Summary: | using ROOT env variable with eutils.eclass enewuser incorrectly adds user to wrong password file | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Daniel Black (RETIRED) <dragonheart> |
Component: | [OLD] Unspecified | Assignee: | SpanKY <vapier> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | agriffis, base-system, embedded, gurligebis, leho, nicolas.perrenoud, sd, yvasilev |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Daniel Black (RETIRED)
2004-02-20 18:15:04 UTC
ok, theres a problem with this ... i can implement a hack, but that's as good as it's gonna get ... enew{user,group} was written so that we wouldnt have to worry about what kind of auth schema the user had ... they could use classic /etc/{passwd,group} or they could use ldap (in which case, it couldnt matter if they even had /etc/{passwd,group} files) the other issue is that if we only add the users to ${ROOT}, if the ebuild tries to `chown` or `chgrp` a file, things are going to be screwed up because the `chown` and `chgrp` will only know about users/groups on the host system, not the ${ROOT} system, thus possibly leaving the ${ROOT} system fubar here's the solution (and thus the hack) that i can implement ... i wont implement it right away that way you guys can give me feedback on it ... (1) add the user/group to the host system (2a) if ${ROOT}/`which useradd` exists, we just `chroot ${ROOT}` before executing the adduser command (2b) if ${ROOT}/`which useradd` doesnt exist, we just cry and add entries by hand to ${ROOT}/etc/{passwd,group} with good old `echo "user record" >> ${ROOT}/etc/passwd` fine with 2a & 2b. Alternate thoughts to 1: 1a Place getgrnam getpwnam getpwuid getgrgid functions into the sandbox (obtained from ch{own,grp} source). Call chroot(2) before passing args back on to the calling the original functions. 1b make an alternate ch{own,grp} that conforms to the $ROOT in the path - will have problems make using direct calls to the OS. Alternate to 2 is: sandbox pw_open, spw_open, gr_open, sgr_open simarly to 1a. ignore pw_open, spw_open, gr_open, sgr_open they are internal shadow functions. Alternately intercept open("/etc/{passwd,shadow,group}") function calls. I'm implementing this now as a test. goes glep 27 address this? *** Bug 96988 has been marked as a duplicate of this bug. *** Will it be possible (as in "good idea") until GLEP 27 gets implemented to add a notice of the sort: * You'll need to manually add a user/group in ROOT=${ROOT} with: * name: ____ * uid/gid: ___ (if any) * shell: ____ * home: ____ $(test -d $home || echo "(this needs to be created)") Or something like this? *** Bug 116193 has been marked as a duplicate of this bug. *** *** Bug 159517 has been marked as a duplicate of this bug. *** *** Bug 389159 has been marked as a duplicate of this bug. *** |