X2Go Bug report logs -
#1145
x2godbadmin + postgres + non-existent home directory = wrong ownerships
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1145
; Package x2goserver
.
(Tue, 07 Feb 2017 13:15:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Baur <X2Go-ML-1@baur-itcs.de>
:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 07 Feb 2017 13:15:02 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
package: x2goserver
When x2godbadmin is used with a postgres database, and the user name
given doesn't yet have a home directory, it creates this home directory.
(see line 368 and following of /usr/sbin/x2godbadmin).
However, it fails to set the proper UID/GID ownerships for
/home/<username> - only the files below it have the proper ownership.
The proper way how to determine the correct UID for /home/<username> is
simple - use the UID that has been determined previously and that is
used as $uid within /usr/sbin/x2godbadmin.
The proper way how to determine the correct *GID* is more tricky, I
believe. I can only speak for Debian here - this may be
distribution-specific:
You need to check if /etc/default/useradd contains a line
USERGROUPS_ENAB=yes
(which might also be "yes", or 'yes', or Yes, YES, ... you get the idea)
Check if that value is set to any variant of yes, or not set at all:
If yes: Check if the user already has a group named after them:
If yes, use the GID of that group.
If no, create a new group with a name matching the username,
and assign the GID of that group.
If no (meaning the value is set to any variant of no, "no", 'no', No, etc.):
Check if /etc/default/useradd contains a valid GID value for
a variable named GROUP:
If it does, assign that GID.
If it doesn't, assign GID 100.
This pseudocode builds on the documentation found in "man useradd" on
Debian Jessie, after confirming the default value of USERGROUPS_ENAB is,
in fact, "unset".
Kind Regards,
Stefan Baur
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1145
; Package x2goserver
.
(Tue, 07 Feb 2017 22:15:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Nable <nable.maininbox@googlemail.com>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 07 Feb 2017 22:15:02 GMT) (full text, mbox, link).
Message #10 received at 1145@bugs.x2go.org (full text, mbox, reply):
Hi, Stefan.
> When x2godbadmin is used with a postgres database, and the user name
> given doesn't yet have a home directory, it creates this home directory.
I've thought that creation of home directories is a task for useradd
(for local users) or pam_mkhomedir from libpam-modules (in case of
centralized database of network logins) and there may be even more
existing alternatives. Should this non-trivial code be implemented
once again in X2Go tools instead of trying to keep things closer to a
UNIX-way?
Cheers, Nable.
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1145
; Package x2goserver
.
(Tue, 07 Feb 2017 22:55:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Baur <X2Go-ML-1@baur-itcs.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 07 Feb 2017 22:55:01 GMT) (full text, mbox, link).
Message #15 received at 1145@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Am 07.02.2017 um 23:14 schrieb Nable:
>> When x2godbadmin is used with a postgres database, and the user name
>> given doesn't yet have a home directory, it creates this home directory.
> I've thought that creation of home directories is a task for useradd
> (for local users) or pam_mkhomedir from libpam-modules (in case of
> centralized database of network logins) and there may be even more
> existing alternatives. Should this non-trivial code be implemented
> once again in X2Go tools instead of trying to keep things closer to a
> UNIX-way?
Well, there already is code in there that is doing it - it just does it
wrong in this particular case. Of course, we could argue that the
entire piece of code should be removed - but how would you handle things
in this particular case?
Having no /home/<username> is something that is most likely to happen
with non-local accounts.
pam_mkhomedir fixes this and creates it on the spot - IF, and only IF
the user logs in.
x2godbadmin, however, needs to be run
- on the x2goserver
- by root
- before the user logs in
-> chicken and egg.
So - to expand this bug - what we'd need is some piece of code that does
what pam_mkhomedir does (not only create the directory and set
ownership/permissions, *but also* populate it with the contents of
/etc/skel) - but for a user other than the one that's currently logged
in. Are you aware of anything that does that and that we could call?
-Stefan
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1145
; Package x2goserver
.
(Wed, 08 Feb 2017 01:35:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Nable <nable.maininbox@googlemail.com>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Wed, 08 Feb 2017 01:35:02 GMT) (full text, mbox, link).
Message #20 received at 1145@bugs.x2go.org (full text, mbox, reply):
> Are you aware of anything that does that and that we could call?
