useradd command does not copy all of /etc/skel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shadow (Ubuntu) |
Fix Released
|
Undecided
|
Camila Camargo de Matos |
Bug Description
=======
I know the useradd command is discouraged, but I wanted to report the bug to make the maintainers of the package aware.
Recently there was an update of Ubuntu's passwd package which is sourced from shadow from version 4.8.1-1ubuntu5.
When using the useradd command, the /etc/skel directory with contents below, an only copies in one empty folder.
=======
ls -lah /etc/skel
total 60K
drwxrwxrwx 10 root user 4.0K Nov 28 18:33 .
drwxr-xr-x 155 root root 12K Nov 28 19:12 ..
drwxrwxrwx 2 root user 4.0K Nov 28 18:23 .backgrounds
-rwxrwxrwx 1 root user 220 Nov 28 18:23 .bash_logout
-rwxrwxrwx 1 root user 3.7K Nov 28 18:23 .bashrc
drwxrwxrwx 6 root user 4.0K Nov 28 18:23 .config
drwxrwxrwx 3 root user 4.0K Nov 28 18:23 Desktop
drwxrwxrwx 2 root user 4.0K Nov 28 18:30 .fonts_stuff
drwxrwxrwx 2 root user 4.0K Nov 28 18:23 .icons
-rwxrwxrwx 1 root user 765 Nov 28 18:23 .profile
drwxrwxrwx 2 root root 4.0K Nov 28 18:32 testfolderempty
drwxrwxrwx 3 root user 4.0K Nov 28 18:23 .themes
drwxrwxrwx 14 root user 4.0K Nov 28 18:23 WinAte
=======
ls -lah /home/user20
total 12K
drwx------ 3 user20 user 4.0K Nov 28 19:12 .
drwxr-xr-x 18 root root 4.0K Nov 28 19:12 ..
drwx------ 2 user20 user 4.0K Nov 28 19:12 WinAte
ls -lah /home/user20/
total 8.0K
drwx------ 2 user20 user 4.0K Nov 28 19:12 .
drwx------ 3 user20 user 4.0K Nov 28 19:12 ..
=======
I noticed in the strace calls for useradd that the kernel is returning the correct count of directories, but the useradd is clearly not copying all of them. Below is the strace output.
=======
strace useradd -k /etc/skel -g 900 -m -s /bin/bash -p a_password -c User20 user20
execve(
brk(NULL) = 0x5631ba1c2000
arch_prctl(0x3001 /* ARCH_??? */, 0x7fff0e47bab0) = -1 EINVAL (Invalid argument)
access(
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=
mmap(NULL, 98383, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea9b7bf000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
fstat(3, {st_mode=
mmap(NULL, 8192, PROT_READ|
mmap(NULL, 176296, PROT_READ, MAP_PRIVATE|
mprotect(
mmap(0x7fea9b79
mmap(0x7fea9b79
mmap(0x7fea9b7b
mmap(0x7fea9b7b
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
fstat(3, {st_mode=
mmap(NULL, 174600, PROT_READ, MAP_PRIVATE|
mprotect(
mmap(0x7fea9b76
mmap(0x7fea9b78
mmap(0x7fea9b78
mmap(0x7fea9b78
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
fstat(3, {st_mode=
mmap(NULL, 271912, PROT_READ, MAP_PRIVATE|
mmap(0x7fea9b73
mmap(0x7fea9b75
mmap(0x7fea9b76
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
pread64(3, "\6\0\0\
pread64(3, "\4\0\0\
pread64(3, "\4\0\0\
fstat(3, {st_mode=
pread64(3, "\6\0\0\
pread64(3, "\4\0\0\
pread64(3, "\4\0\0\
mmap(NULL, 2037344, PROT_READ, MAP_PRIVATE|
mmap(0x7fea9b55
mmap(0x7fea9b6c
mmap(0x7fea9b71
mmap(0x7fea9b71
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
fstat(3, {st_mode=
mmap(NULL, 28984, PROT_READ, MAP_PRIVATE|
mmap(0x7fea9b52
mmap(0x7fea9b52
mmap(0x7fea9b52
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
fstat(3, {st_mode=
mmap(NULL, 590632, PROT_READ, MAP_PRIVATE|
mmap(0x7fea9b49
mmap(0x7fea9b4f
mmap(0x7fea9b52
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
fstat(3, {st_mode=
mmap(NULL, 8192, PROT_READ|
mmap(NULL, 20752, PROT_READ, MAP_PRIVATE|
mmap(0x7fea9b49
mmap(0x7fea9b49
mmap(0x7fea9b49
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
fstat(3, {st_mode=
mmap(NULL, 722536, PROT_READ, MAP_PRIVATE|
mprotect(
mmap(0x7fea9b3e
mmap(0x7fea9b46
mmap(0x7fea9b48
mmap(0x7fea9b48
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
fstat(3, {st_mode=
