Bug 207387 - useradd can not add a user to /etc/passwd if the same user exists in NIS
useradd can not add a user to /etc/passwd if the same user exists in NIS
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: shadow-utils (Show other bugs)
4.4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Vrabec
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-20 17:38 EDT by Chuck Berg
Modified: 2007-11-16 20:14 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-29 03:26:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Chuck Berg 2006-09-20 17:38:28 EDT
Description of problem:
useradd can not add a local user if getpwnam() can find it - e.g. it exists in
NIS. From useradd.c line 2190:
        if (getpwnam (user_name)) {
                fprintf (stderr, _("%s: user %s exists\n"), Prog,
                         user_name);

Solaris allows you to do this with "useradd -r files".

This unfortunately does not allow me to override a NIS user with a local user,
for example to specify a different home directory. It also thwarts the common
practice of creating a redundant local user for critical application accounts,
to allow sane behavior in the event of a NIS failure.

My workaround is of course the dangerous manual editing of /etc/passwd and
/etc/shadow.
Comment 1 Peter Vrabec 2007-03-28 05:34:57 EDT
Does option "-r" on Solaris mean same(system account) as "-r" in shadow-utils?
Comment 2 Carl Speare 2007-03-28 14:30:56 EDT
In Solaris, passwd -r refers to "repository". You can either specify "nis",
"files" or "ldap" after -r to tell which passwd should change.

Example on Solaris:

passwd -r files username
Would change /etc/passwd and /etc/shadow.

passwd -r nis username
Would change the NIS account.

I don't see anything about -r in passwd, and your statement "-r as in
shadow-utils" doesn't tell us what specific command refers to. Certainly, passwd
in Linux does not have "-r".

Could you be more specific about your question?
Comment 3 Carl Speare 2007-03-28 14:59:33 EDT
I should also point out that for useradd on Solaris, it assumes local accounts.

So, on Solaris, if you want to add an account to NIS, you need to do it on the
NIS master. If you want to *change* the password, you can use "passwd -r nis" to
then change the NIS account.

On Solaris if you want to add a local account, useradd assumes local accounts
only, so useradd will succeed unless there is a duplicate UID in /etc/passwd.
Then, you can use "passwd -r files" to change the password. In this manner, you
can have two accounts - with the same UID and username - and different
passwords. We do take advantage of this fact.

In RHEL, there is no way to force a local account with useradd. The same problem
for passwd: no way to specify NIS versus /etc files.

From the man pages, -r for useradd seems to mean UIDs lower than 100. Is that right?
Comment 4 Peter Vrabec 2007-03-28 16:31:31 EDT
Could you try luseradd? It might solve the problem.
Comment 5 Carl Speare 2007-03-28 20:28:34 EDT
Ok, that does the job. Two concerns though:

(1) man luseradd -> No manual entry for luseradd

(2) The SEE ALSO section of useradd(8) should contain luseradd(8) [once that
page is added].

If (1) is too difficult, appropriate mention in the useradd(8) man page would be
nice; perhaps that would go under NOTES and state something about the existence
and purpose of luseradd.

Obviously this also needs to be done for lusermod and luserdel, which I see also
exist.

Thank you.
Comment 6 Peter Vrabec 2007-03-29 03:26:53 EDT
1, man luser{add,mod,del} exist from RHEL-5 and FC-6.
2, I'll do it.

Note You need to log in before you can comment on or make changes to this bug.