From owner-freebsd-bugs@FreeBSD.ORG  Mon Mar 17 08:40:00 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id CE9D3A08
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Mon, 17 Mar 2014 08:40:00 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id AA4D3281
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Mon, 17 Mar 2014 08:40:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s2H8e0i8064412
 for <freebsd-bugs@freefall.freebsd.org>; Mon, 17 Mar 2014 08:40:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s2H8e0Aj064411;
 Mon, 17 Mar 2014 08:40:00 GMT (envelope-from gnats)
Resent-Date: Mon, 17 Mar 2014 08:40:00 GMT
Resent-Message-Id: <201403170840.s2H8e0Aj064411@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 Tomasz Walaszek <tmwalaszek@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D0186807
 for <freebsd-gnats-submit@FreeBSD.org>; Mon, 17 Mar 2014 08:33:33 +0000 (UTC)
Received: from cgiserv.freebsd.org (cgiserv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:4])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id BC0AB237
 for <freebsd-gnats-submit@FreeBSD.org>; Mon, 17 Mar 2014 08:33:33 +0000 (UTC)
Received: from cgiserv.freebsd.org ([127.0.1.6])
 by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s2H8XXsS068640
 for <freebsd-gnats-submit@FreeBSD.org>; Mon, 17 Mar 2014 08:33:33 GMT
 (envelope-from nobody@cgiserv.freebsd.org)
Received: (from nobody@localhost)
 by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s2H8XX65068629;
 Mon, 17 Mar 2014 08:33:33 GMT (envelope-from nobody)
Message-Id: <201403170833.s2H8XX65068629@cgiserv.freebsd.org>
Date: Mon, 17 Mar 2014 08:33:33 GMT
From: Tomasz Walaszek <tmwalaszek@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: misc/187653: 'pw user mod' is creating users instead of changing them.
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 08:40:01 -0000


>Number:         187653
>Category:       misc
>Synopsis:       'pw user mod' is creating users instead of changing them.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 17 08:40:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Tomasz Walaszek
>Release:        FreeBSD 10.0
>Organization:
>Environment:
FreeBSD ldap 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014     root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
In my setup the system is searching for users in 2 sources, files and ldap.
passwd: files ldap

If we have for example user 'test' in our ldap database and we try to change shell for user 'test' we will see strange behaviour:


root@ldap:~ # getent passwd | grep test
test:*:1000:1000:test:/home/test:/usr/local/bin/bash
root@ldap:~ # grep 'test' /etc/passwd
root@ldap:~ # 
root@ldap:~ # pw mod user -n test -s /bin/sh
root@ldap:~ # grep 'test' /etc/passwd
test:*:1000:1000:test:/home/test:/bin/sh
root@ldap:~ # 
root@ldap:~ # getent passwd | grep test
test:*:1000:1000:test:/home/test:/bin/sh
test:*:1000:1000:test:/home/test:/usr/local/bin/bash

The pw tool created new user instead of fail with 'no such user' message. Maybe this is desirable behaviour but in my opinion 'mod' switch should only change users not creating them.
>How-To-Repeat:
To repeat the problem we need to setup ldap server and configure our system to use it as the user source.
After that create in ldap user 'test' and try to change it shell using pw.
>Fix:
This behavior is caused by getpwnam getpwuid functions. Pw uses those functions to search for the users, when we have user test in ldap those function will return it. Pw dont know anything about ldap so it will create new entry in passwd files.
Fixes:
1. Use pw with -V /etc. Pw with -V will not use getpwnam getpwuid but vgetpnam, vgetpwuid and search for the users in passwd files in /etc directory.
2. Mayebe use functions defined in struct pwf VPWF ?

>Release-Note:
>Audit-Trail:
>Unformatted: