[opensuse-bugs] [Bug 1179261] New: YaST doesn't copy /usr/etc/skel
https://bugzilla.suse.com/show_bug.cgi?id=1179261 Bug ID: 1179261 Summary: YaST doesn't copy /usr/etc/skel Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers@suse.de Reporter: fvogt@suse.com QA Contact: jsrain@suse.com CC: amajer@suse.com, dimstar@opensuse.org, fvogt@suse.com, hpj@urpla.net, kukuk@suse.com, mvetter@suse.com, sndirsch@suse.com, thorsten.behrens@cib.de, werner@suse.com Depends on: 1178296 Blocks: 1178717 Found By: --- Blocker: --- Copying of /usr/etc/skel was initially added to useradd.local, but that approach had some issues so it was implemented properly in useradd itself instead. Now it works properly for users created using useradd, but users created by YaST are missing the content from /usr/etc/skel in their homes. YaST appears to do the copying from skel itself (https://github.com/yast/yast-users/blob/337589043b3c41fb8e1ad18de4badfd6050a...), so it would need to "cp -Rn /usr/etc/skel/. ~newuser/" or so after the /etc/skel copy. +++ This bug was initially created as a clone of Bug #1178296 +++ node128:~ # useradd -r -d /var/lib/test0 test0 chown: cannot access '/home/test0/bin': No such file or directory node128:~ # ls -alF /home/ total 0 drwxr-xr-x. 1 root root 62 Oct 30 10:39 ./ drwxr-xr-x. 1 root root 142 Oct 30 10:27 ../ drwx------. 1 root root 30 Oct 30 10:19 chrony/ drwx------. 1 root root 30 Oct 30 10:19 messagebus/ drwx------. 1 root root 30 Oct 30 10:19 nobody/ drwx------. 1 root root 30 Oct 30 10:19 sshd/ drwxr-xr-x. 1 root root 38 Oct 30 10:39 test0/ useradd.local creates for every system account a directory below /home, owned by root, for copying the /usr/etc/skel files. The current implementation seems to work only for standard users, where the home directory is below /home, but not for system accounts, not if the homedirectory is somewhere else, not if the skel directory shouldn't be copied at all. I'm afraid we need to patch the shadow suite (useradd) directly instead of using the useradd.local helper. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
Thorsten Kukuk
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c2
--- Comment #2 from Stefan Hundhammer
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c3
--- Comment #3 from Stefan Hundhammer
but I am not 100% sure since this is only one or more branches; ^^^^^^^^ of several
-- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c4
--- Comment #4 from Fabian Vogt
As far as I can tell, yast2-users does use "useradd":
https://github.com/yast/yast-users/blob/master/src/modules/Users.pm#L4523
That's actually just taking care of USERADD_CMD from login.defs: # If defined, this command is run when adding a user. # It should rebuild any NIS database etc. to add the # new created account. # USERADD_CMD /usr/sbin/useradd.local So where the hack was previously, but had to be removed.
but I am not 100% sure since this is only one or more branches; alternatively, it can also use LDAP.
-- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c5
Stefan Schubert
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c6
Fabian Vogt
Ok, thanks for the input. So the task would be to exchange the call useradd.local by useradd and to remove the manual copy of the skel because it should be already done by useradd. Right, Fabian ?
useradd takes care of creating the user, i.e. optionally creating the home directory, calling useradd.local and modifying /etc/passwd,shadow,etc. YaST only appears to call useradd.local, which implies that it does the other steps manually already. So just calling useradd instead of useradd.local would create the user twice. BTW, it seems like YaST edits /etc/passwd and /etc/shadow before the home directory is created and chown is run. This introduces a theoretical race condition, that the user can login and have write access to ~ which is currently being chowned to the new uid. Not sure whether this can be an issue in practice. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c7
Stefan Schubert
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c8
--- Comment #8 from Stefan Dirsch
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c9
--- Comment #9 from Stefan Dirsch
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c10
--- Comment #10 from Stefan Schubert
I agree with Fabian. YaST completely replaced useradd by its own mechanism (we may have lost the reasons why this has been done!). Later when useradd adds the useradd.local hack for supporting SE Linux YaST added running this script as well. So yes, either add copying files from /usr/etc/skel as Fabian suggested (not recommended), or switch to using useradd (preferred solution).
