[arch-general] groupmod / pam bug - Arch hit by http://bugs.gentoo.org/300790
Guys, Two things "Wohoo, I'm free! - last home server moved to Arch!" and second, Arch has the same bug in the source of shadow src/groupmod.c that renders groupmod unusable with pam enabled: [15:23 nirvana:/home/david] # groupmod -g1060 david groupmod: Cannot determine your user name. [15:25 nirvana:/home/david] # groupmod -nskyline david groupmod: Cannot determine your user name. The gentoo guys have a patch to fix it: http://bugs.gentoo.org/300790 I apologize if this has already been brought to your attention. Let me know if you want me to open a ticket. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
On 02/28/2010 03:45 PM, David C. Rankin wrote:
Guys,
Two things "Wohoo, I'm free! - last home server moved to Arch!" and second, Arch has the same bug in the source of shadow src/groupmod.c that renders groupmod unusable with pam enabled:
[15:23 nirvana:/home/david] # groupmod -g1060 david groupmod: Cannot determine your user name.
[15:25 nirvana:/home/david] # groupmod -nskyline david groupmod: Cannot determine your user name.
The gentoo guys have a patch to fix it:
I apologize if this has already been brought to your attention. Let me know if you want me to open a ticket.
Quick Question: How do we change group information while this bug is there? Do we disable pam or do we just edit /etc/group in the interim? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
On 02/28/2010 03:23 PM, David C. Rankin wrote:
On 02/28/2010 03:45 PM, David C. Rankin wrote:
Guys,
Two things "Wohoo, I'm free! - last home server moved to Arch!" and second, Arch has the same bug in the source of shadow src/groupmod.c that renders groupmod unusable with pam enabled:
[15:23 nirvana:/home/david] # groupmod -g1060 david groupmod: Cannot determine your user name.
[15:25 nirvana:/home/david] # groupmod -nskyline david groupmod: Cannot determine your user name.
The gentoo guys have a patch to fix it:
I apologize if this has already been brought to your attention. Let me know if you want me to open a ticket.
Quick Question:
How do we change group information while this bug is there? Do we disable pam or do we just edit /etc/group in the interim?
Patch shadow your self w/ aforementioned gentoo patch. works fine after building w/ the patch.
On Mon, Mar 01, 2010 at 11:32:15AM -0700, jwbirdsong wrote:
Patch shadow your self w/ aforementioned gentoo patch. works fine after building w/ the patch.
(maybe a completely stupid question) Is there a systematic way to get the source version of an Arch package ? Searching AUR for 'groupmod' turns up niente. Ciao, -- FA O tu, che porte, correndo si ? E guerra e morte !
On 1 March 2010 16:29, <fons@kokkinizita.net> wrote:
On Mon, Mar 01, 2010 at 11:32:15AM -0700, jwbirdsong wrote:
Patch shadow your self w/ aforementioned gentoo patch. works fine after building w/ the patch.
(maybe a completely stupid question)
Is there a systematic way to get the source version of an Arch package ?
Searching AUR for 'groupmod' turns up niente.
groupmod is part of the shadow package (which I determined with pacman -Qo $(which groupmod)). Its current Arch version is 4.1.4.2-1, thus the source version is 4.1.4.2 (without the pkgrel, -1). -- Tavian Barnes
If you run ABS, check the wiki[1] or search for the package on the web page. [1] http://wiki.archlinux.org/index.php/ABS On 1 March 2010 21:42, Tavian Barnes <tavianator@gmail.com> wrote:
On 1 March 2010 16:29, <fons@kokkinizita.net> wrote:
On Mon, Mar 01, 2010 at 11:32:15AM -0700, jwbirdsong wrote:
Patch shadow your self w/ aforementioned gentoo patch. works fine after building w/ the patch.
(maybe a completely stupid question)
Is there a systematic way to get the source version of an Arch package ?
Searching AUR for 'groupmod' turns up niente.
groupmod is part of the shadow package (which I determined with pacman -Qo $(which groupmod)). Its current Arch version is 4.1.4.2-1, thus the source version is 4.1.4.2 (without the pkgrel, -1).
-- Tavian Barnes
On 03/01/2010 04:29 PM, fons@kokkinizita.net wrote:
On Mon, Mar 01, 2010 at 11:32:15AM -0700, jwbirdsong wrote:
Patch shadow your self w/ aforementioned gentoo patch. works fine after building w/ the patch.
(maybe a completely stupid question)
Is there a systematic way to get the source version of an Arch package ?
