From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 35996@debbugs.gnu.org
Subject: bug#35996: User account password got locked when booting old generation
Date: Tue, 4 Jun 2019 14:17:11 +0200 [thread overview]
Message-ID: <20190604121710.uqni7cwp5jo4pwmq@pelzflorian.localdomain> (raw)
In-Reply-To: <87d0jtemca.fsf@gnu.org>
On Tue, Jun 04, 2019 at 11:22:45AM +0200, Ludovic Courtès wrote:
> Hi,
>
> "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:
>
> > On Mon, Jun 03, 2019 at 03:22:51PM +0200, Ludovic Courtès wrote:
> >> > After multiple reconfigures, it happened again, my /etc/shadow has !
> >> > again in the password field. My recently changed root password became
> >> > empty as well, like 35902. I did not even run sudo concurrently. The
> >> > password just got locked.
> >>
> >> What were the differences between your config files when you
> >> reconfigured?
> >>
> >
> > For the last reconfigure, there were no differences, although I had
> > rebooted into an unbootable, older generation with a different
> > syslog.conf and broken Udevd arguments before booting the new
> > generation.
>
> What’s the effect of this brokenness concretely? Is the wrong root file
> system mounted, or something like that?
>
I have multiple broken generation. On one that now for a third time
(on old generations without Ludo’s patches) led to a locked
/etc/shadow after booting I changed the line
(let ((pid (fork+exec-command (list udevd))))
in gnu/services/base.scm to, I believe, this:
(let ((pid (fork+exec-command (list udevd "--debug-trace"))))
(I am unsure if this is the same broken generation as on my first
report of the issue. I may have gotten confused.)
This is unbootable, correct would have been --debug and not
--debug-trace.
I may also have changed my syslog configuration to the incorrect
(modify-services %desktop-services
(syslog-service-type config =>
(syslog-configuration
(inherit config)
(config-file
(plain-file "my-syslog.conf" "
# Log all error messages, authentication messages of
# level notice or higher and anything of level err or
# higher to the console.
# Don't log private authentication messages!
* /var/log/full
[…]")))))))
Correct would have been *.* instead of * This latter error is
without relevant effect I believe.
I will try to find the /gnu/store files for this generation.
Danny’s suggestion to `chattr +i /etc/shadow` leads to an error with
rename-file trying to rename an empty /etc/shadow.Gi… temporary file
on both this old broken and on healthy generations.
> There really isn’t much to log: the activation code reads
> /etc/{shadow,passwd,group}, computes the list of shadow/passwd/group
> entries as a function of that, and writes it.
>
If I cannot find a more deterministic way, I will try making (guix
build accounts) print the content of shadow.
Regards,
Florian
next prev parent reply other threads:[~2019-06-04 12:18 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-29 20:45 bug#35996: User account password got locked when booting old generation pelzflorian (Florian Pelz)
2019-05-31 22:05 ` Ludovic Courtès
2019-06-01 5:52 ` pelzflorian (Florian Pelz)
2019-06-01 14:58 ` pelzflorian (Florian Pelz)
2019-06-01 21:37 ` Ludovic Courtès
2019-06-02 7:05 ` pelzflorian (Florian Pelz)
2019-06-02 9:38 ` Ludovic Courtès
2019-06-02 10:21 ` pelzflorian (Florian Pelz)
2019-06-02 16:00 ` Ludovic Courtès
2019-06-03 6:03 ` pelzflorian (Florian Pelz)
2019-06-03 6:14 ` Gábor Boskovits
2019-06-03 7:18 ` pelzflorian (Florian Pelz)
2019-06-03 15:22 ` Ludovic Courtès
2019-06-03 17:07 ` pelzflorian (Florian Pelz)
2019-06-03 13:22 ` Ludovic Courtès
2019-06-03 14:52 ` pelzflorian (Florian Pelz)
2019-06-04 9:22 ` Ludovic Courtès
2019-06-04 12:17 ` pelzflorian (Florian Pelz) [this message]
2019-06-04 14:12 ` pelzflorian (Florian Pelz)
2019-06-04 17:17 ` pelzflorian (Florian Pelz)
2019-06-04 21:21 ` Ludovic Courtès
2019-06-05 6:16 ` pelzflorian (Florian Pelz)
2019-06-05 9:54 ` Ludovic Courtès
2019-06-05 11:06 ` pelzflorian (Florian Pelz)
2019-06-05 21:13 ` Ludovic Courtès
2019-06-06 7:01 ` pelzflorian (Florian Pelz)
2019-06-06 8:04 ` Ludovic Courtès
2019-06-03 16:01 ` Danny Milosavljevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190604121710.uqni7cwp5jo4pwmq@pelzflorian.localdomain \
--to=pelzflorian@pelzflorian.de \
--cc=35996@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).