Drop Obsolete login.defs Scripts USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD, GROUPADD_CMD #160
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shundhammer
force-pushed
the
huha-drop-scripts
branch
from
7b22212
to
27f04e3
Compare
This was referenced Oct 1, 2024
shundhammer
changed the title
|
✅ Autosubmission job #11140062666 successfully finished |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bugzilla
https://bugzilla.suse.com/show_bug.cgi?id=1231006
Trello
https://trello.com/c/YaAqN3hc/
Target Branch
This is for master / Factory only. SLE-15-SPx / Leap 15.x still support those scripts.
Problem
On Factory / Tumbleweed / Slowroll, after using the YaST security module, the
useradd/usermod, /userdelcommands complain about invalid configuration parameters:Cause
It turned out that these parameters came from
/etc/login.defs.d/70-yast.defs, written by the YaST security module:Neither are those parameters described in
man login.defs, nor are the corresponding commands/usr/sbin/user*.localpresent on any recent Tumbleweed or Slowroll.Notice that they are only written to that file if the user uses the YaST security module at least once and writes the new security configuarion to disk; if that module is never started, the parameters are not in that file, only the
UMASK 022line.Software Archaeology
Investigation on older releases showed that they were part of SUSE-specific extensions of the shadow suite, dating back as far as 2003.
They are still available on SLE-15-SPx or older (until back in 2003), but no longer in Factory: They were dropped with the fix for bsc#1191578, but nobody told the YaST team about that change, so the problem went unnoticed until a community user used those
useradd/usermod/userdelcommands after using the YaST security module.Further investigation showed that we also keep mentioning another parameter
GROUPADD_CMDthat was also SUSE specific, but removed even earlier: See also bug #1121197 comment #14. We never seem to write that one at any place of our code, though; but it is present in samplelogin.defsfiles, in tests and in our definition of the file format that we use for parsing.Upstream Parameter: USERDEL_CMD
Please notice that the
USERDEL_CMDparameter is defined upstream by the shadow suite and is still available, unlike those SUSE extensions. See alsoman login.defs.Fix
Removed all references to those parameters in yast-security so they are not written to that config file anymore.
Test
Manual test in a Tumbleweed VM
Related PRs
Notice that none of those PRs depend on one another; each one works fine by itself.