BTW, I cannot access. I guess only YaST members can ... I have written more or less the same in the Trello Card :-)
-- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c11
--- Comment #11 from Lukas Ocilka
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c12
--- Comment #12 from Fabian Vogt
So IIUC, the summary should be "Use adduser instead of adduser.local"? With explanation that hack is over and there is a real solution in place already.
Currently the submission for shadow without the hack in useradd.local fails openQA because directories are missing for created users, so that's mainly what the bug report is about. How to address this is open, but using useradd fully is definitely a valid option AFAICT. (FTR, adduser != useradd) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c13
--- Comment #13 from Stefan Dirsch
So IIUC, the summary should be "Use adduser instead of adduser.local"? With explanation that hack is over and there is a real solution in place already.
That would be wrong. 1. The command is called useradd. 2. The execution of useradd.local should be removed (it's executed by useradd itself!) 3. Yast's own mechanism to add a user should be replaced by using useradd command. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
Stefan Dirsch
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c14
Fabian Vogt
https://bugzilla.suse.com/show_bug.cgi?id=1179261
Pavel Dost�l
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c17
--- Comment #17 from Lukas Ocilka
https://bugzilla.suse.com/show_bug.cgi?id=1179261
Lukas Ocilka
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c18
Jos� Iv�n L�pez Gonz�lez
https://bugzilla.suse.com/show_bug.cgi?id=1179261
Jos� Iv�n L�pez Gonz�lez
https://bugzilla.suse.com/show_bug.cgi?id=1179261
Frederic Crozat
https://bugzilla.suse.com/show_bug.cgi?id=1179261
Thorsten Behrens
https://bugzilla.suse.com/show_bug.cgi?id=1179261
Lukas Ocilka
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c20
Fabian Vogt
Finally, we have decided to fix this issue by simply copying /usr/etc/skel content. Take into account that adapting yast-users to use useradd command would require to almost re-write the whole module. Doing that in the current code (written in perl and without an extensive test coverage) would be risky. Anyway, YaST team is already working in the future yast-users-ng, which will overcome the issues in the current module.
Yay! This bug report is also used for tracking that subuids and subgids aren't set up for user accounts created by YaST, so various container runtimes don't work. useradd does this automatically based on SUB_UID_COUNT/SUB_GID_COUNT already, could you implement this in YaST as well? This is especially relevant for rootless podman, which should work out of the box.
I had a look at the code, it works differently than shadow. YaST copies /usr/etc/skel/ first and then /etc/skel on top, but shadow does it the other way around, to better preserve attributes and allow a bit more flexibility. It shouldn't cause a major issue though, so should be fine until yast-users-ng.
(In reply to Jos� Iv�n L�pez Gonz�lez from comment #19)
Note for SLE Release Managers: the fix for yast2-users [1] was not submitted to SLE-15-SP3 project because the useradd.local script has not been modified in SLE-15-SP3. If this request for the shadow suite [2] is included in SLE-15-SP3 (which modifies useradd.local script), then the fix for yast2-users should be included too. Please, ping YaST team in case you need these changes there. Thanks!
SLE doesn't use /usr/etc/skel/ (yet), so even with an updated shadow it should still work as before.
[1] https://github.com/yast/yast-users/pull/240 [2] https://build.opensuse.org/request/show/872327
-- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c21
--- Comment #21 from openQA Review
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c22
--- Comment #22 from Fabian Vogt
This bug report is also used for tracking that subuids and subgids aren't set up for user accounts created by YaST, so various container runtimes don't work. useradd does this automatically based on SUB_UID_COUNT/SUB_GID_COUNT already, could you implement this in YaST as well? This is especially relevant for rootless podman, which should work out of the box.
^ Are you tracking this already or should I open a new report? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
https://bugzilla.suse.com/show_bug.cgi?id=1179261#c23
--- Comment #23 from Fabian Vogt
(In reply to Fabian Vogt from comment #20)
This bug report is also used for tracking that subuids and subgids aren't set up for user accounts created by YaST, so various container runtimes don't work. useradd does this automatically based on SUB_UID_COUNT/SUB_GID_COUNT already, could you implement this in YaST as well? This is especially relevant for rootless podman, which should work out of the box.
^ Are you tracking this already or should I open a new report?
No response, so I take that as a "No". I filed bug 1185342. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1179261
Stefan Weiberg
participants (1)
-
bugzilla_noreply@suse.com