/lib/texmf/ls-R_good
/var/cache/texmf/fonts/ls-R
/var/cache/texmf/fonts/ls-R_bad
/var/cache/texmf/fonts/ls-R_good
/var/lib/texmf/ls-R
/var/lib/texmf/ls-R_bad
/var/lib/texmf/main/ls-R
/var/lib/texmf/main/ls-R_bad
/var/lib/texmf/main/ls-R_good
/var/lib/texmf/dist/ls-R
/var/lib/texmf/dist/ls-R_bad
/var/lib/texmf/dist/ls-R_good
/var/lib/texmf/ls-R_good
/etc/texmf/ls-R
/etc/texmf/ls-R_bad
/etc/texmf/ls-R_good
G) Test latex .....
latex <a-tex-file>.tex
This is pdfTeX, Version 3.1415926-1.40.10 (TeX Live
2009/obs://build.opensuse.org/Publishing)
entering extended mode
(./<a-tex-file>.tex
LaTeX2e <2009/09/24>
Babel
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c9
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c10
Philipp Thomas
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c11
Thorsten Kukuk
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c12
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c13
--- Comment #13 from Nick Dordea
OK ... Nick? You should remove the second exclamation mark from the password string in the line of user nobody within /etc/shadow
Close this bug as WORKSFORME
This issue appeared after upgrading opensuse 11.2 to opensuse 11.3 In opensuse 11.2 I did not have any issue with texhash and/or mktexlsr If all "system" accounts should have only a ! in /etc/shadow it seems that the upgrade process chamge ! to !!, so the upgrade process negatively/indirectly affects the upgraded system. nobody has only one ! due to passwd -u nobody how comes that the tss account does have only one ! ? After upgrade texlive was one of many issues I still have with the upgraded system ( often it's frozen, evolution is unstable, amarok freezes the system if the connectivity is lost, etc. ) I hope that a new/cleaner opensuse 11.3 distro will be released. At that time I will consider installing opensuse 11.3 rather than upgrading. It will take a lot of work to recreate my system but I am sure that it would be much better than the existing-upgraded-system. I'm using [open]suse for a long time [ still v5 ] and this is the first time when I have had major issues [ i.e. feature failures ] with the upgraded system. Maybe 11.3 is a prelude to "install only" approach ..... Thanks nd =========================== /etc/shadow ============================= sudo grep ! /etc/passwd /etc/shadow root's password: /etc/shadow:at:!!:14575:0:99999:7::: /etc/shadow:avahi:!!:14550:0:99999:7::: /etc/shadow:beagleindex:!!:14550:0:99999:7::: /etc/shadow:bin:!!:14550:::::: /etc/shadow:cntlm:!!:14704:0:99999:7::: /etc/shadow:cyrus:!!:14575:0:99999:7::: /etc/shadow:daemon:!!:14550:::::: /etc/shadow:dhcpd:!!:14575:0:99999:7::: /etc/shadow:dnsmasq:!!:14550:0:99999:7::: /etc/shadow:dovecot:!!:14647:0:99999:7::: /etc/shadow:fetchmail:!!:14575:0:99999:7::: /etc/shadow:firebird:!!:14599:0:99999:7::: /etc/shadow:ftp:!!:14550:::::: /etc/shadow:ftpsecure:!!:14575:0:99999:7::: /etc/shadow:games:!!:14550:::::: /etc/shadow:gdm:!!:14550:0:99999:7::: /etc/shadow:haldaemon:!!:14550:0:99999:7::: /etc/shadow:icecream:!!:14575:0:99999:7::: /etc/shadow:ldap:!!:14575:0:99999:7::: /etc/shadow:lp:!!:14550:::::: /etc/shadow:mail:!!:14550:::::: /etc/shadow:mailman:!!:14575:0:99999:7::: /etc/shadow:man:!!:14550:::::: /etc/shadow:messagebus:!!:14550:0:99999:7::: /etc/shadow:mysql:!!:14575:0:99999:7::: /etc/shadow:nagios:!!:14575:0:99999:7::: /etc/shadow:named:!!:14575:0:99999:7::: /etc/shadow:news:!!:14550:::::: /etc/shadow:nobody:!:14550:::::: /etc/shadow:ntp:!!:14550:0:99999:7::: /etc/shadow:pdns:!!:14647:0:99999:7::: /etc/shadow:polkituser:!!:14550:0:99999:7::: /etc/shadow:postfix:!!:14550:0:99999:7::: /etc/shadow:postgres:!!:14575:0:99999:7::: /etc/shadow:pulse:!!:14550:0:99999:7::: /etc/shadow:quagga:!!:14575:0:99999:7::: /etc/shadow:rtkit:!!:14550:0:99999:7::: /etc/shadow:squid:!!:14575:0:99999:7::: /etc/shadow:sshd:!!:14550:0:99999:7::: /etc/shadow:suse-ncc:!!:14550:0:99999:7::: /etc/shadow:tomcat:!!:14575:0:99999:7::: /etc/shadow:uucp:!!:14550:::::: /etc/shadow:vscan:!!:14575:0:99999:7::: /etc/shadow:wwwrun:!!:14550:::::: /etc/shadow:tss:!:14818:0:99999:7::: =========================== /etc/shadow ============================= -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c14
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c15
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c16
Thorsten Kukuk
(In reply to comment #12)
OK ... Nick? You should remove the second exclamation mark from the password string in the line of user nobody within /etc/shadow
Close this bug as WORKSFORME
This issue appeared after upgrading opensuse 11.2 to opensuse 11.3 In opensuse 11.2 I did not have any issue with texhash and/or mktexlsr
If all "system" accounts should have only a ! in /etc/shadow it seems that the upgrade process chamge ! to !!, so the upgrade process negatively/indirectly affects the upgraded system. nobody has only one ! due to passwd -u nobody how comes that the tss account does have only one ! ?
System accounts should have only a "*", no "!". As I wrote, I cannot find any system which has "!" in /etc/shadow for system accounts, all, even openSUSE 11.2, have "*". There is no code which changes that on updates, it wouldn't make any sense. Even playing with pwconv/pwunconv doesn't create such entries. Since this is the only system: Are you sure that you haven't played with sed or anything else at some time with your /etc/shadow? Especially as all entries are wrong, but not all entries are created in the same way, at the same time and with the same tools. As long as nobody is able to show how this should be reproduceable, there is nothing we can do. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c17
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c18
--- Comment #18 from Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c19
--- Comment #19 from Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c20
Nick Dordea
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c21
--- Comment #21 from Nick Dordea
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c22
--- Comment #22 from Nick Dordea
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c23
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c24
Thorsten Kukuk
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c25
Dr. Werner Fink
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c27
--- Comment #27 from Nick Dordea
su - nobody works fine for me on plain 11.3 and on Factory. All /etc/shadow variants I found have an asterix as password in /etc/shadow.
su - nobody only works as root, but build system is building as user abuild. Maybe that's the problem?
Don't know from where the "!!" as password for nobody are. No SUSE Linux version or openSUSE version I checked have this.
Thorsten, Is your 11.3 installed from scratch OR upgraded from 11.2 ? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c28
--- Comment #28 from Thorsten Kukuk
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c29
--- Comment #29 from Nick Dordea
On some systems tw exclamation marks indicate that the password has not been set yet and the account is locked. But AFAICS our useradd simply disables (== one exclamation mark) is no password was specified. On a standard installation of an openSUSE there should be only asterisk or if the account is locked only one exclamation mark e.g. by using `passwd -l <user>' or `usermod -L <user>'
... but during my debugging I've found that usermod creates a file /etc/shadow.old. Now locking leads to
# usermod -L nobody # grep nobody /etc/shadow* /etc/shadow:nobody:*:13595:::::: /etc/shadow.old:nobody:!*:13595:::::: # passwd -u nobody# grep nobody /etc/shadow* /etc/shadow:nobody:*:13595:::::: /etc/shadow.old:nobody:!*:13595::::::
that leads me to the conclusion that those two exclamation marks exsists a long time in your /etc/shadow by e.g. using an older version of usermod adding a exclamation mark even if the account was already locked. The current tool reject locking twice:
# passwd -l nobody Password for `nobody' is already locked!
... OK now let's see what happens on a 11.3:
# usermod -L nobody # grep nobody /etc/shadow* /etc/shadow:nobody:!*:14832:::::: /etc/shadow.old:nobody:*:14832:::::: # su nobody su: incorrect password
... that is a bug on 11.3 as locking the user nobody with system tools causes that even root can do an su to an locked account.
The question is: does this bug belong to PAM or to su. Hand over to Philipp and Michael.
Hello Werner, Definitely we have an issue with i) the status of system-accounts after upgrade to 11.3 and/or ii) how su et-co interprets the system-accounts. What is relevant for me is that a upgraded feature is failing; for me it is irrelevant which is true i) or ii) or i) + ii) ; Learning that nobody account seems to be the root cause, I took the liberty to do some testing : 1. delete nobody entry that has ! 2. create a new nobody 3. create a nobody1 ( almost identical with nobody) 4. get the new records structures 5. test su nobody[1] 6. test mktextlst if 5 is ok 7. test latex if 5 , 6 are ok 8. test kile if 5, 6 ,7 are ok. The good news is that all above tests were ok. So the new account has * in /etc/shadow which is the correct structure. Please find below the tests.
From my point of view, it seems that under some conditions 11.3 is not fully backward compatible with 11.2 . The backward compatibility of 11.3 is the issue. Is a script/etc that deletes then recreates all system-accounts the solution? Maybe .......
