Bug 425745

Summary:	encrypted user home can be created when already exist
Product:	[openSUSE] openSUSE 11.1	Reporter:	Pavel Nemec <pnemec>
Component:	YaST2	Assignee:	Jiří Suchomel <jsuchome>
Status:	RESOLVED FIXED	QA Contact:	Jiri Srain <jsrain>
Severity:	Normal
Priority:	P3 - Medium	CC:	jengelh
Version:	Alpha 2
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	requested y2logs requested logs with Y2DEBUG=1 right logs testcase

Description Pavel Nemec 2008-09-12 07:46:37 UTC

I am installing 11.1 alphas and I have separate home. I set couple of users, some with encrypted homes. I have home partition on separate directory.

When installing new Alpha (not upgrading) I loose setup for my users. For normal user it is not problem. I set same name and YaST automaticly use old home. AFAIK it also set right UID. 

In case of user with encrypted home YaST start complaining about home directory already exist and then fail with creating /home/user_name.img with pop up dialog "use --force, file already exist"

User is somehow created, but when you try loggin in you will have '~' set to '/'

I looked into documentation for 11.0 (which works exactly same ... buggy) and I did not find any information how import user with encrypted home)
Chapter 5. Managing Users with YaST / 5.2. Special Options)

Steps to reproduce
1. Create separate partitions for / and for /home
2. Create user1 with encrypted home
2. Create user2 without encrypted home
3. Reinstall system with wiping /, but not the /home
4. Create user2 and you will have your old home accessible with your data
5. Create user1 and you will have no access to your old data.

Comment 1 Christoph Thiel 2008-09-26 11:21:05 UTC

Pavel, you might want to add y2logs (http://en.opensuse.org/Bugs/YaST) to this bug.

Comment 2 Jiří Suchomel 2008-09-26 13:09:31 UTC

Yes, you want to.

Comment 3 Pavel Nemec 2008-09-29 07:12:45 UTC

Hm, ok I thought for a minute that exact reproduction steps are enough. Even when I expect that this behavior is totally hw independent. 
But I will provide them ASAP

Comment 4 Pavel Nemec 2008-09-29 14:06:56 UTC

Created attachment 242266 [details]
requested y2logs

Comment 5 Pavel Nemec 2008-10-09 18:22:44 UTC

Forget to remove NEEDINFO.

Comment 6 Pavel Nemec 2008-10-10 13:19:22 UTC

Created attachment 244867 [details]
requested logs with Y2DEBUG=1

Comment 7 Jiří Suchomel 2008-10-13 07:34:07 UTC

These are some logs from installation (without Y2DEBUG btw), when yast2-users is not run.

I need the logs of step 5: only yast2-users (on installed system, I assume) with Y2DEBUG.

Comment 8 Pavel Nemec 2008-10-13 08:02:07 UTC

Created attachment 245073 [details]
right logs

I uploaded wrong logs, sorry.

Comment 9 Jiří Suchomel 2008-10-15 11:52:22 UTC

Chris, what should I call when 

a) new user is not configured in pam_mount.conf.xml (= new installation), so I need to call cryptconfig
b) the old image already exist and it should not be rewritten, but reused?

Comment 10 Chris Rivera 2008-10-15 15:38:54 UTC

For A you would just use the make-ehd command like normal.  See cryptconfig make-ehd --help

For B you can use the pm-enable command to setup pam_mount.  This won't actually touch the image, just setup the configuration for it. See cryptconfig pm-enable --help

Comment 11 Jan Engelhardt 2008-10-17 16:35:56 UTC

pam_mount has its own ehd tool, pmt-ehd. (Or mkehd in the older scripts.)

Comment 12 Jan Engelhardt 2009-01-08 00:01:53 UTC

Created attachment 263728 [details]
testcase

Comment 13 Jiří Suchomel 2011-03-09 13:48:40 UTC

OK, I finally got to this one.

The problem is, that in that described scenario, data from pam_mount.xml are lost so YaST actually does not know which images are present and to which user they belong.

And it is also true that during the new installation, img file is not lost, just new (empty) user directory is created.

So I think acceptable solution is to fix this situation on next run of yast2-users (after the installation), when you would select 'use crypted directory' for that user and YaST would retake existing img file by selected user.

Comment 14 Jiří Suchomel 2011-03-10 15:00:55 UTC

Done in yast2-users-2.21.0