Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1185425 - RHEL7 - shadow-utils: usermod account lock/unlock behavior differs on passwd lock/unlock
RHEL7 - shadow-utils: usermod account lock/unlock behavior differs on passwd ...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: shadow-utils (Show other bugs)
7.0
All Linux
high Severity medium
: rc
: ---
Assigned To: Tomas Mraz
Stefan Kremen
: GSSTriaged
Depends On:
Blocks: 1203710 1296594 1313485
  Show dependency treegraph
 
Reported: 2015-01-23 12:25 EST by Rodrigo A B Freire
Modified: 2016-11-03 23:40 EDT (History)
7 users (show)

See Also:
Fixed In Version: shadow-utils-4.1.5.1-19.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 23:40:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 1329243 None None None 2016-02-19 09:15 EST
Red Hat Product Errata RHBA-2016:2322 normal SHIPPED_LIVE shadow-utils bug fix and enhancement update 2016-11-03 09:43:15 EDT

  None (edit)
Description Rodrigo A B Freire 2015-01-23 12:25:22 EST 
Description of problem:
* passwd -l has different behavior than usermod -L
* The first command pushes two '!' characters in front of user password on /etc/shadow file, and the second puts only one.
* While those are different commands, this could lead to some confusion, in this case:
  - Lock the user with passwd -l user
  - Try to unlock the user with usermod -U user

* The latter removes only one '!' character, and this way the user still gets locked. You have to run usermod -U twice to unlock a user locked by passwd -l command, so it will remove both '!'.

Version-Release number of selected component (if applicable):
shadow-utils-4.1.5.1-13.el7.x86_64
passwd-0.79-4.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Lock the user with passwd -l user
2. Try to unlock the user with usermod -U user

Actual results:
The target user will still be locked.

Expected results:
Account should be unlocked.

Additional info:
* This behavior is also seen in RHEL6.
* passwd locked, passwd unlocked: OK
* passwd locked, usermod unlocked: FAIL
* usermod locked, usermod unlocked: OK
* usermod locked, passwd unlocked: OK
Comment 2 Rodrigo A B Freire 2015-01-23 15:06:04 EST 
I'm prone to say that the passwd behavior is the desired one.

Check /etc/shadow contents; every disabled account has *two* exclamation marks, reflecting passwd behavior.

IMO, usermod has to be fixed.
Comment 3 Tomas Mraz 2015-01-26 11:12:02 EST 
Yes, this should be probably fixed in usermod at least in a way that the unlocking works. Whether it should also prepend double ! is debatable.
Comment 14 errata-xmlrpc 2016-11-03 23:40:26 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2322.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.