[Bug 1858692] [NEW] ceph-common postinst does not check for ceph user existing externally

Tue, 07 Jan 2020 12:59:43 -0800 

Public bug reported:

If the $SERVER_USER name exists in LDAP outside the server the user will
not exist in /etc/passwd. This will cause the postinst script to attempt
to create the user, which will fail. This user creation/modification
failure then causes the configuration operation to be marked as failed
and prevent the package from completing installation.

Current workaround is to define $SERVER_USER in /etc/default/ceph or
otherwise export a custom value for this into the environment, so that
the postinst script uses a username that does not exist in LDAP, and can
be created within the local system. Ideally there would be a more robust
check for the existence of the $SERVER_USER perhaps using the 'id'
command.

Snippets from /var/lib/dpkg/info/ceph-common.postinst

---
[ -f "/etc/default/ceph" ] && . /etc/default/ceph

[ -z "$SERVER_HOME" ] && SERVER_HOME=/var/lib/ceph
[ -z "$SERVER_USER" ] && SERVER_USER=ceph
[ -z "$SERVER_NAME" ] && SERVER_NAME="Ceph storage service"
[ -z "$SERVER_GROUP" ] && SERVER_GROUP=ceph
[ -z "$SERVER_UID" ] && SERVER_UID=64045  # alloc by Debian base-passwd 
maintainer
[ -z "$SERVER_GID" ] && SERVER_GID=$SERVER_UID
---

---
case "$1" in
    configure)
       # create user to avoid running server as root
       # 1. create group if not existing
       if ! getent group | grep -q "^$SERVER_GROUP:" ; then
          addgroup --quiet --system --gid $SERVER_GID \
              $SERVER_GROUP 2>/dev/null ||true
       fi
       # 2. create user if not existing
       if ! getent passwd | grep -q "^$SERVER_USER:"; then
         adduser --quiet \
                 --system \
                 --no-create-home \
                 --disabled-password \
                 --uid $SERVER_UID \
                 --gid $SERVER_GID \
                 $SERVER_USER 2>/dev/null || true
       fi
       # 3. adjust passwd entry
       usermod -c "$SERVER_NAME" \
               -d $SERVER_HOME   \
               -g $SERVER_GROUP  \
               $SERVER_USER 2>/dev/null
---

** Affects: ceph (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1858692

Title:
  ceph-common postinst does not check for ceph user existing externally

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1858692/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to