I think that setup with absent homedir && non-configured pam_mkhomedir
is broken anyway and one can only fail gracefully with a good error
message.
Other variants (homedir already exists and/or pam_mkhomedir is
configured) can be covered by calling `su' or `sudo' with appropriate
options (e.g. su -c /bin/true "${user_to_add}").
This would fail if homedir (either existing or not) is located on a
network or encrypted FS (where local root can't do anything without
knowing user's password) but this is a separate issue.
I've also seen posts (e.g.[1]) about `oddjob-mkhomedir' (and I've
already seen it in Debian repos) but I wonder if this way is
production-ready. And this way seems to be more complex.
[1] https://access.redhat.com/discussions/903523
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1145
; Package x2goserver
.
(Wed, 08 Feb 2017 09:00:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Walid MOGHRABI <w.moghrabi@servicemagic.eu>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Wed, 08 Feb 2017 09:00:02 GMT) (full text, mbox, link).
Message #25 received at 1145@bugs.x2go.org (full text, mbox, reply):
Hi,
To add my 2 cents, I workarounded this by creating a small helper script for provisionning my accounts which does the x2godbadmin --adduser stuff + a few other things (provisionning the /etc/skel content, setting right user perms, ...)
I don't think it is mandatory to expand these features inside the script but creating good documentation about those script (and I include scripts such as x2golistsession, x2goterminatesession, ...) and good error reporting would be great because it's very hard o know what they do unless you tap directly inside the code itself (which I did at then end).
Regards,
Walid Moghrabi
TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3
----- Mail original -----
De: "Nable" <nable.maininbox@googlemail.com>
À: "Stefan Baur" <X2Go-ML-1@baur-itcs.de>
Cc: 1145@bugs.x2go.org
Envoyé: Mercredi 8 Février 2017 02:32:52
Objet: [X2Go-Dev] Bug#1145: Bug#1145: x2godbadmin + postgres + non-existent home directory = wrong ownerships
> Are you aware of anything that does that and that we could call?
I think that setup with absent homedir && non-configured pam_mkhomedir
is broken anyway and one can only fail gracefully with a good error
message.
Other variants (homedir already exists and/or pam_mkhomedir is
configured) can be covered by calling `su' or `sudo' with appropriate
options (e.g. su -c /bin/true "${user_to_add}").
This would fail if homedir (either existing or not) is located on a
network or encrypted FS (where local root can't do anything without
knowing user's password) but this is a separate issue.
I've also seen posts (e.g.[1]) about `oddjob-mkhomedir' (and I've
already seen it in Debian repos) but I wonder if this way is
production-ready. And this way seems to be more complex.
[1] https://access.redhat.com/discussions/903523
_______________________________________________
x2go-dev mailing list
x2go-dev@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-dev
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1145
; Package x2goserver
.
(Wed, 08 Feb 2017 13:35:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Baur <X2Go-ML-1@baur-itcs.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Wed, 08 Feb 2017 13:35:02 GMT) (full text, mbox, link).
Message #30 received at 1145@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Am 07.02.2017 um 23:41 schrieb Stefan Baur:
> x2godbadmin, however, needs to be run
> - on the x2goserver
> - by root
> - before the user logs in
>
> -> chicken and egg.
Ha, I think I found a way to "hatch the egg"!
As root, do:
su <username> -s /bin/true # this triggers pam_mkhomedir for <username>
x2godbadmin --adduser <username>
We *might* consider adding that inside x2godbadmin, but would have to
make sure it is only used if pam_mkhomedir is in use/users are non-local
users (because it won't do the trick if it's a local user account that
doesn't have a homedirectory yet).
-Stefan
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1145
; Package x2goserver
.
(Wed, 08 Feb 2017 21:45:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Nable <nable.maininbox@googlemail.com>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Wed, 08 Feb 2017 21:45:02 GMT) (full text, mbox, link).
Message #35 received at 1145@bugs.x2go.org (full text, mbox, reply):
On 2/8/17, Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
> Ha, I think I found a way to "hatch the egg"!
> [...]
Did you receive my previous message? Calling `su' was exactly what
I've suggested there. There were also some additional notes there that
you may find interesting.
Here it is: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1145#20
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1145
; Package x2goserver
.
(Fri, 24 Mar 2017 03:35:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Sat Nov 23 07:56:24 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.