Bug#340375: Subject: kuser destroys all passwords if /etc/shadow isn't present
Subject: kuser destroys all passwords if /etc/shadow isn't present
Package: kuser
Version: 4:3.4.2-1
Severity: grave
Justification: renders package unusable
*** Please type your report below this line ***
When I attempted to add a new user (for testing purposes), kuser
apparently replaced the password field in /etc/passwd with "x" for
all users. It then reported it was unable to open /etc/shadow and
exited. This left things so that no login by anyone was possible,
which made it difficult to repair the damage!
I don't use shadow passwords, and there is no /etc/shadow file
present. I know of no Debian policy that requires /etc/shadow to
be present. If kuser can't deal with a system where /etc/shadow
isn't present, it should NOT leave the system unusable and
unreparable.
I suppose this is related to kuser editing files directly, as
discussed in bug#248145. I have not checked what happens
if /etc/shadow exists but "/sbin/shadowconfig off" has been
executed, because I dislike the sensation of having all logins
impossible. If kuser can't behave better, then I think the Debian
installation should at least check for the existence of /etc/shadow
and, if it's not present, at least warn the user during
installation of potential disaster.
regards, cgm
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages kuser depends on:
ii kdelibs4c2 4:3.4.2-4 core libraries for all
KDE applica
ii libc6 2.3.5-6 GNU C Library: Shared
libraries an
ii libgcc1 1:4.0.2-2 GCC support library
ii libqt3-mt 3:3.3.5-1 Qt GUI Library
(Threaded runtime v
ii libstdc++6 4.0.2-2 The GNU Standard C++
Library v3
kuser recommends no packages.
-- no debconf information
Reply to: