https://bugzilla.suse.com/show_bug.cgi?id=1179261 https://bugzilla.suse.com/show_bug.cgi?id=1179261#c2 --- Comment #2 from Stefan Hundhammer --- As far as I can tell, yast2-users does use "useradd": https://github.com/yast/yast-users/blob/master/src/modules/Users.pm#L4523 but I am not 100% sure since this is only one or more branches; alternatively, it can also use LDAP. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 https://bugzilla.suse.com/show_bug.cgi?id=1179261#c4 --- Comment #4 from Fabian Vogt --- (In reply to Stefan Hundhammer from comment #2)

As far as I can tell, yast2-users does use "useradd":

https://github.com/yast/yast-users/blob/master/src/modules/Users.pm#L4523

That's actually just taking care of USERADD_CMD from login.defs: # If defined, this command is run when adding a user. # It should rebuild any NIS database etc. to add the # new created account. # USERADD_CMD /usr/sbin/useradd.local So where the hack was previously, but had to be removed.

but I am not 100% sure since this is only one or more branches; alternatively, it can also use LDAP.

-- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 https://bugzilla.suse.com/show_bug.cgi?id=1179261#c6 Fabian Vogt changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(fvogt@suse.com) | --- Comment #6 from Fabian Vogt --- (In reply to Stefan Schubert from comment #5)

Ok, thanks for the input. So the task would be to exchange the call useradd.local by useradd and to remove the manual copy of the skel because it should be already done by useradd. Right, Fabian ?

useradd takes care of creating the user, i.e. optionally creating the home directory, calling useradd.local and modifying /etc/passwd,shadow,etc. YaST only appears to call useradd.local, which implies that it does the other steps manually already. So just calling useradd instead of useradd.local would create the user twice. BTW, it seems like YaST edits /etc/passwd and /etc/shadow before the home directory is created and chown is run. This introduces a theoretical race condition, that the user can login and have write access to ~ which is currently being chowned to the new uid. Not sure whether this can be an issue in practice. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 https://bugzilla.suse.com/show_bug.cgi?id=1179261#c8 --- Comment #8 from Stefan Dirsch --- I agree with Fabian. YaST completely replaced useradd by its own mechanism (we may have lost the reasons why this has been done!). Later when useradd adds the useradd.local hack for supporting SE Linux YaST added running this script as well. So yes, either add copying files from /usr/etc/skel as Fabian suggested (not recommended), or switch to using useradd (preferred solution). BTW, I cannot access. I guess only YaST members can ... -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 https://bugzilla.suse.com/show_bug.cgi?id=1179261#c10 --- Comment #10 from Stefan Schubert --- (In reply to Stefan Dirsch from comment #8)

I agree with Fabian. YaST completely replaced useradd by its own mechanism (we may have lost the reasons why this has been done!). Later when useradd adds the useradd.local hack for supporting SE Linux YaST added running this script as well. So yes, either add copying files from /usr/etc/skel as Fabian suggested (not recommended), or switch to using useradd (preferred solution).

BTW, I cannot access. I guess only YaST members can ... I have written more or less the same in the Trello Card :-)

-- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 https://bugzilla.suse.com/show_bug.cgi?id=1179261#c12 --- Comment #12 from Fabian Vogt --- (In reply to Lukas Ocilka from comment #11)

So IIUC, the summary should be "Use adduser instead of adduser.local"? With explanation that hack is over and there is a real solution in place already.

Currently the submission for shadow without the hack in useradd.local fails openQA because directories are missing for created users, so that's mainly what the bug report is about. How to address this is open, but using useradd fully is definitely a valid option AFAICT. (FTR, adduser != useradd) -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 Stefan Dirsch changed: What |Removed |Added ---------------------------------------------------------------------------- CC|sndirsch@suse.com | -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 Pavel Dost�l changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pdostal@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 Lukas Ocilka changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P1 - Urgent |P2 - High -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 Jos� Iv�n L�pez Gonz�lez changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fcrozat@suse.com Flags| |needinfo?(fcrozat@suse.com) -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 Thorsten Behrens changed: What |Removed |Added ---------------------------------------------------------------------------- CC|thorsten.behrens@cib.de |thorsten.behrens@allotropia | |.de -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 https://bugzilla.suse.com/show_bug.cgi?id=1179261#c20 Fabian Vogt changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(sweiberg@suse.com | |) | --- Comment #20 from Fabian Vogt --- (In reply to Jos� Iv�n L�pez Gonz�lez from comment #18)

Finally, we have decided to fix this issue by simply copying /usr/etc/skel content. Take into account that adapting yast-users to use useradd command would require to almost re-write the whole module. Doing that in the current code (written in perl and without an extensive test coverage) would be risky. Anyway, YaST team is already working in the future yast-users-ng, which will overcome the issues in the current module.

Yay! This bug report is also used for tracking that subuids and subgids aren't set up for user accounts created by YaST, so various container runtimes don't work. useradd does this automatically based on SUB_UID_COUNT/SUB_GID_COUNT already, could you implement this in YaST as well? This is especially relevant for rootless podman, which should work out of the box.

* https://github.com/yast/yast-users/pull/240

I had a look at the code, it works differently than shadow. YaST copies /usr/etc/skel/ first and then /etc/skel on top, but shadow does it the other way around, to better preserve attributes and allow a bit more flexibility. It shouldn't cause a major issue though, so should be fine until yast-users-ng.

* https://build.opensuse.org/request/show/883009

(In reply to Jos� Iv�n L�pez Gonz�lez from comment #19)

Note for SLE Release Managers: the fix for yast2-users [1] was not submitted to SLE-15-SP3 project because the useradd.local script has not been modified in SLE-15-SP3. If this request for the shadow suite [2] is included in SLE-15-SP3 (which modifies useradd.local script), then the fix for yast2-users should be included too. Please, ping YaST team in case you need these changes there. Thanks!

SLE doesn't use /usr/etc/skel/ (yet), so even with an updated shadow it should still work as before.

[1] https://github.com/yast/yast-users/pull/240 [2] https://build.opensuse.org/request/show/872327

-- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 https://bugzilla.suse.com/show_bug.cgi?id=1179261#c22 --- Comment #22 from Fabian Vogt --- (In reply to Fabian Vogt from comment #20)

This bug report is also used for tracking that subuids and subgids aren't set up for user accounts created by YaST, so various container runtimes don't work. useradd does this automatically based on SUB_UID_COUNT/SUB_GID_COUNT already, could you implement this in YaST as well? This is especially relevant for rootless podman, which should work out of the box.

^ Are you tracking this already or should I open a new report? -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1179261 Stefan Weiberg changed: What |Removed |Added ---------------------------------------------------------------------------- CC|sweiberg@suse.com | -- You are receiving this mail because: You are on the CC list for the bug.