Bug 1138630

Summary: Remove user accounts from "/etc/shadow" when execute virt-sysprep with '--enable user-account' option
Product: Red Hat Enterprise Linux 6 Reporter: Lingfei Kong <lkong>
Component: libguestfsAssignee: Pino Toscano <ptoscano>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 6.6CC: huzhan, jherrman, leiwang, mbooth, ptoscano, rjones, wshi
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libguestfs-1.20.11-14.el6 Doc Type: Bug Fix
Doc Text:
Using the "virt-sysprep" command to remove user accounts did not properly remove the user entries from the /etc/shadow file. With this update, the lens to parse /etc/shadow has been added to the Augeas tool and "virt-sysprep" makes use of it. As a result, removing users from guests using "virt-sysprep" removes also their entries in /etc/shadow.
 Story Points: ---
Clone Of:
: 1138634 (view as bug list) Environment:
Last Closed: 2015-07-22 05:55:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1160261    
Bug Blocks: 1138634    

Description Lingfei Kong 2014-09-05 10:45:25 UTC 
Description of problem:
'virt-sysprep --enable user-account' remove user accounts from "/etc/passwd" but not remove it from "/etc/shadow" 

As we discussed in Bug 1037166(Comment 13 and Comment 15), i file this bug to track this problem.

Version-Release number of selected component (if applicable):
augeas-1.1.0-13.el7

How reproducible:
100%

Steps to Reproduce:
1. Create user test1, test2, test3 in guest image rhel6.6.img 
2. Run:
#virt-sysprep --enable user-account -a rhel6.6.img 
3.Login guest, check file /etc/passwd and /etc/shadow

Actual results:
user accounts 'test1', 'test2', 'test2' were removed from /etc/passwd, but not removed from /etc/shadow in guest

Expected results:
user accounts 'test1', 'test2', 'test2' were removed from /etc/passwd and /etc/shadow in guest

Additional info:
Comment 3 Hu Zhang 2015-03-11 02:08:36 UTC 
Verified with the package version:
libguestfs-1.20.11-14.el6.x86_64

Verify steps:
1. Create user test1, test2, test3 in guest image $image.
2. # virt-sysprep --enable user-account -a $image
3. Login guest, check file /etc/passwd and /etc/shadow
# cat /etc/passwd
...
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
chrony:x:997:996::/var/lib/chrony:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
----end----

# cat /etc/shadow
...
sshd:!!:16476::::::
ntp:!!:16476::::::
chrony:!!:16476::::::
tcpdump:!!:16476::::::
----end----

So user accounts 'test1', 'test2', 'test2' are removed from /etc/passwd and /etc/shadow in guest.
Comment 6 errata-xmlrpc 2015-07-22 05:55:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1444.html