Bug 1138634

Summary: Remove user accounts from "/etc/shadow" when exeucte virt-sysprep with '--enable user-account' option
Product: Red Hat Enterprise Linux 7 Reporter: Lingfei Kong <lkong>
Component: libguestfsAssignee: Pino Toscano <ptoscano>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: jherrman, leiwang, mbooth, ptoscano, rjones, virt-bugs, wshi, yuliu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libguestfs-1.27.56-1.1.el7 Doc Type: Bug Fix
Doc Text:
Using the "virt-sysprep" command to remove user accounts did not properly remove the user entries from the /etc/shadow file. With this update, the lens to parse /etc/shadow has been added to the Augeas tool and "virt-sysprep" makes use of it. As a result, removing users from guests using "virt-sysprep" removes also their entries in /etc/shadow.
 Story Points: ---
Clone Of: 1138630 Environment:
Last Closed: 2015-03-05 13:44:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1138630    
Bug Blocks:    

Description Lingfei Kong 2014-09-05 10:47:51 UTC 
+++ This bug was initially created as a clone of Bug #1138630 +++

Description of problem:
'virt-sysprep --enable user-account' remove user accounts from "/etc/passwd" but not remove it from "/etc/shadow" 

As we discussed in Bug 1037166(Comment 13 and Comment 15), i file this bug to track this problem.

Version-Release number of selected component (if applicable):
augeas-1.1.0-13.el7

How reproducible:
100%

Steps to Reproduce:
1. Create user test1, test2, test3 in guest image rhel6.6.img 
2. Run:
#virt-sysprep --enable user-account -a rhel6.6.img 
3.Login guest, check file /etc/passwd and /etc/shadow

Actual results:
user accounts 'test1', 'test2', 'test3' were removed from /etc/passwd, but not removed from /etc/shadow in guest

Expected results:
user accounts 'test1', 'test2', 'test3' were removed from /etc/passwd and /etc/shadow in guest

Additional info:
Comment 2 Richard W.M. Jones 2014-09-30 08:41:44 UTC 
According to Pino this is fixed with the inclusion of
the /etc/shadow Augeas lens.  This requires augeas-libs >= 1.1.0-16.el7
which is a dependency of libguestfs >= 1.27.56-1.1.el7.
Comment 4 yuliu 2014-11-11 07:05:09 UTC 
Version: libguestfs-1.28.1-1.9.el7.x86_64

It can delete the user account from both /etc/shadow and /etc/passwd.

Verified.
Comment 6 errata-xmlrpc 2015-03-05 13:44:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0303.html