Page MenuHomePhabricator

User UID not properly set when add/deleting users
Closed, ResolvedPublicBUG

Description

Steps I did

Create to new users. for example olof and user2

Delete said users.

Add a new user with higher alphabetical order, for example aaatest.

Add olof and user2.

User /home/olof will now owned by aaatest

Resulting in pubkeys non-accessable pubkeys for example.

Tested on VyOS 1.1.7 with ansible 2.6 and vyos_user module.

It doesn't look like the same thing is happening on 1.1.5.

It looks like the delete user script in 1.1.5 keeps line in /etc/passwd AND /home/$USER dir

while in 1.1.7, the script is only deleting line in /etc/passwd.

Details

Difficulty level
Unknown (require assessment)
Version
1.1.7
Why the issue appeared?
Will be filled on close
olofl created this task.Jul 10 2018, 12:54 PM
olofl updated the task description. (Show Details)Jul 10 2018, 12:59 PM
varesa added a subscriber: varesa.EditedJul 10 2018, 1:08 PM

I don't think the alphabetic order is even relevant (or ansible for that matter). Once you delete a user it frees up the UID but leaves the home directory around with the now unused UID. If you re-create users in a different order the UIDs that still own the home directories no longer match the corresponding users.

How to reproduce:

  1. Create a user
[edit]
esa@vyos# set system login user test1 level operator 
[edit]
esa@vyos# commit
[edit]
  1. Delete said user:
esa@vyos# delete system login user test1
[edit]
esa@vyos# commit
[edit]
  1. Observer home directory
esa@vyos# ls -lah /home/
total 28K
drwxr-xr-x 1 root    root  4.0K Jul 10 12:58 .
drwxr-xr-x 1 root    root  4.0K Nov 16  2017 ..
[...]
drwxr-xr-x 3    1003 users 4.0K Jul 10 12:57 test1
  1. Create a second user
esa@vyos# set system login user test2 level operator 
[edit]
esa@vyos# commit
[edit]
  1. See that the new user gets the old UID and now also owns /home/test1
esa@vyos# ls -lah /home/
total 28K
drwxr-xr-x 1 root    root  4.0K Jul 10 12:58 .
drwxr-xr-x 1 root    root  4.0K Nov 16  2017 ..
[...]
drwxr-xr-x 3 test2   users 4.0K Jul 10 12:57 test1
drwxr-xr-x 3 test2   users 4.0K Jul 10 12:58 test2
  1. Recreate first user:
[edit]
esa@vyos# set system login user test1 level operator 
[edit]
esa@vyos# commit
[ system login ]
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.

Issue: user2 owns both home directories which for one thing breaks public key auth for the first re-created user:

[edit]
esa@vyos# ls -lah /home/
total 28K
drwxr-xr-x 1 root    root  4.0K Jul 10 12:58 .
drwxr-xr-x 1 root    root  4.0K Nov 16  2017 ..
[...]
drwxr-xr-x 3 test2   users 4.0K Jul 10 12:57 test1
drwxr-xr-x 3 test2   users 4.0K Jul 10 12:58 test2
[edit]
esa@vyos#

Above was on 1.1.7, the same thing happens on 1.1.8:

[edit]
esa@VyOS-AMI# set system login user test level operator 
[edit]
esa@VyOS-AMI# commit
[edit]
esa@VyOS-AMI# delete system login user test                
[edit]
esa@VyOS-AMI# commit
[edit]
esa@VyOS-AMI# set system login user test2 level operator 
[edit]
esa@VyOS-AMI# commit
[edit]
esa@VyOS-AMI# ls -lah /home/
total 28K
drwxr-xr-x 1 root    root  4.0K Jul 10 13:13 .
drwxr-xr-x 1 root    root  4.0K May  5 14:25 ..
[...]
drwxr-xr-x 3 test2   users 4.0K Jul 10 13:13 test
drwxr-xr-x 3 test2   users 4.0K Jul 10 13:13 test2
olofl added a comment.EditedJul 10 2018, 1:19 PM

Thanks for pointing that out, I tested manually aswell again on both 1.1.7 and 1.1.5.

In 1.1.5 both /etc/passwd and /home/ keeps userdatabase, when you delete a user.

1.1.7 deletes user from /etc/passwd, but keeps the dirs in /home/

So basically things broke somewhere between 1.1.5 and 1.1.7.

Should we delete user home dirs when deleting a user then?

syncer triaged this task as Normal priority.Jul 11 2018, 8:33 PM
olofl added a comment.EditedJul 12 2018, 12:27 PM

Should we delete user home dirs when deleting a user then?

Actually both debian 8 and ubuntu 18 have this saving homedir behaviour, which causes the same uid problem when deleting and adding users.

But I'd suggest deleting the home dir aswell, since most configuration is intended to do in VyOS shell, with VyOS commands, and not with bourne shell commands.

dmbaturin closed this task as Resolved.Mon, Nov 12, 4:08 PM
dmbaturin claimed this task.