Bug 872267 - "create user" functionality uses libuser incorrectly
"create user" functionality uses libuser incorrectly
Product: Fedora
Classification: Fedora
Component: virt-manager (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Cole Robinson
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-11-01 13:00 EDT by Miloslav Trmač
Modified: 2013-05-21 07:56 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-05-21 07:56:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Miloslav Trmač 2012-11-01 13:00:42 EDT
Description of problem:
Reading code of src/virtManagerTui/userworker.py (and running similar test programs):

* Setting libuser.USERPASSWORD directly is not portable; if libuser is configured for a LDAP backend, this will not use the correct format.
* admin.initUser() automatically sets a (locked) shadow password; if a shadow password exists, admin.addUser() overrides libuser.USERPASSWORD to the "password is in /etc/shadow" marker.  In other words, the password setting code code never worked.  (And if it _did_ work, it would set a plaintext password in /etc/passwd!)

For both of the above, the recommended way is to:
1) create an user (which will by default have a locked password), call admin.addUser()
2) then call admin.setpassUser() to set the new password.

* The 'pw_gid' (libuser.GIDNUMBER) attribute of an user contains only the primary group ID.  The API does allow you to pass multiple values, but that's impossible to represent in the backend.  In other words, the code adding the user to the "wheel" group never worked either.

To add a user to the "wheel" group, look up the "wheel" group, and add the user's name to the libuser.MEMBERNAME attribute (without removing the existing values), then call admin.modifyGroup().

* The code uses 'pw_*' constants directly instead of using the API-provided names, e.g. libuser.GIDNUMBER.  Both are stable, but using the constants would make it easier to grep libuser users a little.

Version-Release number of selected component (if applicable):
Comment 1 Fedora End Of Life 2013-04-03 10:17:19 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
Comment 2 Cole Robinson 2013-05-21 07:56:57 EDT
virt-manager-tui, the only libuser code, was dropped upstream and is not in current F19, so this is 'fixed'

Note You need to log in before you can comment on or make changes to this bug.