From mboxrd@z Thu Jan 1 00:00:00 1970 From: "pelzflorian (Florian Pelz)" Subject: bug#35996: User account password got locked when booting old generation Date: Sat, 1 Jun 2019 16:58:34 +0200 Message-ID: <20190601145834.f4wgm4oqmdyej7n5@pelzflorian.localdomain> References: <20190529204517.mqn5xrw23xib4i3u@pelzflorian.localdomain> <877ea6l1on.fsf@gnu.org> <20190601055238.jkhefpupavz7aipi@pelzflorian.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([209.51.188.92]:52133) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hX5TL-0001dD-EX for bug-guix@gnu.org; Sat, 01 Jun 2019 10:59:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hX5TK-0001KL-Fn for bug-guix@gnu.org; Sat, 01 Jun 2019 10:59:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:53106) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hX5TK-0001KA-Bg for bug-guix@gnu.org; Sat, 01 Jun 2019 10:59:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hX5TK-0002G2-7q for bug-guix@gnu.org; Sat, 01 Jun 2019 10:59:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <20190601055238.jkhefpupavz7aipi@pelzflorian.localdomain> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 35996@debbugs.gnu.org On Sat, Jun 01, 2019 at 07:52:38AM +0200, pelzflorian (Florian Pelz) wrote: > I wonder what would change /etc/shadow. > If the error occurred on common non-Guix distros, it hopefully would have been fixed before, maybe. Of course Guix recreates /etc/shadow much more frequently. Guix appears to add shadow files atomically in gnu/build/accounts.scm. I do not know if there could have been an error reading the old shadow file, e.g. because it is locked or something? The elogind source code in src/basic/user-util.c contains code for locking /etc/shadow, with a comment that explains why its lckpwdf is implemented differently from shadow-utils. AccountsService appears to only be usable for reading /etc/shadow, not for writing it, contrary to what the Guix manual claims (??). For writing passwords, gnome-control-center does not use AccountsService, it calls /usr/bin/passwd directly in its source code in panels/user-accounts/run-passwd.c. Regards, Florian