RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1262959 - virt-builder/virt-customize set password does not work
Summary: virt-builder/virt-customize set password does not work
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libguestfs
Version: 7.1
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1288337 1301891
TreeView+ depends on / blocked
 
Reported: 2015-09-14 18:23 UTC by Darius Clark
Modified: 2016-11-03 17:55 UTC (History)
7 users (show)

Fixed In Version: libguestfs-1.28.1-1.55.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-03 17:55:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Provided log showing what is going on with virt-customize when trying to set a root password. (64.11 KB, text/plain)
2015-09-14 18:23 UTC, Darius Clark 		no flags Details
Log of guestfish (45.49 KB, text/plain)
2015-09-19 17:40 UTC, Darius Clark 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2576 0 normal SHIPPED_LIVE Moderate: libguestfs and virt-p2v security, bug fix, and enhancement update 2016-11-03 12:06:51 UTC

Description Darius Clark 2015-09-14 18:23:39 UTC 
Created attachment 1073392 [details]
Provided log showing what is going on with virt-customize when trying to set a root password.

Description of problem: When using virt-builder or virt-customize to set a password to any user, including root, it does not set a password, but not does give a error or a clear answer to why it does not touch/edit /etc/shadow.


Version-Release number of selected component (if applicable): 1.30.2


How reproducible: 100%


Steps to Reproduce:
1. run "virt-cat -a /path/to/image /etc/shadow" and note of the data it provides (including hash of the root user or any other user if youre changing those passwords)
2. run "virt-customize -a /path/to/image --root-password password:newpassword1" 
3. run the first command and you will see the hash have not changed.

Actual results:

See attachment


Additional info: I have tested 1.28 and have not had this issue but however on 1.30 this problem occurs. I am unsure about 1.29 or 1.31.
Comment 2 Richard W.M. Jones 2015-09-19 16:31:38 UTC 
Which version of Augeas is installed on the host?  Might be bug 1145249.
Comment 3 Darius Clark 2015-09-19 16:50:56 UTC 
I am using what is provided in the repo which is 1.1.0.17.el7, but wouldnt it still work regardless since 1.28 works as well?
Comment 4 Richard W.M. Jones 2015-09-19 17:02:36 UTC 
The problem is these two lines in the trace:

  libguestfs: trace: aug_ls "/files/etc/shadow"
  ...
  libguestfs: trace: aug_ls = []

corresponding to this code:

  https://github.com/libguestfs/libguestfs/blob/1b4c1d74d36c942417ea946a561a1964b20a1191/customize/password.ml#L91-L117

As either /etc/shadow is really empty, or the Augeas shadow lens
cannot read anything from the file, no passwords get changed.

Suggest you look at the contents of /etc/shadow before & after
the virt-customize command to see if it is empty before (or after)
and if anything changed in the file.

If /etc/shadow is not empty, then it must be a problem with Augeas,
although I don't know exactly what.  You can try aug-init and aug-ls
commands from within guestfish.
Comment 5 Darius Clark 2015-09-19 17:31:36 UTC 
It is not empty (which is how I know nothing is being changed because the content remains the same). I have ran those in guestfish but aug-ls doesnt show anything. 

><fs> aug-init / 0
><fs> aug-ls /files/etc/shadow
><fs> aug-ls /etc/shadow
><fs> aug-close

><fs> aug-init / 1
><fs> aug-ls /etc/shadow
><fs> aug-ls /files/etc/shadow
><fs> aug-close

I dont really see much that could've changed between 1.28 and 1.30 that couldve broken this.
Comment 6 Darius Clark 2015-09-19 17:40:01 UTC 
Created attachment 1075242 [details]
Log of guestfish
Comment 7 Richard W.M. Jones 2015-09-19 17:40:49 UTC 
aug-ls /files/etc/shadow should show something.  If it doesn't
that's an augeas problem of some sort.

It turns out that augeas has been rebased in RHEL 7.2.  I uploaded
the new version to
https://people.redhat.com/~rjones/libguestfs-RHEL-7.2-preview/
so see if that makes a difference.
Comment 8 Darius Clark 2015-09-19 17:45:59 UTC 
Ill update and let you know if it does
Comment 9 Darius Clark 2015-09-19 17:59:20 UTC 
I can confirm that guestfish now sees /files/etc/shadow and it is also providing the password to the file.
Comment 10 Richard W.M. Jones 2015-09-19 19:29:02 UTC 
Works for me with:
libguestfs-1.28.1-1.55.el7.x86_64
augeas-libs-1.4.0-2.el7.x86_64

$ virt-builder ubuntu-14.04

$ guestfish -a ubuntu-14.04.img -i --ro

Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

Operating system: Ubuntu 14.04 LTS
/dev/sda1 mounted on /

><fs> aug-init / 0
><fs> aug-ls /files/etc/shadow
/files/etc/shadow/backup
/files/etc/shadow/bin
/files/etc/shadow/builder
/files/etc/shadow/daemon
/files/etc/shadow/games
/files/etc/shadow/gnats
/files/etc/shadow/irc
/files/etc/shadow/libuuid
/files/etc/shadow/list
/files/etc/shadow/lp
/files/etc/shadow/mail
/files/etc/shadow/man
/files/etc/shadow/messagebus
/files/etc/shadow/news
/files/etc/shadow/nobody
/files/etc/shadow/proxy
/files/etc/shadow/root
/files/etc/shadow/sshd
/files/etc/shadow/sync
/files/etc/shadow/sys
/files/etc/shadow/syslog
/files/etc/shadow/uucp
/files/etc/shadow/www-data
Comment 11 Richard W.M. Jones 2015-09-23 14:24:43 UTC 
I believe this bug is now fixed.  I'm leaving it open so QA can
check in the RHEL 7.3 timeframe.
Comment 12 Hu Zhang 2015-10-12 07:16:32 UTC 
Verified with the packages:
libguestfs-1.28.1-1.55.el7.x86_64
augeas-1.4.0-2.el7.x86_64

Verify steps:
# guestfish -a RHEL-Server-6.7-64-hvm.raw -i
><fs> aug-init / 1
><fs> aug-ls /files/etc/shadow
/files/etc/shadow/abrt
/files/etc/shadow/adm
/files/etc/shadow/avahi-autoipd
/files/etc/shadow/bin
/files/etc/shadow/daemon
/files/etc/shadow/dbus
/files/etc/shadow/ftp
/files/etc/shadow/games
/files/etc/shadow/gopher
/files/etc/shadow/haldaemon
/files/etc/shadow/halt
/files/etc/shadow/lp
/files/etc/shadow/mail
/files/etc/shadow/nobody
/files/etc/shadow/ntp
/files/etc/shadow/operator
/files/etc/shadow/postfix
/files/etc/shadow/root
/files/etc/shadow/saslauth
/files/etc/shadow/shutdown
/files/etc/shadow/sshd
/files/etc/shadow/sync
/files/etc/shadow/tcpdump
/files/etc/shadow/uucp
/files/etc/shadow/vcsa

So verified.
Comment 13 Xianghua Chen 2016-06-27 14:50:23 UTC 
In RHEL7.3 with the packages:
libguestfs-1.32.5-6.el7.x86_64

Verify steps:
# guestfish -a RHEL-Server-7.2-64-hvm.raw -i
><fs> aug-init / 1
><fs> aug-ls /files/etc/shadow
/files/etc/shadow/abrt
/files/etc/shadow/adm
/files/etc/shadow/avahi-autoipd
/files/etc/shadow/bin
/files/etc/shadow/chrony
/files/etc/shadow/daemon
/files/etc/shadow/dbus
/files/etc/shadow/ftp
/files/etc/shadow/games
/files/etc/shadow/halt
/files/etc/shadow/libstoragemgmt
/files/etc/shadow/lp
/files/etc/shadow/mail
/files/etc/shadow/nfsnobody
/files/etc/shadow/nobody
/files/etc/shadow/ntp
/files/etc/shadow/operator
/files/etc/shadow/oprofile
/files/etc/shadow/pcp
/files/etc/shadow/polkitd
/files/etc/shadow/postfix
/files/etc/shadow/qemu
/files/etc/shadow/radvd
/files/etc/shadow/root
/files/etc/shadow/rpc
/files/etc/shadow/rpcuser
/files/etc/shadow/saslauth
/files/etc/shadow/shutdown
/files/etc/shadow/sshd
/files/etc/shadow/sssd
/files/etc/shadow/sync
/files/etc/shadow/systemd-bus-proxy
/files/etc/shadow/systemd-network
/files/etc/shadow/tcpdump
/files/etc/shadow/tss
/files/etc/shadow/unbound
/files/etc/shadow/usbmuxd

Also works good.
Comment 15 errata-xmlrpc 2016-11-03 17:55:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2576.html
Note You need to log in before you can comment on or make changes to this bug.