Bug 207387 - useradd can not add a user to /etc/passwd if the same user exists in NIS
Summary: useradd can not add a user to /etc/passwd if the same user exists in NIS
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: shadow-utils
Version: 4.4
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Peter Vrabec
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2006-09-20 21:38 UTC by Chuck Berg
Modified: 2007-11-17 01:14 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2007-03-29 07:26:53 UTC

Attachments (Terms of Use)

Description Chuck Berg 2006-09-20 21:38:28 UTC
Description of problem:
useradd can not add a local user if getpwnam() can find it - e.g. it exists in
NIS. From useradd.c line 2190:
        if (getpwnam (user_name)) {
                fprintf (stderr, _("%s: user %s exists\n"), Prog,

Solaris allows you to do this with "useradd -r files".

This unfortunately does not allow me to override a NIS user with a local user,
for example to specify a different home directory. It also thwarts the common
practice of creating a redundant local user for critical application accounts,
to allow sane behavior in the event of a NIS failure.

My workaround is of course the dangerous manual editing of /etc/passwd and

Comment 1 Peter Vrabec 2007-03-28 09:34:57 UTC
Does option "-r" on Solaris mean same(system account) as "-r" in shadow-utils?

Comment 2 Carl Speare 2007-03-28 18:30:56 UTC
In Solaris, passwd -r refers to "repository". You can either specify "nis",
"files" or "ldap" after -r to tell which passwd should change.

Example on Solaris:

passwd -r files username
Would change /etc/passwd and /etc/shadow.

passwd -r nis username
Would change the NIS account.

I don't see anything about -r in passwd, and your statement "-r as in
shadow-utils" doesn't tell us what specific command refers to. Certainly, passwd
in Linux does not have "-r".

Could you be more specific about your question?

Comment 3 Carl Speare 2007-03-28 18:59:33 UTC
I should also point out that for useradd on Solaris, it assumes local accounts.

So, on Solaris, if you want to add an account to NIS, you need to do it on the
NIS master. If you want to *change* the password, you can use "passwd -r nis" to
then change the NIS account.

On Solaris if you want to add a local account, useradd assumes local accounts
only, so useradd will succeed unless there is a duplicate UID in /etc/passwd.
Then, you can use "passwd -r files" to change the password. In this manner, you
can have two accounts - with the same UID and username - and different
passwords. We do take advantage of this fact.

In RHEL, there is no way to force a local account with useradd. The same problem
for passwd: no way to specify NIS versus /etc files.

From the man pages, -r for useradd seems to mean UIDs lower than 100. Is that right?

Comment 4 Peter Vrabec 2007-03-28 20:31:31 UTC
Could you try luseradd? It might solve the problem.

Comment 5 Carl Speare 2007-03-29 00:28:34 UTC
Ok, that does the job. Two concerns though:

(1) man luseradd -> No manual entry for luseradd

(2) The SEE ALSO section of useradd(8) should contain luseradd(8) [once that
page is added].

If (1) is too difficult, appropriate mention in the useradd(8) man page would be
nice; perhaps that would go under NOTES and state something about the existence
and purpose of luseradd.

Obviously this also needs to be done for lusermod and luserdel, which I see also

Thank you.

Comment 6 Peter Vrabec 2007-03-29 07:26:53 UTC
1, man luser{add,mod,del} exist from RHEL-5 and FC-6.
2, I'll do it.

Note You need to log in before you can comment on or make changes to this bug.