From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#35996: User account password got locked when booting old generation Date: Tue, 04 Jun 2019 11:22:45 +0200 Message-ID: <87d0jtemca.fsf@gnu.org> References: <877ea6l1on.fsf@gnu.org> <20190601055238.jkhefpupavz7aipi@pelzflorian.localdomain> <20190601145834.f4wgm4oqmdyej7n5@pelzflorian.localdomain> <87r28dc7gw.fsf@gnu.org> <20190602070545.xp2pqlnzsthpjtbw@pelzflorian.localdomain> <87sgss9vj7.fsf@gnu.org> <20190602102122.bzapwt36vg32nmwq@pelzflorian.localdomain> <87o93g9dv5.fsf@gnu.org> <20190603060301.2nu2zqi5j3v3j5ki@pelzflorian.localdomain> <87tvd6erbo.fsf@gnu.org> <20190603145209.ub7663zp7yh7n7i4@pelzflorian.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:46405) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hY5ep-0006FL-2f for bug-guix@gnu.org; Tue, 04 Jun 2019 05:23:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hY5eo-0001kD-6h for bug-guix@gnu.org; Tue, 04 Jun 2019 05:23:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:58572) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hY5eo-0001k6-3l for bug-guix@gnu.org; Tue, 04 Jun 2019 05:23:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hY5en-0001kZ-V1 for bug-guix@gnu.org; Tue, 04 Jun 2019 05:23:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20190603145209.ub7663zp7yh7n7i4@pelzflorian.localdomain> (pelzflorian@pelzflorian.de's message of "Mon, 3 Jun 2019 16:52:09 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: "pelzflorian (Florian Pelz)" Cc: 35996@debbugs.gnu.org Hi, "pelzflorian (Florian Pelz)" skribis: > On Mon, Jun 03, 2019 at 03:22:51PM +0200, Ludovic Court=C3=A8s wrote: >> > After multiple reconfigures, it happened again, my /etc/shadow has ! >> > again in the password field. My recently changed root password became >> > empty as well, like 35902. I did not even run sudo concurrently. The >> > password just got locked. >>=20 >> What were the differences between your config files when you >> reconfigured? >> > > For the last reconfigure, there were no differences, although I had > rebooted into an unbootable, older generation with a different > syslog.conf and broken Udevd arguments before booting the new > generation. What=E2=80=99s the effect of this brokenness concretely? Is the wrong root= file system mounted, or something like that? Could it somehow lead Guix to stumble upon an empty or missing /etc/shadow when it boots? > I suppose the other victims of this bug have not booted to unbootable > generations? It=E2=80=99d be great if the other victims would speak up. :-) > If locks do not stop these issues, it would be nice to have more > detailed logs of shadow changes written to syslog on reconfigure > and/or on reboot. There really isn=E2=80=99t much to log: the activation code reads /etc/{shadow,passwd,group}, computes the list of shadow/passwd/group entries as a function of that, and writes it. Ludo=E2=80=99.