Searching AUR for 'groupmod' turns up niente.
Ciao,
Step 1: [darose@daroselin ~]$ which groupmod /usr/sbin/groupmod Step 2: [darose@daroselin ~]$ pacman -Qo /usr/sbin/groupmod /usr/sbin/groupmod is owned by shadow 4.1.4.2-1 Step 2.5 (if your abs is not up to date): [darose@daroselin ~]$ sudo abs ... lots of updates to stdout ... Step 3: [darose@daroselin ~]$ find /var/abs -name shadow /var/abs/core/filesystem/shadow /var/abs/core/shadow /var/abs/core/shadow/shadow /var/abs/testing/filesystem/shadow [darose@daroselin ~]$ cp -r /var/abs/core/shadow /var/abs/local Step 4: [darose@daroselin ~]$ cd /var/abs/local/shadow [darose@daroselin ~]$ makepkg -o HTH, DR
On Mon, Mar 01, 2010 at 06:03:54PM -0500, David Rosenstrauch wrote:
Step 1: ... ... HTH,
Very much, thanks ! I was imagining some way to get individual packages, clearly that was a wrong assumption. Ciao, -- FA O tu, che porte, correndo si ? E guerra e morte !
On Tue, 2010-03-02 at 00:56 +0100, fons@kokkinizita.net wrote:
On Mon, Mar 01, 2010 at 06:03:54PM -0500, David Rosenstrauch wrote:
Step 1: ... ... HTH,
Very much, thanks !
I was imagining some way to get individual packages, clearly that was a wrong assumption.
Ciao,
You can, using repos.archlinux.org
Ng Oon-Ee (2010-03-02 08:55):
On Tue, 2010-03-02 at 00:56 +0100, fons@kokkinizita.net wrote:
On Mon, Mar 01, 2010 at 06:03:54PM -0500, David Rosenstrauch wrote:
Step 1: ... ... HTH,
Very much, thanks !
I was imagining some way to get individual packages, clearly that was a wrong assumption.
Ciao,
You can, using repos.archlinux.org
And with abs: $ abs core/shadow
On 03/01/2010 07:55 PM, Ng Oon-Ee wrote:
On Tue, 2010-03-02 at 00:56 +0100, fons@kokkinizita.net wrote:
On Mon, Mar 01, 2010 at 06:03:54PM -0500, David Rosenstrauch wrote:
Step 1: ... ... HTH,
Very much, thanks !
I was imagining some way to get individual packages, clearly that was a wrong assumption.
Ciao,
You can, using repos.archlinux.org
??? I think the OP was saying that he wanted the source code for the app. repos.archlinux.org only holds PKGBUILD scripts, not the app's source code. DR
On Tue, Mar 02, 2010 at 10:38:55AM -0500, David Rosenstrauch wrote:
You can, using repos.archlinux.org
???
I think the OP was saying that he wanted the source code for the app. repos.archlinux.org only holds PKGBUILD scripts, not the app's source code.
Correct, but then makepkg -o will retrieve the sources. I patched groupmod, remade and installed the shadow package. Now there is one remaining question: may I assume that when shadow is updated in [core] the groupmod bug will be fixed (it effectively renders groupmod useless) ? I see three possibles outcomes: * Yes. * Depends on the maintainer of that package. * Depends on upstream having fixed it. The practical question behind this is if course if I should configure pacman to ignore shadow updates until further notice. Ciao, -- FA O tu, che porte, correndo si ? E guerra e morte !
On 03/03/2010, fons@kokkinizita.net <fons@kokkinizita.net> wrote:
Now there is one remaining question: may I assume that when shadow is updated in [core] the groupmod bug will be fixed (it effectively renders groupmod useless) ?
I see three possibles outcomes:
* Yes. * Depends on the maintainer of that package. * Depends on upstream having fixed it.
Depends on upstream having fixed it, if it's entirely an upstream bug. Else, depending on the maintainer, if it's trivial and urgent, yes. I know, it's a nice answer =p
The practical question behind this is if course if I should configure pacman to ignore shadow updates until further notice.
You could, to stay safe. -- GPG/PGP ID: B42DDCAD
On 03/01/2010 05:03 PM, David Rosenstrauch wrote:
Step 1: [darose@daroselin ~]$ which groupmod /usr/sbin/groupmod
Step 2: [darose@daroselin ~]$ pacman -Qo /usr/sbin/groupmod /usr/sbin/groupmod is owned by shadow 4.1.4.2-1
Step 2.5 (if your abs is not up to date): [darose@daroselin ~]$ sudo abs ... lots of updates to stdout ...
