unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 35996@debbugs.gnu.org
Subject: bug#35996: User account password got locked when booting old generation
Date: Tue, 4 Jun 2019 14:17:11 +0200	[thread overview]
Message-ID: <20190604121710.uqni7cwp5jo4pwmq@pelzflorian.localdomain> (raw)
In-Reply-To: <87d0jtemca.fsf@gnu.org>

On Tue, Jun 04, 2019 at 11:22:45AM +0200, Ludovic Courtès wrote:
> Hi,
> 
> "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:
> 
> > On Mon, Jun 03, 2019 at 03:22:51PM +0200, Ludovic Courtès wrote:
> >> > After multiple reconfigures, it happened again, my /etc/shadow has !
> >> > again in the password field.  My recently changed root password became
> >> > empty as well, like 35902.  I did not even run sudo concurrently.  The
> >> > password just got locked.
> >> 
> >> What were the differences between your config files when you
> >> reconfigured?
> >>
> >
> > For the last reconfigure, there were no differences, although I had
> > rebooted into an unbootable, older generation with a different
> > syslog.conf and broken Udevd arguments before booting the new
> > generation.
> 
> What’s the effect of this brokenness concretely?  Is the wrong root file
> system mounted, or something like that?
> 

I have multiple broken generation.  On one that now for a third time
(on old generations without Ludo’s patches) led to a locked
/etc/shadow after booting I changed the line
(let ((pid (fork+exec-command (list udevd))))
in gnu/services/base.scm to, I believe, this:
(let ((pid (fork+exec-command (list udevd "--debug-trace"))))

(I am unsure if this is the same broken generation as on my first
report of the issue.  I may have gotten confused.)

This is unbootable, correct would have been --debug and not
--debug-trace.

I may also have changed my syslog configuration to the incorrect

                   (modify-services %desktop-services
                     (syslog-service-type config =>
                       (syslog-configuration
                        (inherit config)
                        (config-file
(plain-file "my-syslog.conf" "
     # Log all error messages, authentication messages of
     # level notice or higher and anything of level err or
     # higher to the console.
     # Don't log private authentication messages!
     *       /var/log/full
[…]")))))))

Correct would have been *.* instead of *  This latter error is
without relevant effect I believe.

I will try to find the /gnu/store files for this generation.

Danny’s suggestion to `chattr +i /etc/shadow` leads to an error with
rename-file trying to rename an empty /etc/shadow.Gi… temporary file
on both this old broken and on healthy generations.


> There really isn’t much to log: the activation code reads
> /etc/{shadow,passwd,group}, computes the list of shadow/passwd/group
> entries as a function of that, and writes it.
> 

If I cannot find a more deterministic way, I will try making (guix
build accounts) print the content of shadow.

Regards,
Florian

  reply	other threads:[~2019-06-04 12:18 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-29 20:45 bug#35996: User account password got locked when booting old generation pelzflorian (Florian Pelz)
2019-05-31 22:05 ` Ludovic Courtès
2019-06-01  5:52   ` pelzflorian (Florian Pelz)
2019-06-01 14:58     ` pelzflorian (Florian Pelz)
2019-06-01 21:37       ` Ludovic Courtès
2019-06-02  7:05         ` pelzflorian (Florian Pelz)
2019-06-02  9:38           ` Ludovic Courtès
2019-06-02 10:21             ` pelzflorian (Florian Pelz)
2019-06-02 16:00               ` Ludovic Courtès
2019-06-03  6:03                 ` pelzflorian (Florian Pelz)
2019-06-03  6:14                   ` Gábor Boskovits
2019-06-03  7:18                   ` pelzflorian (Florian Pelz)
2019-06-03 15:22                     ` Ludovic Courtès
2019-06-03 17:07                       ` pelzflorian (Florian Pelz)
2019-06-03 13:22                   ` Ludovic Courtès
2019-06-03 14:52                     ` pelzflorian (Florian Pelz)
2019-06-04  9:22                       ` Ludovic Courtès
2019-06-04 12:17                         ` pelzflorian (Florian Pelz) [this message]
2019-06-04 14:12                           ` pelzflorian (Florian Pelz)
2019-06-04 17:17                             ` pelzflorian (Florian Pelz)
2019-06-04 21:21                               ` Ludovic Courtès
2019-06-05  6:16                                 ` pelzflorian (Florian Pelz)
2019-06-05  9:54                                   ` Ludovic Courtès
2019-06-05 11:06                                     ` pelzflorian (Florian Pelz)
2019-06-05 21:13                                       ` Ludovic Courtès
2019-06-06  7:01                                         ` pelzflorian (Florian Pelz)
2019-06-06  8:04                                           ` Ludovic Courtès
2019-06-03 16:01                     ` Danny Milosavljevic

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190604121710.uqni7cwp5jo4pwmq@pelzflorian.localdomain \
    --to=pelzflorian@pelzflorian.de \
    --cc=35996@debbugs.gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).