From mboxrd@z Thu Jan 1 00:00:00 1970 From: "pelzflorian (Florian Pelz)" Subject: bug#35996: User account password got locked when booting old generation Date: Mon, 3 Jun 2019 16:52:09 +0200 Message-ID: <20190603145209.ub7663zp7yh7n7i4@pelzflorian.localdomain> References: <877ea6l1on.fsf@gnu.org> <20190601055238.jkhefpupavz7aipi@pelzflorian.localdomain> <20190601145834.f4wgm4oqmdyej7n5@pelzflorian.localdomain> <87r28dc7gw.fsf@gnu.org> <20190602070545.xp2pqlnzsthpjtbw@pelzflorian.localdomain> <87sgss9vj7.fsf@gnu.org> <20190602102122.bzapwt36vg32nmwq@pelzflorian.localdomain> <87o93g9dv5.fsf@gnu.org> <20190603060301.2nu2zqi5j3v3j5ki@pelzflorian.localdomain> <87tvd6erbo.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([209.51.188.92]:37133) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hXoKh-0005pk-Sa for bug-guix@gnu.org; Mon, 03 Jun 2019 10:53:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hXoKe-0006wN-2J for bug-guix@gnu.org; Mon, 03 Jun 2019 10:53:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57376) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hXoKc-0006tV-F8 for bug-guix@gnu.org; Mon, 03 Jun 2019 10:53:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hXoKc-0000fc-8t for bug-guix@gnu.org; Mon, 03 Jun 2019 10:53:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <87tvd6erbo.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 35996@debbugs.gnu.org On Mon, Jun 03, 2019 at 03:22:51PM +0200, Ludovic Courtès wrote: > > After multiple reconfigures, it happened again, my /etc/shadow has ! > > again in the password field. My recently changed root password became > > empty as well, like 35902. I did not even run sudo concurrently. The > > password just got locked. > > What were the differences between your config files when you > reconfigured? > For the last reconfigure, there were no differences, although I had rebooted into an unbootable, older generation with a different syslog.conf and broken Udevd arguments before booting the new generation. I suppose the other victims of this bug have not booted to unbootable generations? > Did the config files describe the exact same set of user accounts? > Yes, they’re the same. > Did the user accounts in the config files differ in any way? > No, they do not differ. > Were the user accounts altered in any way in between reconfigures > (‘passwd’, ‘usermod’, GNOME, etc.)? > > > Looking at ‘user+group-databases’ in (gnu build accounts), which takes a > list of and a list of to produce > /etc/{passwd,shadow,group}, the only way this could happen is if > /etc/shadow does not exist at the time of reconfigure. > > In that case, ‘user+group-databases’ assumes we’re starting anew, so it > creates /etc/shadow with the initial passwords specified in the OS > config. At that point, the other passwords are lost forever. > > Does Shadow or gnome-control-center or something remove /etc/shadow > altogether while it’s accessing it? > I did not use gnome-control-center or shadow or sudo during the last reconfigure, except sudo for starting the reconfigure. > At the very least, adding locking like you suggested should avoid this > class of problems; I’ll look into that. > I do not know if something somehow accessed /etc/shadow in the background without my knowledge. I believe locks are important anyway to have more guarantees passwords are not lost when Guix is run on a sensitive multi-user setup. Thank you for looking into it. If locks do not stop these issues, it would be nice to have more detailed logs of shadow changes written to syslog on reconfigure and/or on reboot. Regards, Florian