-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sysusers: remove bin
entries and get systemd.post: /etc/gshadow: Group "bin" already exists.
#1525
Comments
Right. I think we can do this automatically in rpm-ostree. BTW though, this issue also relates a bit to coreos/rpm-ostree#4401 - I wonder if it would work for us to just empty out (or possibly even remove) the shadow files instead of regenerating them? |
So I'd probably say we should transfer this issue to rpm-ostree. This problem domain also applies to other systems using it (IoT, desktops, etc.) |
Tried to remove the shadow files:
Check shadow files have mode
|
Test with empty shadow files: |
Refer to coreos#49 (comment), Remove bin line in group and passwd Build FCOS, see logs: ``` systemd.post: Creating group 'bin' with GID 1. systemd.post: Creating user 'bin' (bin) with UID 1 and GID 1. systemd.post: /etc/gshadow: Group "bin" already exists. ``` According to @cgwalters 's pointer: The above log will lead systemd-sysusers (during systemd.post) exit early before saving the updated `/etc/{passwd,group}` refer to [code](https://github.com/systemd/systemd/blob/main/src/sysusers/sysusers.c#L820), and bin user/group will not be saved finally. The root cause is that `gshadow` is not consistent with group, `gshadow` is from setup, and we override group according to https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/group. The `shadow` is also from setup, and is not consistent with passwd, we should also sync it. Fix coreos/fedora-coreos-tracker#1525
Refer to coreos#49 (comment), do testing: 1. Remove bin line in group and passwd 2. Build FCOS, see logs: ``` systemd.post: Creating group 'bin' with GID 1. systemd.post: Creating user 'bin' (bin) with UID 1 and GID 1. systemd.post: /etc/gshadow: Group "bin" already exists. ``` According to @cgwalters 's pointer: The above log will lead systemd-sysusers (during systemd.post) exit early before saving the updated `/etc/{passwd,group}` refer to [code](https://github.com/systemd/systemd/blob/main/src/sysusers/sysusers.c#L820), and bin user/group will not be saved finally. The root cause is that `gshadow` is not consistent with group, `gshadow` is from setup, and we override group according to https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/group. The `shadow` is also from setup, and is not consistent with passwd, we should also sync it. Fix coreos/fedora-coreos-tracker#1525
Refer to coreos#49 (comment), do testing: 1. Remove bin line in group and passwd 2. Build FCOS, see logs: ``` systemd.post: Creating group 'bin' with GID 1. systemd.post: Creating user 'bin' (bin) with UID 1 and GID 1. systemd.post: /etc/gshadow: Group "bin" already exists. ``` According to @cgwalters 's pointer: The above log will lead systemd-sysusers (during systemd.post) exit early before saving the updated `/etc/{passwd,group}` refer to [code](https://github.com/systemd/systemd/blob/main/src/sysusers/sysusers.c#L820), and bin user/group will not be saved finally. The root cause is that `gshadow` is not consistent with group, `gshadow` is from setup, and we override group according to https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/group. The `shadow` is also from setup, and is not consistent with passwd, we should also sync it. Fix coreos/fedora-coreos-tracker#1525
bin
entries and get systemd.post: /etc/gshadow: Group "bin" already exists.
bin
entries and get systemd.post: /etc/gshadow: Group "bin" already exists.
