From mboxrd@z Thu Jan 1 00:00:00 1970 From: "pelzflorian (Florian Pelz)" Subject: bug#35996: User account password got locked when booting old generation Date: Sun, 2 Jun 2019 12:21:22 +0200 Message-ID: <20190602102122.bzapwt36vg32nmwq@pelzflorian.localdomain> References: <20190529204517.mqn5xrw23xib4i3u@pelzflorian.localdomain> <877ea6l1on.fsf@gnu.org> <20190601055238.jkhefpupavz7aipi@pelzflorian.localdomain> <20190601145834.f4wgm4oqmdyej7n5@pelzflorian.localdomain> <87r28dc7gw.fsf@gnu.org> <20190602070545.xp2pqlnzsthpjtbw@pelzflorian.localdomain> <87sgss9vj7.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([209.51.188.92]:56862) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hXNgE-0004m8-LQ for bug-guix@gnu.org; Sun, 02 Jun 2019 06:25:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hXNco-0006lR-HI for bug-guix@gnu.org; Sun, 02 Jun 2019 06:22:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54194) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hXNco-0006lG-Dz for bug-guix@gnu.org; Sun, 02 Jun 2019 06:22:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hXNco-0000sF-8m for bug-guix@gnu.org; Sun, 02 Jun 2019 06:22:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <87sgss9vj7.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 35996@debbugs.gnu.org On Sun, Jun 02, 2019 at 11:38:36AM +0200, Ludovic Courtès wrote: > Hi Florian, > > "pelzflorian (Florian Pelz)" skribis: > > > On Sat, Jun 01, 2019 at 11:37:51PM +0200, Ludovic Courtès wrote: > >> This is definitely not a problem when booting. It could be a problem if > >> you’re concurrently running ‘guix system reconfigure’ (which runs > >> activation snippets, including the account updating code) and some other > >> program, such as ‘passwd’, that assumes it holds an exclusive lock on > >> the file. Though in that case, the worst that could happen is that the > >> changes made by Guix would be undoed by that other program. > > Actually, another thing that could happen is that Guix reads an > incomplete /etc/shadow because some other program is writing to it. > > In that case, suppose Guix reads a partial /etc/shadow where user > “florian” is missing. It would then create a new /etc/shadow where the > password for “florian” is uninitialized (or set to the initial value > that appears in config.scm.) > > Could it be what happened to you? You’d have to be running ‘passwd’ or > ‘usermod’ or whatever at exactly the same time as ‘guix system > reconfigure’ (and you’d have to be “lucky”). > No, I did not change my password in a very long time. Is there no proper cross-application locking mechanism for /etc/passwd? elogind uses struct flock flock = { .l_type = F_WRLCK, .l_whence = SEEK_SET, .l_start = 0, .l_len = 0, }; […] fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600); […] r = fcntl(fd, F_SETLKW, &flock; Should Guix adopt something similar for shadow/passwd/… database reads? > > error: '/gnu/store/h5bi85lgnpqcjx2avy126lwiss01idsj-grub-efi-2.02/sbin/grub-install --boot-directory //boot --bootloader-id=Guix --efi-directory //boot/efi' exited with status 1; output follows: > > > > Installing for x86_64-efi platform. > > Could not prepare Boot variable: No such file or directory > > /gnu/store/h5bi85lgnpqcjx2avy126lwiss01idsj-grub-efi-2.02/sbin/grub-install: error: efibootmgr failed to register the boot entry: Input/output error. > > Maybe you’ve exhausted the room for those EFI “variables” or something? > > Thanks for your debugging work! > > Ludo’. Maybe exhausted, maybe it is an error with the NVRAM. I will try making grub-install execute like when installing on external USB drives so it writes nothing to the motherboard. Regards, Florian