RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1686436 - passwd -S report is incorrect when the user's /etc/passwd entry does not contain 'x' in the password hash field
Summary: passwd -S report is incorrect when the user's /etc/passwd entry does not cont...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: passwd
Version: 7.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Jiri Kucera
QA Contact: David Jež
URL:
Whiteboard:
Depends On:
Blocks: 1716965 1740168
TreeView+ depends on / blocked
 
Reported: 2019-03-07 13:08 UTC by amitkuma
Modified: 2020-03-31 19:45 UTC (History)
6 users (show)

Fixed In Version: passwd-0.79-6.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1740168 (view as bug list)
Environment:
Last Closed: 2020-03-31 19:45:42 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:1058 0 None None None 2020-03-31 19:45:47 UTC

Description amitkuma 2019-03-07 13:08:39 UTC 
Description of problem:


Removed 'x' for user 'test2' from /etc/passwd, but nothing changed in /etc/shadow.

Issue: 
- When trying to change password of 'test2' it asks to enter new password. Though this will not be used.
- 'su - test2' directly logs in without asking password, It looks 'su -' utility only looks for 'x' in /etc/passwd and does not look for string inside '/etc/shadow'

////Reproducer////
1. user test2 does not have 'x' field in /etc/passwd
# cat /etc/passwd|grep test2
test2::1001:1001::/home/test2:/bin/bash
# 

2. But password-string is present in shadow
# cat /etc/shadow|grep test2
test2:$6$cELtwRPK$s7OZEKzuI3KRE5fh5iaBi1lEwUVqKC5TqDXVc0qqDpyEeAW1dHLNUhEhHc5NUg7GXVI9nm7Qs/E7k7e6q/tqQ0:17962:0:99999:7:::
# 

3. Login using 'su -' does not asks for password.       //Correct
# su - test1
Last login: Thu Mar  7 06:28:53 EST 2019 on pts/0
[test1@rhel7u6-1 ~]$ su - test2
Last login: Thu Mar  7 06:28:58 EST 2019 on pts/0
[test2@rhel7u6-1 ~]$ 

4. But, while trying to change password of test2, it asks to enter new password. This password will never be used    //Inconsistent
# passwd test2
Changing password for user test2.
New password: 


Expectation:
- passwd should either read both '/etc/passwd' and /etc/shadow and provide meaningful information. Either:
 a. 'x' entry is not present in /etc/passwd. Password change will not have effect
 OR
 b. Please remove string from /etc/shadow, 'x' is not present in /etc/passwd
 OR
 c. Password setting will not have effect since 'x' is not present in /etc/passwd. Consult "man 5 passwd" etc


Version-Release number of selected component (if applicable):
passwd-0.79-4.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:
- Relevant information should be provided by passwd

Additional info:
Comment 2 Daniele Palumbo 2019-03-07 14:45:33 UTC 
Hi,

Let me add,
passwd(1)
"""
-S
    This will output a short information about the status of the password for a given account. Available to root user only.
"""
We expect therefore that also -S argument will provide relevant information of lack of password.

test ~ # grep ^root /etc/passwd
root::0:0:root:/root:/bin/bash
test ~ # passwd -S root
root PS 2017-12-09 0 99999 7 -1 (Password set, SHA512 crypt.)
usgnutl6fk5 ~ # chage -l root
Last password change                                    : Dec 09, 2017
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
test ~ #
Comment 3 amitkuma 2019-03-08 03:44:14 UTC 
@Tomas @Jiri Kucera would it be possible to set up a call with Customer [daniele]?
Customer's timezone is {Europe/Paris}
Comment 4 Tomas Mraz 2019-03-08 10:38:33 UTC 
This is a real bug in passwd as passwd -S should print correct information and not false one.

Also the password setting as in the item 4 in the description not having effect is a real bug in PAM and should be fixed. Amit, please open a new bug against PAM as PAM is the culprit here.
Comment 8 amitkuma 2019-03-18 09:59:48 UTC 
Dear Tomas,
||3. passwd -S shows incorrect information - this is bug, should be fixed - we can use this bz report for that fix
As you stated I would not be opening bug for 'passwd -S'
Comment 9 Tomas Mraz 2019-03-18 11:07:46 UTC 
Yes, I think this bug can be used for the passwd -S issue.
Comment 10 amitkuma 2019-03-22 09:37:02 UTC 
dear tomas,
do you require any information from me?
Comment 11 Tomas Mraz 2019-03-22 10:12:40 UTC 
No, I do not. Please note I am not the maintainer of passwd. It is now on Jiri.
Comment 15 amitkuma 2019-08-09 08:03:40 UTC 
Hello,
Any updates here?
Comment 16 Jiri Kucera 2019-08-12 08:38:56 UTC 
Fixed in passwd-0.79-6.el7.
Comment 17 amitkuma 2019-08-12 09:12:37 UTC 
Hello,
What about RHBA of this particular bug in RHEL-8?
a. Do we need to clone this bugzilla for RHEL-8.
Comment 18 Jiri Kucera 2019-08-12 12:08:44 UTC 
Hello,

thanks for the idea. I cloned this bugzilla for RHEL-8 (bz#1740168) and also filed bugzilla for Fedora (bz#1740166).
Comment 22 errata-xmlrpc 2020-03-31 19:45:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1058
Note You need to log in before you can comment on or make changes to this bug.