Refer to coreos#49 (comment), do testing: 1. Remove bin line in group and passwd 2. Build FCOS, see logs: ``` systemd.post: Creating group 'bin' with GID 1. systemd.post: Creating user 'bin' (bin) with UID 1 and GID 1. systemd.post: /etc/gshadow: Group "bin" already exists. ``` According to @cgwalters 's pointer: The above log will lead systemd-sysusers (during systemd.post) exit early before saving the updated `/etc/{passwd,group}` refer to [code](https://github.com/systemd/systemd/blob/main/src/sysusers/sysusers.c#L820), and bin user/group will not be saved finally. The root cause is that `gshadow` is not consistent with group, `gshadow` is from setup, and we override group according to https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/group. The `shadow` is also from setup, and is not consistent with passwd, we should also sync it. Fix coreos/fedora-coreos-tracker#1525
Refer to coreos#49 (comment), do testing: 1. Remove bin line in group and passwd 2. Build FCOS, see logs: ``` systemd.post: Creating group 'bin' with GID 1. systemd.post: Creating user 'bin' (bin) with UID 1 and GID 1. systemd.post: /etc/gshadow: Group "bin" already exists. ``` According to @cgwalters 's pointer: The above log will lead systemd-sysusers (during systemd.post) exit early before saving the updated `/etc/{passwd,group}` refer to [code](https://github.com/systemd/systemd/blob/main/src/sysusers/sysusers.c#L820), and bin user/group will not be saved finally. The root cause is that `gshadow` is not consistent with group, `gshadow` is from setup, and we override group according to https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/group. The `shadow` is also from setup, and is not consistent with passwd, we should also sync it. Fix coreos/fedora-coreos-tracker#1525
Refer to coreos#49 (comment), do testing: 1. Remove bin line in group and passwd 2. Build FCOS, see logs: ``` systemd.post: Creating group 'bin' with GID 1. systemd.post: Creating user 'bin' (bin) with UID 1 and GID 1. systemd.post: /etc/gshadow: Group "bin" already exists. ``` According to @cgwalters 's pointer: The above log will lead systemd-sysusers (during systemd.post) exit early before saving the updated `/etc/{passwd,group}` refer to [code](https://github.com/systemd/systemd/blob/main/src/sysusers/sysusers.c#L820), and bin user/group will not be saved finally. The root cause is that `gshadow` is not consistent with group, `gshadow` is from setup, and we override group according to https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/group. The `shadow` is also from setup, and is not consistent with passwd, we should also sync it. Fix coreos/fedora-coreos-tracker#1525
IMU, we should also remove bin user and group in https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/15fcos/usr/lib/sysusers.d/10-setup-basic.conf, as they are duplicated in setup
|
Refer to #49 (comment), do testing: 1. Remove bin line in group and passwd 2. Build FCOS, see logs: ``` systemd.post: Creating group 'bin' with GID 1. systemd.post: Creating user 'bin' (bin) with UID 1 and GID 1. systemd.post: /etc/gshadow: Group "bin" already exists. ``` According to @cgwalters 's pointer: The above log will lead systemd-sysusers (during systemd.post) exit early before saving the updated `/etc/{passwd,group}` refer to [code](https://github.com/systemd/systemd/blob/main/src/sysusers/sysusers.c#L820), and bin user/group will not be saved finally. The root cause is that `gshadow` is not consistent with group, `gshadow` is from setup, and we override group according to https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/group. The `shadow` is also from setup, and is not consistent with passwd, we should also sync it. Fix coreos/fedora-coreos-tracker#1525
Refer to coreos#49 (comment), do testing: 1. Remove bin line in group and passwd 2. Build FCOS, see logs: ``` systemd.post: Creating group 'bin' with GID 1. systemd.post: Creating user 'bin' (bin) with UID 1 and GID 1. systemd.post: /etc/gshadow: Group "bin" already exists. ``` According to @cgwalters 's pointer: The above log will lead systemd-sysusers (during systemd.post) exit early before saving the updated `/etc/{passwd,group}` refer to [code](https://github.com/systemd/systemd/blob/main/src/sysusers/sysusers.c#L820), and bin user/group will not be saved finally. The root cause is that `gshadow` is not consistent with group, `gshadow` is from setup, and we override group according to https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/group. The `shadow` is also from setup, and is not consistent with passwd, we should also sync it. Fix coreos/fedora-coreos-tracker#1525
Refer to coreos/rpm-ostree#49 (comment), do testing with
bin
:bin
line ingroup
andpasswd
(refer to https://github.com/coreos/fedora-coreos-config/tree/testing-devel/manifests)According to @cgwalters 's pointer, the above log will lead
systemd-sysusers
(duringsystemd.post
) exit early before saving the updated/etc/{passwd,group}
refer to code, andbin
user/group will not be saved finally.The root cause is the
gshadow
is not consistent withgroup
,gshadow
is from setup, and we overridegroup
according to fedora-coreos-config. And @cgwalters is correct, do testing withoverride/rootfs/etc/gshadow
(from setup package) which removs thebin
line, rebuild FCOS no such logs and verifybin
user / group saved in/usr/lib/{passwd,group}
after boot the disk.To fix this, we should make sure
gshadow
is consistent withgroup
before layering, like regeneratinggshadow
according togroup
.The text was updated successfully, but these errors were encountered: