Bug 297610

Summary:	Live Installer keeps user database of live system
Product:	[openSUSE] openSUSE 10.3	Reporter:	Stephan Binner <stbinner>
Component:	YaST2	Assignee:	Marcus Schaefer <ms>
Status:	RESOLVED FIXED	QA Contact:	Jiri Srain <jsrain>
Severity:	Normal
Priority:	P5 - None	CC:	coolo
Version:	Alpha 7	Flags:	coolo: SHIP_STOPPER-
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:	LiveCD
Found By:	Development	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Stephan Binner 2007-08-05 13:44:44 UTC

Tested the Alpha 7 KDE Live-CD, after installation the system had not only my self-created user but also "linux" and "test1"(?) users which existed on the live system.

Comment 1 Jiri Srain 2007-08-08 10:54:43 UTC

I can remove them, however, if the user who tested the live system has any data files there, he will be hardly able to get to this data once the 'linux' user is removed, even if the home directory is kept. OTOH I understand the security point of view.

Copying the home of the user 'linux' may be a solution and removing the users afterwards. Stephan, is it acceptable solution?

Comment 2 Jiri Srain 2007-08-08 11:09:38 UTC

The question is what to do if user creates multiple users, none of them via the dialog which is the first users-related dialog in the workflow. Where to copy the data then?

Comment 3 Stephan Kulow 2007-08-08 12:05:44 UTC

I wouldn't bother with it in the live installer. Test1 shouldn't exist on the live CD. 

The bug is in kiwi: it copies the workstations's /etc/passwd - and it should rather take the passwd from aaa_base: /var/adm/fillup-templates/passwd.aaa_base

Comment 4 Jan-Christoph Bornschlegel 2007-08-09 16:47:35 UTC

This is only half the truth :)

If the files exist in ./root/etc/, then THOSE are copied.
The fallback to the buildhost's versions is effective only if nothing else is there. This may be considered a security problem and could be fixed in KIWI code (my Marcus or me).
The workaround is easy: simply provide basic passwd/shadow/group files with the config.xml.

Comment 5 Stephan Binner 2007-09-15 06:55:43 UTC

Raising as an "linux" user without password on installed system is unacceptable.

Comment 6 Stephan Kulow 2007-09-15 07:03:13 UTC

And why the f*** do you play around with the assignee?

Comment 9 Christoph Thiel 2007-09-19 09:27:46 UTC

fixed in SVN. needs to be verified on RC1 :)

Comment 10 Christoph Thiel 2007-09-19 10:40:29 UTC

Reopening, since the fix in SVN didn't really work as expected.

Comment 11 Christoph Thiel 2007-09-19 10:41:24 UTC

Reassigning to Marcus, since kiwi needs to provide a minimal /etc/passwd and /etc/group. Just putting them in root/etc/passwd and root/etc/group doesn't work as expected!

Comment 12 Stephan Kulow 2007-09-19 14:28:24 UTC

the linux user is removed though -> downgrading

Comment 13 Marcus Schaefer 2007-09-19 16:50:10 UTC

fixed

   use correct passwd and group template file of the
   distribution. system image descriptions should _not_ provide
   a passwd or group file within the image description root/
   path anymore