Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

augeas can't set an empty string (passwd/name and shadow/password) #829

Open
paulo-erichsen opened this issue Mar 19, 2024 · 1 comment
Open

augeas can't set an empty string (passwd/name and shadow/password) #829

paulo-erichsen opened this issue Mar 19, 2024 · 1 comment

Comments

@paulo-erichsen
Copy link

paulo-erichsen commented Mar 19, 2024
edited

description

There seems to be 2 issues.

  1. Augtool complains when trying to set an empty string for passwd/$user/name or shadow/$user/password (I'd expect it to be able to set an empty string without errors)
  2. There's a discrepancy in behavior between augtool when invoked with all params from the command line and from the interactive shell (see the workaround). I'd expect the non-interactive shell and the interactive shell to behave the same.

according to the manual of shadow(5),

encrypted password
This field may be empty, in which case no passwords are required to authenticate as the specified login name.

tested on 1.12.0

$ augtool --version
augtool 1.12.0 <http://augeas.net/>
Copyright (C) 2007-2016 David Lutterkort
License LGPLv2+: GNU LGPL version 2.1 or later
                 <http://www.gnu.org/licenses/lgpl-2.1.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by David Lutterkort

steps to reproduce

  1. add a user to your system. I've added "user7" useradd --create-home --shell /bin/bash user7
  2. try to set an empty name (description) in passwd or empty password in shadow
$ augtool set /files/etc/passwd/user7/name ""
error: Failed to execute command
saving failed (run 'errors' for details)

$ augtool set /files/etc/shadow/user7/password ""
error: Failed to execute command
saving failed (run 'errors' for details)

looking into the error, this is what I see

  • /augeas/files/etc/passwd/error or /augeas/files/etc/shadow/error
  • put_failed
  • Value '' does not match regexp /[^:\r\n]+/ in store lens

workaround

It seems like when I open augtool and run the commands separately through the interactive shell, then it doesn't throw the error

$ augtool 
augtool> set /files/etc/passwd/user7/name ""
augtool> save
Saved 1 file(s)
augtool> quit

$ augtool
augtool> set /files/etc/shadow/user7/password ""
augtool> save
Saved 1 file(s)
augtool> quit

It's odd that augtool from the interactive shell allows what I want, but in my case, I'm trying to edit the passwd file from python using the python-augeas bindings so I can't really use the work around for the interactive shell. Code section below:

import augeas
a = augeas.Augeas()
a.set("/files/etc/passwd/user7/name", "")
a.set("/files/etc/shadow/user7/password", "")
a.save()

# result: an exception is thrown when saving
@paulo-erichsen paulo-erichsen changed the title augeas can't set an empty name in passwd augeas can't set an empty string (passwd/name and shadow/password) Mar 19, 2024
@igalic
Copy link

igalic commented May 13, 2024

Maybe we should start with a failing test:
what does such a passwd or shadow entry look like in real life?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@igalic @paulo-erichsen