Project

General

Profile

Actions

Bug #3332

closed

Failure when installing world in 6.2

Added by tuxillo over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Build
Target version:
Start date:
11/15/2022
Due date:
% Done:

100%

Estimated time:

Description

As reported by Geovani B.R. via email, there seems to be a problem when installing world in 6.2:

--------------------------------------------------------------
>>> complete building rescue and initrd
--------------------------------------------------------------
--- _bwdone ---
--------------------------------------------------------------
>>> buildworld target complete
--------------------------------------------------------------
sh /usr/src/etc/../tools/pw-update.sh  -d /etc  -g /usr/src/etc/group  -p /usr/src/etc/master.passwd
===> Adding new users ...
  * toor: 0, 0, Bourne-again Superuser, /root,  
pw: uid `0' has already been allocated
*** [preinstall] Error code 65
make[3]: stopped in /usr/src/etc
1 error
make[3]: stopped in /usr/src/etc
*** [preinstall] Error code 2
make[2]: stopped in /usr/src
1 error
make[2]: stopped in /usr/src

Need to find out how this can be reproduced.

Actions #1

Updated by daftaupe over 1 year ago

On the PR he opened he mentionned that he removed the user toor (didn't say if it was on his system or in the master.passwd file though, but I guess on his currently running system).
Looks like it's because both users root and toor are given the uid 0 and the script pw-update.sh is trying to add the missing user toor, that case is probably never triggered in any of our usecases, even at iso time creation.

Actions #2

Updated by tuxillo about 1 year ago

  • Status changed from New to In Progress
  • Target version changed from 6.2 to 6.4

It's going to be the same in 6.4, so moving it there.

Actions #3

Updated by daftaupe about 1 year ago

Re-reading this whole thing, I don't really understand the role of that user called toor. Is there any use for it ? It has no shell associated actually.

Running grep through our codebase returns :

/usr/src % grep -r "toor" *
etc/periodic/security/300.chkuid0:    sed -e '/^root 0$/d' -e '/^toor 0$/d' |
etc/master.passwd:toor:*:0:0::0:0:Bourne-again Superuser:/root:
etc/mail/aliases:toor:    root
etc/ftpusers:toor
lib/libc/gen/pwcache.c:    if (strcmp(name, "toor") == 0) {
[some non-interesting junk being returned]

I guess if one doesn't want it, he might just delete it and building stuff should still work.

I'll try to build/install world once that user is deleted, let's see how that goes.

Actions #4

Updated by liweitianux about 1 year ago

daftaupe wrote in #note-3:

Re-reading this whole thing, I don't really understand the role of that user called toor. Is there any use for it ? It has no shell associated actually.

As described in the passwd(5) manpage, the shell is assumed to be /bin/sh if there is nothing in the shell field...

I once read somewhere; the toor user was there as another root but uses Bourne shell instead of csh as root uses. So it allows one to login as root (uid=0, so root privilege) and use the Bourne shell, for example, csh is broken or he/she just don't like csh.

I believe this is some really legacy use case, and I don't know whether anyone really uses this mechanism ;)

Cheers,
Aaron

Actions #5

Updated by tuxillo about 1 year ago

Be it as it may, not sure if removing 'toor' should cause the build to fail.

Actions #6

Updated by geobarrod about 1 year ago

the compilation of the code itself does not fail, the failure occurs when the script '/usr/src/etc/../tools/pw-update.sh' is executed and it does not find the account 'toor', that produces a false positive that can disappoint the inexperienced user. It would be possible to modify said script so that it doesn't throw the error if it doesn't find the 'toor' account because it was removed.

Actions #7

Updated by geobarrod about 1 year ago

ERRATA: when the '/usr/src/etc/../tools/pw-update.sh' script doesn't find the 'toor' account, it tries to add it and throws the error because a user with uid '0' (root) already exists, so the 'pw' command detects that the uid '0' has already been allocated and therefore the creation of the 'toor' account fails. I reiterate, the simple solution is to modify the '/usr/src/etc/../tools/pw-update.sh' script or modify the 'pw' command to allow the creation of another account with uid '0'

Actions #8

Updated by aswell about 1 year ago

geobarrod wrote in #note-7:
I reiterate, the simple solution is to modify the '/usr/src/etc/../tools/pw-update.sh' script or modify the 'pw' command to allow the creation of another account with uid '0'

Don't mind me, just passing by and wanted to ask...

Allowing multiple users with uid0 seems like it could be a security risk if used improperly, or at least could potentially cause other unforeseen problems down the road. Matt might be able to clarify the historical reason the 'toor' user exists, and the potential impact if removed.

Curious, isn't the simplest solution to not remove a user that the operating system installs by default?

Actions #9

Updated by geobarrod about 1 year ago

I detected the bug and reported it to @tuxillo via email when I delete that second and strange (for me) account with 'uid 0' called 'toor', for the simple reason that I don't like having several accounts with root privileges . I said about modifying the 'pw' command because at the end, by default, there is another account created with 'uid 0' that doesn't make sense to me; I hope to read from some DragonFlyBSD or FreeBSD developer explain the history, practical and/or logical use of the 'toor' account some day.

Back on topic, the error at the end of the 'build-world' successful compilation is there, and of course, I prefer it to be fixed the way the 'pw-update.sh' script takes that final step, which returns an error that scares the inexperienced user and I suppose baffles the experienced user.

Actions #10

Updated by liweitianux about 1 year ago

I'll find time to fix this issue this weekend. For this moment, I think the only sensible solution is to recreate the toor account so the installation could finish.

However, this is not ideal, because the user deliberately deleted the toor user, but the installation/upgrade brings it back...

Cheers,
Aaron

Actions #11

Updated by liweitianux about 1 year ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

Should now be fixed on both master branch (commits 54af8c6b6873d44df166966f7454bb4cf53fbaac and b98c391838b0afbce2ea5898519c10c39f8fcaa2) and 6.4 branch.

Please test. Thanks.

Aaron

Actions

Also available in: Atom PDF