Bug 1138630 - Remove user accounts from "/etc/shadow" when execute virt-sysprep with '--enable user-account' option
Summary: Remove user accounts from "/etc/shadow" when execute virt-sysprep with '--ena...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libguestfs
Version: 6.6
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Pino Toscano
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 1160261
Blocks: 1138634
TreeView+ depends on / blocked
 
Reported: 2014-09-05 10:45 UTC by Lingfei Kong
Modified: 2015-07-22 05:55 UTC (History)
7 users (show)

Fixed In Version: libguestfs-1.20.11-14.el6
Doc Type: Bug Fix
Doc Text:
Using the "virt-sysprep" command to remove user accounts did not properly remove the user entries from the /etc/shadow file. With this update, the lens to parse /etc/shadow has been added to the Augeas tool and "virt-sysprep" makes use of it. As a result, removing users from guests using "virt-sysprep" removes also their entries in /etc/shadow.
Clone Of:
: 1138634 (view as bug list)
Environment:
Last Closed: 2015-07-22 05:55:34 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1444 normal SHIPPED_LIVE libguestfs bug fix and enhancement update 2015-07-20 18:44:02 UTC

Description Lingfei Kong 2014-09-05 10:45:25 UTC
Description of problem:
'virt-sysprep --enable user-account' remove user accounts from "/etc/passwd" but not remove it from "/etc/shadow" 

As we discussed in Bug 1037166(Comment 13 and Comment 15), i file this bug to track this problem.

Version-Release number of selected component (if applicable):
augeas-1.1.0-13.el7

How reproducible:
100%

Steps to Reproduce:
1. Create user test1, test2, test3 in guest image rhel6.6.img 
2. Run:
#virt-sysprep --enable user-account -a rhel6.6.img 
3.Login guest, check file /etc/passwd and /etc/shadow

Actual results:
user accounts 'test1', 'test2', 'test2' were removed from /etc/passwd, but not removed from /etc/shadow in guest

Expected results:
user accounts 'test1', 'test2', 'test2' were removed from /etc/passwd and /etc/shadow in guest

Additional info:

Comment 3 Hu Zhang 2015-03-11 02:08:36 UTC
Verified with the package version:
libguestfs-1.20.11-14.el6.x86_64

Verify steps:
1. Create user test1, test2, test3 in guest image $image.
2. # virt-sysprep --enable user-account -a $image
3. Login guest, check file /etc/passwd and /etc/shadow
# cat /etc/passwd
...
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
chrony:x:997:996::/var/lib/chrony:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
----end----

# cat /etc/shadow
...
sshd:!!:16476::::::
ntp:!!:16476::::::
chrony:!!:16476::::::
tcpdump:!!:16476::::::
----end----

So user accounts 'test1', 'test2', 'test2' are removed from /etc/passwd and /etc/shadow in guest.

Comment 6 errata-xmlrpc 2015-07-22 05:55:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1444.html


Note You need to log in before you can comment on or make changes to this bug.