Step 3: [darose@daroselin ~]$ find /var/abs -name shadow /var/abs/core/filesystem/shadow /var/abs/core/shadow /var/abs/core/shadow/shadow /var/abs/testing/filesystem/shadow [darose@daroselin ~]$ cp -r /var/abs/core/shadow /var/abs/local
Step 4: [darose@daroselin ~]$ cd /var/abs/local/shadow [darose@daroselin ~]$ makepkg -o
HTH,
DR
Good to be with you DR :) -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
You can also get em from ftp://ftp.archlinux.org/sources/ But I think that's only for < GPL3. -- GPG/PGP ID: B42DDCAD
On 03/01/2010 02:29 PM, fons@kokkinizita.net wrote:
On Mon, Mar 01, 2010 at 11:32:15AM -0700, jwbirdsong wrote:
Patch shadow your self w/ aforementioned gentoo patch. works fine after building w/ the patch.
(maybe a completely stupid question)
Is there a systematic way to get the source version of an Arch package ?
Searching AUR for '' turns up niente.
Ciao,
Also check out community/pkgtools which has pkgfile $ pkgfile -s /usr/sbin/groupmod core/shadow
On 03/01/2010 12:32 PM, jwbirdsong wrote:
Quick Question:
How do we change group information while this bug is there? Do we disable pam or do we just edit /etc/group in the interim?
Patch shadow your self w/ aforementioned gentoo patch. works fine after building w/ the patch.
Will do, In the interim, and I know there will be howls against doing it, but I simply edited /etc/passwd and /etc/group and set the gid to what I needed. Worked fine. /etc/shadow doesn't appear to hold any group information so I think I found all the needed files. Right now it is just a one user system and subsequent to the gid change, I added the group that needed the gid with groupadd and it worked like a champ. Anybody see any "you just broke this -- stupid..." issues? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
David C. Rankin (2010-03-01 17:03):
On 03/01/2010 12:32 PM, jwbirdsong wrote:
Quick Question:
How do we change group information while this bug is there? Do we disable pam or do we just edit /etc/group in the interim?
Patch shadow your self w/ aforementioned gentoo patch. works fine after building w/ the patch.
Will do,
In the interim, and I know there will be howls against doing it, but I simply edited /etc/passwd and /etc/group and set the gid to what I needed. Worked fine. /etc/shadow doesn't appear to hold any group information so I think I found all the needed files. Right now it is just a one user system and subsequent to the gid change, I added the group that needed the gid with groupadd and it worked like a champ. Anybody see any "you just broke this -- stupid..." issues?
Most probably, editing /etc/group and ignoring /etc/gshadow won't break anything if you're not using group passwords (are these used by anybody?). But I would keep /etc/group and /etc/gshadow synchronized anyway. You can use /usr/sbin/vigr to edit these files by hand. If you have a working cron, you might get an e-mail telling you about problems. Try to run this as root (and look at the file contents): $ /etc/cron.daily/shadow
2010/2/28, David C. Rankin <drankinatty@suddenlinkmail.com>:
I apologize if this has already been brought to your attention. Let me know if you want me to open a ticket.
Fill a bug report, if you think that is a bug. -- Arch Linux Developer http://www.archlinux.org http://www.archlinux.it
On 02/28/2010 04:27 PM, Giovanni Scafora wrote:
2010/2/28, David C. Rankin <drankinatty@suddenlinkmail.com>:
I apologize if this has already been brought to your attention. Let me know if you want me to open a ticket.
Fill a bug report, if you think that is a bug.
Will do - no thinking about it, it 'is' a bug. Go try and change a group name :p -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
On 02/28/2010 04:27 PM, Giovanni Scafora wrote:
2010/2/28, David C. Rankin <drankinatty@suddenlinkmail.com>:
I apologize if this has already been brought to your attention. Let me know if you want me to open a ticket.
Fill a bug report, if you think that is a bug.
Done: FS#18516 http://bugs.archlinux.org/task/18516 -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
participants (10)
-
Chris Bannister
-
David C. Rankin
-
David Rosenstrauch
-
fons@kokkinizita.net
-
Giovanni Scafora
-
jwbirdsong
-
Ng Oon-Ee
-
Ray Rashif
-
Rogutės Sparnuotos
-
Tavian Barnes