Another fact, /etc/default/password has
CRYPT=md5
CRYPT_FILES=blowfish
The passwords encrypted via md5 start with $1$ whereas those encrypted via
blowfish start with $2a$
here is the old-accounts on my system
sudo grep r<removed> /etc/passwd /etc/shadow /etc/shadow.old
root's password:
/etc/passwd:root:x:0:0:root:/root:/bin/bash
/etc/passwd:rxxx:x:1000:100:rocco:/home/rocco:/bin/bash
/etc/shadow:root:$2a$05$<removed>:<removed>::::::
/etc/shadow:rxxx:$2a$05$<removed>:<removed>:0:99999:7:::
/etc/shadow.old:root:$2a$05$<removed>:<removed>::::::
/etc/shadow.old:rocco:$2a$05$<removed>:<removed>:0:99999:7:::
now the data for a brand new account
~> sudo grep rtest /etc/passwd /etc/shadow /etc/shadow.old
/etc/passwd:rtest:x:500:100:rtest:/home/rtest:
/etc/shadow:rtest:$1$<removed>:<removed>:0:::::0
/etc/shadow.old:rtest:!!:<removed>:0:::::0
It seems that the old accounts were encrypted with blowfish and the upgraded
system encrypts them using md5.
It seems that upgrade-to-11.3 process does not conserve the defaults
established on the 11.2 system. Maybe something similar happened with the
system-accounts.
Let's hope that this [i.e. backward compatibility ] is the light at the end of
the tunnel.
Thanks,
nd
=============================== testing data ==================
~> sudo /usr/sbin/userdel nobody
root's password:
no crontab for nobody
~> sudo /usr/sbin/useradd -u 65534 -g 65533 -d /varlib/nobody -s /bin/bash -c
nobody -r nobody
~> sudo /usr/sbin/useradd -u 65532 -g 65533 -d /varlib/nobody2 -s /bin/bash -c
nobody1 -r nobody1
~> sudo grep nobody /etc/passwd /etc/shadow /etc/shadow.old
/etc/passwd:nobody:x:65534:65533:nobody:/varlib/nobody:/bin/bash
/etc/passwd:nobody1:x:65532:65533:nobody1:/varlib/nobody2:/bin/bash
/etc/shadow:nobody:*:14834:0:99999:7:::
/etc/shadow:nobody1:*:14834:0:99999:7:::
/etc/shadow.old:nobody:*:14834:0:99999:7:::
~> su
Password:
# su nobody
----- successful
exit
~> su
Password:
# su nobody1
----- successful
exit
~> sudo /usr/sbin/userdel nobody1
root's password:
no crontab for nobody1
sudo mktexlsr
root's password:
mktexlsr: Updating /etc/texmf/ls-R...
mktexlsr: Updating /usr/lib/texmf/ls-R...
mktexlsr: Updating /usr/local/share/texmf/ls-R...
mktexlsr: Updating /usr/share/lilypond/2.12.3/ls-R...
mktexlsr: Updating /usr/share/texmf/ls-R...
mktexlsr: Updating /var/cache/texmf/fonts/ls-R...
mktexlsr: Updating /var/lib/texmf/ls-R...
mktexlsr: Done.
~> latex
This is pdfTeX, Version 3.1415926-1.40.10 (TeX Live
2009/obs://build.opensuse.org/Publishing)
**\bye
entering extended mode
LaTeX2e <2009/09/24>
Babel
http://bugzilla.novell.com/show_bug.cgi?id=626517
http://bugzilla.novell.com/show_bug.cgi?id=626517#c30
Henryk Hecht
https://bugzilla.novell.com/show_bug.cgi?id=626517
https://bugzilla.novell.com/show_bug.cgi?id=626517#c31
Philipp Thomas
https://bugzilla.novell.com/show_bug.cgi?id=626517
https://bugzilla.novell.com/show_bug.cgi?id=626517#c32
Philipp Thomas
https://bugzilla.novell.com/show_bug.cgi?id=626517
https://bugzilla.novell.com/show_bug.cgi?id=626517#c33
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=626517
https://bugzilla.novell.com/show_bug.cgi?id=626517#c34
--- Comment #34 from Philipp Thomas
https://bugzilla.novell.com/show_bug.cgi?id=626517
https://bugzilla.novell.com/show_bug.cgi?id=626517#c35
--- Comment #35 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=626517
https://bugzilla.novell.com/show_bug.cgi?id=626517#c36
Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=626517
https://bugzilla.novell.com/show_bug.cgi?id=626517#c37
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=626517
https://bugzilla.novell.com/show_bug.cgi?id=626517#c38
--- Comment #38 from Philipp Thomas
participants (1)
-
bugzilla_noreply@novell.com