Page MenuHomePhabricator

Unable to delete vyos user
Confirmed, NormalPublicBUG

Description

Upgraded to VyOS 1.3-rolling-201912222230 rolling and noticed I still have a vyos user floating around:

kroy@route2:# show system login user vyos
 authentication {
     encrypted-password xxxxxxxxx
     plaintext-password ""
 }
 level admin

[edit]
kroy@route2:# delete system login user vyos
[edit]
kroy@route2:# commit
Failed to generate committed config

On a different server running the same version, I didn't have an issue.

This was the only logging I could find:

cp w->tw failed[boost::filesystem::copy_file: Permission denied: "/opt/vyatta/config/tmp/new_config_5542/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~", "/opt/vyatta/config/tmp/tmp_5542/work/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~"]
cp[/opt/vyatta/config/tmp/new_config_5874]->[/opt/vyatta/config/tmp/tmp_5874/work]
cp w->tw failed[boost::filesystem::copy_file: Permission denied: "/opt/vyatta/config/tmp/new_config_5874/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~", "/opt/vyatta/config/tmp/tmp_5874/work/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~"]
cp[/opt/vyatta/config/tmp/new_config_6357]->[/opt/vyatta/config/tmp/tmp_6357/work]
cp w->tw failed[boost::filesystem::copy_file: Permission denied: "/opt/vyatta/config/tmp/new_config_6357/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~", "/opt/vyatta/config/tmp/tmp_6357/work/.unionfs-fuse/system/login/user/kroy/level/node.val_HIDDEN~"]

Details

Difficulty level
Unknown (require assessment)
Version
1.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

kroy created this task.Dec 23 2019, 5:02 PM
kroy updated the task description. (Show Details)
kroy added a comment.Dec 23 2019, 5:05 PM

A reboot seems to have fixed it.

I'm wondering if it's due to on this server, I've added and deleted the kroy user a few times in testing some RADIUS stuff. Meaning maybe that stuff was owned by a user ID that doesn't exist anymore?

This comment was removed by ddiguru.
ddiguru removed a subscriber: ddiguru.Dec 27 2019, 9:13 PM
hagbard changed the task status from Open to Confirmed.Jan 17 2020, 8:04 PM
hagbard triaged this task as Normal priority.
hagbard changed the task status from Confirmed to In progress.Jan 17 2020, 8:10 PM
hagbard claimed this task.
hagbard added a subscriber: hagbard.

@kroy Can you please test with the latest rolling? I can't reproduce the issue.

kroy added a comment.Jan 17 2020, 9:07 PM

Yep.

I hacked through how to reproduce.

Start with a fresh system.

  1. log in as default vyos user
  2. Do something set interfaces ethernet eth0 description test, commit and save
  3. create new user, set system login user vyos2 authentication plaintest-password vyos and set system login user vyos3 authentication plaintest-password vyos
  4. commit and save.
  5. login as vyos2 user. Do this again, set interfaces ethernet eth0 description test2, commit and save
  6. login as vyos3 user.
  7. delete vyos2 user, commit/save
  8. create vyos2 user, commit save
  9. Login as vyos2 user. Do this again, set interfaces ethernet eth0 description test55, commit and save

Last commit should generate the message. Probably don't need two extra users here, but it was easiest to pick out what was wrong.

It's happening because there's something leftover with the original vyos2 user's numeric ID, which the new vyos2 user doesn't match anymore. So originally vyos2 was 1001. Now it's 1003

I've actually run into a number of permissions issues with stuff under /config, especially as you migrate configs to a new host, if you've created any additional users.

Ack, I have already after step 5 an issue. The uids shouldn't be an issue, since the users should be all in the same group and the group has r/w permissions.

hagbard changed the task status from In progress to Confirmed.Jan 17 2020, 10:49 PM
hagbard removed hagbard as the assignee of this task.Sat, Feb 8, 4:16 PM
c-po added a subscriber: c-po.Sun, Feb 9, 8:50 AM

The system login CLI interface has been rewritten to XML/Python. Please try again with a newer rolling relese