Bug#340375: marked as done (Subject: kuser destroys all passwords if /etc/shadow isn't present)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 19 Feb 2010 18:24:42 +0200
with message-id <32f6fe7e1002190824v3ba810a2u824aa00b16dfd76c@mail.gmail.com>
and subject line Bug fixed
has caused the Debian Bug report #340375,
regarding Subject: kuser destroys all passwords if /etc/shadow isn't present
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
340375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340375
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: Subject: kuser destroys all passwords if /etc/shadow isn't present
• From: Charles G Montgomery <cgm@physics.utoledo.edu>
• Date: Tue, 22 Nov 2005 20:23:05 -0500
• Message-id: <200511222023.05900.cgm@physics.utoledo.edu>
• Reply-to: cgm@physics.utoledo.edu

Subject: kuser destroys all passwords if /etc/shadow isn't present
Package: kuser
Version: 4:3.4.2-1
Severity: grave
Justification: renders package unusable

*** Please type your report below this line ***
When I attempted to add a new user (for testing purposes), kuser 
apparently replaced the password field in /etc/passwd with "x" for 
all users.  It then reported it was unable to open /etc/shadow and 
exited.  This left things so that no login by anyone was possible, 
which made it difficult to repair the damage!

I don't use shadow passwords, and there is no /etc/shadow file 
present.  I know of no Debian policy that requires /etc/shadow to 
be present.  If kuser can't deal with a system where /etc/shadow 
isn't present, it should NOT leave the system unusable and 
unreparable.

I suppose this is related to kuser editing files directly, as 
discussed in bug#248145.  I have not checked what happens 
if /etc/shadow exists but "/sbin/shadowconfig off" has been 
executed, because I dislike the sensation of having all logins 
impossible.  If kuser can't behave better, then I think the Debian 
installation should at least check for the existence of /etc/shadow 
and, if it's not present, at least warn the user during 
installation of potential disaster.

regards,  cgm

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages kuser depends on:
ii  kdelibs4c2                    4:3.4.2-4  core libraries for all 
KDE applica
ii  libc6                         2.3.5-6    GNU C Library: Shared 
libraries an
ii  libgcc1                       1:4.0.2-2  GCC support library
ii  libqt3-mt                     3:3.3.5-1  Qt GUI Library 
(Threaded runtime v
ii  libstdc++6                    4.0.2-2    The GNU Standard C++ 
Library v3

kuser recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 340375-done@bugs.debian.org
• Subject: Bug fixed
• From: Antonis Tsiapaliokas <kok3rs@gmail.com>
• Date: Fri, 19 Feb 2010 18:24:42 +0200
• Message-id: <32f6fe7e1002190824v3ba810a2u824aa00b16dfd76c@mail.gmail.com>

Version: 4:3.5.0-1

This bug has been fixed in the version 4:3.5.0-1 of kde.

--- End Message ---