From owner-freebsd-bugs@FreeBSD.ORG Thu Sep 16 06:40:21 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0780A16A4CF for ; Thu, 16 Sep 2004 06:40:21 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B310F43D53 for ; Thu, 16 Sep 2004 06:40:19 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i8G6eJmB089434 for ; Thu, 16 Sep 2004 06:40:19 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i8G6eJ5r089433; Thu, 16 Sep 2004 06:40:19 GMT (envelope-from gnats) Resent-Date: Thu, 16 Sep 2004 06:40:19 GMT Resent-Message-Id: <200409160640.i8G6eJ5r089433@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Andrew Hayden Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C448F16A4CE for ; Thu, 16 Sep 2004 06:37:38 +0000 (GMT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CE5943D5D for ; Thu, 16 Sep 2004 06:37:38 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i8G6bcFh075458 for ; Thu, 16 Sep 2004 06:37:38 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.11/8.12.11/Submit) id i8G6bcLG075457; Thu, 16 Sep 2004 06:37:38 GMT (envelope-from nobody) Message-Id: <200409160637.i8G6bcLG075457@www.freebsd.org> Date: Thu, 16 Sep 2004 06:37:38 GMT From: Andrew Hayden To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: bin/71786: adduser breaks if /sbin/nologin is included in /etc/shells X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 06:40:21 -0000 >Number: 71786 >Category: bin >Synopsis: adduser breaks if /sbin/nologin is included in /etc/shells >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 16 06:40:19 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Andrew Hayden >Release: 5.2.1 >Organization: >Environment: FreeBSD server1.aexx.net 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386 >Description: Background: I build & installed proftpd. I created a test user whose shell was set to '/sbin/nologin' by running adduser and specifying 'nologin' as the shell. Then, I tried to log in to proftpd and realized that since /etc/shells doesn't contain '/sbin/nologin', proftpd would not allow me to log in. So, I added '/sbin/nologin' to /etc/shells. Now that I have done this, the adduser command is unable to add users whose shell is 'nologin'. It corrupts /etc/master.passwd and requires user intervention to repair (via vipw, then pwd_mkdb -p /etc/master.passwd). It appears that adduser chokes when /sbin/nologin is present in /etc/shells. Here is relevant output from a session... ****BEGIN CLIP **** root@server1[~/scripts/management]# adduser Username: test Full name: Uid (Leave empty for default): Login group [test]: Login group is test. Invite test into other groups? []: Login class [default]: Shell (sh csh tcsh nologin bash false nologin) [sh]: nologin Home directory [/home/test]: Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: yes Lock out the account after creation? [no]: Username : test Password : Full Name : Uid : 1004 Class : Groups : test Home : /home/test Shell : /sbin/nologin /sbin/nologin Locked : no OK? (yes/no): yes pwd_mkdb: corrupted entry pwd_mkdb: at line #26 pwd_mkdb: /etc/master.passwd: Inappropriate file type or format pw: passwd file update: Inappropriate ioctl for device adduser: ERROR: There was an error adding user (test). Add another user? (yes/no): no Goodbye! root@server1[~/scripts/management]# cat /etc/shells # $FreeBSD: src/etc/shells,v 1.5 2000/04/27 21:58:46 ache Exp $ # # List of acceptable shells for chpass(1). # Ftpd will not allow users to connect who are not using # one of these shells. /bin/sh /bin/csh /bin/tcsh /sbin/nologin /usr/local/bin/bash /usr/bin/false root@server1[~/scripts/management]# cat /etc/master.passwd # $FreeBSD: src/etc/master.passwd,v 1.34 2003/04/27 05:45:29 imp Exp $ # [[[ lots of stuff omitted for bug report, next line is line 23]]] aexx:[omitted for bug report]:1003:1003::0:0:Aexx:/home/aexx:/sbin/nologin test:$1$1k7RDJ9C$fqwDyAI8dBzN63sSi7Ly..:1004:1004::0:0:User &:/home/test:/sbin/nologin /sbin/nologin **** END CLIP **** >How-To-Repeat: 1. Ensure that /etc/shells does not contain '/sbin/nologin'. 2. Create a user with 'adduser' whose shell is 'nologin'. 3. Delete that user. 4. Add '/sbin/nologin' to /etc/shells. 5. Repeat step 2 exactly as you did before. 6. Examine /etc/master.passwd with vipw and confirm corrupted entry. >Fix: >Release-Note: >Audit-Trail: >Unformatted: