July 20, 201015 yr CAVEAT: I'm not sure if I worked my system into an odd state, if so, it persists across reboots. Currently, any user I create corresponding with userid of 1000 is ignored in the "Users" tab. It is not listed in the user list. The other uses are displayed including uid 0 (root) and uid 1001 or higher. The user name does not matter. I can delete the users and recreate using different names with the same result. Any user with UID of 1000 is not listed. Any thoughts? Any suggestions? Step 0. I'm starting off with only user 'root' showing in the list, root:0:XXX line shows up in smbpasswd, and root is in passwd. root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:---:[u ]:---: Step 1. I attempt to add user1000. The "Users" tab only displays user 'root'. User1000 is not listed in the user list. Jul 20 02:17:07 Reaver emhttp: shcmd (70): useradd -g users -d / -s /bin/false -c 'Test User 1000' user1000 Jul 20 02:17:07 Reaver emhttp: shcmd (71): chpasswd <<< user1000:"*****" Jul 20 02:17:07 Reaver emhttp: shcmd (72): smbpasswd -L -s -a user1000 <<< "*****"$'\n'"*****" Jul 20 02:17:07 Reaver emhttp: shcmd (73): cp /etc/passwd /etc/samba/private/smbpasswd /boot/config root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:---:[u ]:---: user1000:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:72B348D38A44BB8B774CEFD29F0BA7DF:[u ]:LCT-4C453F63: user1000:$1$Yd7OqKfR$DSg0TzxKQb9u5w8hIXCSf.:1000:100:Test User 1000:/:/bin/false Step 2. I now attempt to add user1001. The "Users" tab only displays user 'root', and 'user1001'. User1000 is still not listed in the user list. Jul 20 02:21:11 Reaver emhttp: shcmd (74): useradd -g users -d / -s /bin/false -c 'Test User 1001' user1001 Jul 20 02:21:12 Reaver emhttp: shcmd (75): chpasswd <<< user1001:"*****" Jul 20 02:21:12 Reaver emhttp: shcmd (76): smbpasswd -L -s -a user1001 <<< "*****"$'\n'"*****" Jul 20 02:21:12 Reaver emhttp: shcmd (77): cp /etc/passwd /etc/samba/private/smbpasswd /boot/config root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:---:[u ]:---: user1000:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:72B348D38A44BB8B774CEFD29F0BA7DF:[u ]:LCT-4C453F63: user1001:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:59D9A9FAB6DDB292AFB7D3FED668959F:[u ]:LCT-4C454058: user1000:$1$Yd7OqKfR$DSg0TzxKQb9u5w8hIXCSf.:1000:100:Test User 1000:/:/bin/false user1001:$1$JnaI9/Fo$K9ULvMhUq/hHK80KodV5L0:1001:100:Test User 1001:/:/bin/false Step 3. I now attempt to add user1002. The "Users" tab only displays user 'root', 'user1001', and 'user1002'. User1000 is still not listed in the user list. Jul 20 02:26:51 Reaver emhttp: shcmd (78): useradd -g users -d / -s /bin/false -c 'Test User 1002' user1002 Jul 20 02:26:51 Reaver emhttp: shcmd (79): chpasswd <<< user1002:"*****" Jul 20 02:26:51 Reaver emhttp: shcmd (80): smbpasswd -L -s -a user1002 <<< "*****"$'\n'"*****" Jul 20 02:26:51 Reaver emhttp: shcmd (81): cp /etc/passwd /etc/samba/private/smbpasswd /boot/config root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:---:[u ]:---: user1000:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:72B348D38A44BB8B774CEFD29F0BA7DF:[u ]:LCT-4C453F63: user1001:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:59D9A9FAB6DDB292AFB7D3FED668959F:[u ]:LCT-4C454058: user1002:1002:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:C5B8BBBB2149A53D8F866992E7368BFB:[u ]:LCT-4C4541AB: user1000:$1$Yd7OqKfR$DSg0TzxKQb9u5w8hIXCSf.:1000:100:Test User 1000:/:/bin/false user1001:$1$JnaI9/Fo$K9ULvMhUq/hHK80KodV5L0:1001:100:Test User 1001:/:/bin/false user1002:$1$8HXdbSOP$DryUMwqTApnxVruv7.ie9/:1002:100:Test User 1002:/:/bin/false Step N. Here's some troubleshooting steps I did to see user1000 exists and wasn't newly added. root@Reaver:/var/local/emhttp# smbpasswd -a user1000 New SMB password: Retype new SMB password: root@Reaver:/var/local/emhttp# smbpasswd -x user1000 Deleted user user1000. root@Reaver:/var/local/emhttp# smbpasswd -a user1000 New SMB password: Retype new SMB password: Added user user1000.
July 20, 201015 yr Yeah that's a bug. Originally had an 'Admin' user occupying uid 1000, but took it out and somehow missed fixing the code.
July 20, 201015 yr Tom, While you are fixing password related things... Currently, in beta1, the password file is WIDE open. You can log in via telnet with no password as: bin, daemon, adm, lp, mail, news, uucp, operator, games, ftp, smmsp, mysql, sshd, gdm, pop, nobody Since /boot is writable by the world it might take all of 10 seconds for a hacker to do some real damage and gain root privileges. Of course, experienced hackers would probably never try any of the above log ins, since they always have a password, or had been disabled by setting the login shell to /bin/false. On yes, you can log in as root too, but that one is expected to be open until you assign a password. Joe L.
July 20, 201015 yr Tom, While you are fixing password related things... Currently, in beta1, the password file is WIDE open. You can log in via telnet with no password as: bin, daemon, adm, lp, mail, news, uucp, operator, games, ftp, smmsp, mysql, sshd, gdm, pop, nobody Since /boot is writable by the world it might take all of 10 seconds for a hacker to do some real damage and gain root privileges. Of course, experienced hackers would probably never try any of the above log ins, since they always have a password, or had been disabled by setting the login shell to /bin/false. On yes, you can log in as root too, but that one is expected to be open until you assign a password. Joe L. This is a bug - only 'root' should be able to log in
July 20, 201015 yr Is there a reason shadow passwords are not used? Just simplicity, since the only allowed login is root (or supposed to be anyway). May need to rethink this.
July 20, 201015 yr Is there a reason shadow passwords are not used? Just simplicity, since the only allowed login is root (or supposed to be anyway). May need to rethink this. There have been other slackware packages which would not work correctly without shadow passwords. Since you are using the standard tools chpasswd, you may want to give shadow passwords more consideration.
July 20, 201015 yr Can you recall any such packages?? Very early on I remember getting rid of shadow passwords to simplify start up, where, I think rc.M is modified to just copy 'passwd' from the flash to /etc. I guess it's not much more work to have it copy both 'passwd' and 'shadow'. Remembered from "Why you might NOT want to shadow your passwd file." - The machine does not contain user accounts.
July 20, 201015 yr openssh complains everytime I login and there isn't a shadow entry. I know ssh is not included in the base distro, but for remote control and secure rsync, it's needed. I think having emhttp support shadow passwords opens up the possibility of layering emhttp on top of other distros also. I remember there were others doing the full slackware dev environment but having problems with emhttp supporting the shadow passwords. In my particular case, there are "other" accounts on the system. dovecot (for the new imap storage). there will need to be a mail user if we ever add some form of outbound mail. I'll agree, It is simpler with out the shadow file.
Archived
This topic is now archived and is closed to further replies.