Development

Wiki Start
Wishlist
Timeline
Roadmap
Browse Source
New Ticket
View Tickets

Ticket #1229 (new defect)

Opened 2 weeks ago

Last modified 2 hours ago

On domain creation groupadd / useradd fails when pre-existent accounts are found leaving the domain in error state

Reported by: ispcomm Assigned to:
Priority: major Milestone: ispCP ω 1.0.0
Component: Backend (Engine) Version: ispCP ω 1.0.0 - RC4
Severity: Hard Keywords:
Cc:

Description

When the system on which ispcp in installed has accounts over uid/gid 2000, the addition of new domains can fail with the following error:

sys_command() | ERROR: External command '/usr/sbin/groupadd -g 2002 vu2002' returned '4' status !

This happens because ispcp does not check if the "new" numeric account is already present in the system.

It's very easy to reproduce this error:

1. Add a new user (unrelated to ispcp) to an ispcp system. The new account will get uid of the higher uid on the system+1 (and will be in the 2000+range).

2. Add a new domain: ispcp fails because the next uid for omega is last+1, which conflicts with the account created in (1).

Solution: (easy): Before determining the new numeric UID/GID for a new domain, make sure it does not exist on the system. If the account exists, then simply iterate (+1, +2, 3+, etc) until a free account is found.

Complain only when all possible accounts from a system are exausted (i.e. when 65535 fails).

This problem will make ispcp break on any system where a new account is created for any reason (!!!).

The problem was diagnosed on a debian system in r1135

ispcomm.

Attachments

Change History

05/15/2008 06:53:13 PM changed by kbnotxm

CFxYMN <a href="http://mnofefgzngbt.com/">mnofefgzngbt</a>, [url=http://lwssbegmttty.com/]lwssbegmttty[/url], [link=http://xocobydqjvqo.com/]xocobydqjvqo[/link], http://qobmqlynwndp.com/

05/15/2008 08:09:12 PM changed by kilburn

Your explanation is incorrect although I agree with you regarding the check of free uid/gid before actually trying to create it, so I'm not going to close this ticket.

On a Debian system, man adduser says: 

... adduser will choose the first available UID from the range specified for normal users in the configuration file. ...

And the /etc/adduser.conf reads: 

# FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of dynamically
# allocated user accounts/groups.
FIRST_UID=1000
LAST_UID=29999

Proof: 

v2:/var/www/ispcp/gui/tools/filemanager# adduser foo
Adding user `foo' ...
Adding new group `foo' (1000) ...
Adding new user `foo' (1001) with group `foo' ...
Creating home directory `/home/foo' ...
Copying files from `/etc/skel' ...

So, on default settings you must add 1000 users to actually spot the bug this way, but there are others ;)

05/16/2008 11:09:10 AM changed by rats

It's already on my ToDo?, but after release, because I've to rewrite the setup.

Add/Change #1229 (On domain creation groupadd / useradd fails when pre-existent accounts are found leaving the domain in error state)