mmap(NULL, 76840, PROT_READ, MAP_PRIVATE|
mmap(0x7fea9b3c
mmap(0x7fea9b3d
mmap(0x7fea9b3d
close(3) = 0
openat(AT_FDCWD, "/lib/x86_
read(3, "\177ELF\
pread64(3, "\4\0\0\
fstat(3, {st_mode=
pread64(3, "\4\0\0\
mmap(NULL, 140408, PROT_READ, MAP_PRIVATE|
mmap(0x7fea9b3a
mmap(0x7fea9b3c
mmap(0x7fea9b3c
mmap(0x7fea9b3c
close(3) = 0
mmap(NULL, 8192, PROT_READ|
arch_prctl(
mprotect(
mprotect(
mprotect(
mprotect(
mprotect(
mprotect(
mprotect(
mprotect(
mprotect(
mprotect(
mprotect(
mprotect(
munmap(
set_tid_
set_robust_
rt_sigaction(
rt_sigaction(
rt_sigprocmask(
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=
statfs(
statfs("/selinux", 0x7fff0e47ba00) = -1 ENOENT (No such file or directory)
brk(NULL) = 0x5631ba1c2000
brk(0x5631ba1e3000) = 0x5631ba1e3000
openat(AT_FDCWD, "/proc/
fstat(3, {st_mode=
read(3, "nodev\
read(3, "", 1024) = 0
close(3) = 0
access(
openat(AT_FDCWD, "/usr/lib/
fstat(3, {st_mode=
mmap(NULL, 120914336, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fea94056000
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
openat(AT_FDCWD, "/proc/
read(4, "65536\n", 31) = 6
close(4) = 0
mmap(NULL, 528384, PROT_READ|
openat(AT_FDCWD, "/etc/login.defs", O_RDONLY) = 4
fstat(4, {st_mode=
read(4, "#\n# /etc/login.defs - Configurat"..., 4096) = 4096
read(4, " issuing \n# the \"mesg y\" command"..., 4096) = 4096
read(4, "algorithm compatible with the on"..., 4096) = 2358
read(4, "", 4096) = 0
close(4) = 0
access(
access(
openat(AT_FDCWD, "/etc/default/
fstat(4, {st_mode=
read(4, "# Default values for useradd(8)\n"..., 4096) = 1118
read(4, "", 4096) = 0
close(4) = 0
socket(AF_UNIX, SOCK_STREAM|
connect(4, {sa_family=AF_UNIX, sun_path=
sendto(4, "\2\0\0\
poll([{fd=4, events=
recvmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=
mmap(NULL, 217032, PROT_READ, MAP_SHARED, 5, 0) = 0x7fea93fa0000
close(5) = 0
close(4) = 0
stat("/bin/bash", {st_mode=
access("/bin/bash", X_OK) = 0
access(
access(
socket(AF_UNIX, SOCK_STREAM|
connect(4, {sa_family=AF_UNIX, sun_path=
sendto(4, "\2\0\0\
poll([{fd=4, events=
recvmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=
mmap(NULL, 217032, PROT_READ, MAP_SHARED, 5, 0) = 0x7fea93f6b000
close(5) = 0
close(4) = 0
socket(AF_UNIX, SOCK_STREAM|
connect(4, {sa_family=AF_UNIX, sun_path=
sendto(4, "\2\0\0\
poll([{fd=4, events=
read(4, "\2\0\0\
close(4) = 0
openat(AT_FDCWD, "/etc/.pwd.lock", O_WRONLY|
rt_sigaction(
rt_sigprocmask(
alarm(15) = 0
fcntl(4, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0
alarm(0) = 15
rt_sigprocmask(
rt_sigaction(
getpid() = 49452
openat(AT_FDCWD, "/etc/passwd.
getpid() = 49452
write(5, "49452\0", 6) = 6
close(5) = 0
link("/
stat("/
unlink(
openat(AT_FDCWD, "/etc/passwd", O_RDWR|
fcntl(5, F_GETFL) = 0x28802 (flags O_RDWR|
fcntl(5, F_SETFD, FD_CLOEXEC) = 0
fstat(5, {st_mode=
read(5, "root:x:
read(5, "", 4096) = 0
getpid() = 49452
openat(AT_FDCWD, "/etc/group.49452", O_WRONLY|
getpid() = 49452
write(6, "49452\0", 6) = 6
close(6) = 0
link("/
stat("/
unlink(
openat(AT_FDCWD, "/etc/group", O_RDWR|
fcntl(6, F_GETFL) = 0x28802 (flags O_RDWR|
fcntl(6, F_SETFD, FD_CLOEXEC) = 0
fstat(6, {st_mode=
read(6, "root:x:
read(6, "", 4096) = 0
getpid() = 49452
openat(AT_FDCWD, "/etc/gshadow.
getpid() = 49452
write(7, "49452\0", 6) = 6
close(7) = 0
link("/
stat("/
unlink(
openat(AT_FDCWD, "/etc/gshadow", O_RDWR|
fcntl(7, F_GETFL) = 0x28802 (flags O_RDWR|
fcntl(7, F_SETFD, FD_CLOEXEC) = 0
fstat(7, {st_mode=
read(7, "root:*
read(7, "", 4096) = 0
getpid() = 49452
openat(AT_FDCWD, "/etc/subuid.
getpid() = 49452
write(8, "49452\0", 6) = 6
close(8) = 0
link("/
stat("/
unlink(
openat(AT_FDCWD, "/etc/subuid", O_RDWR|
fcntl(8, F_GETFL) = 0x28802 (flags O_RDWR|
fcntl(8, F_SETFD, FD_CLOEXEC) = 0
fstat(8, {st_mode=
read(8, "ubuntu:
read(8, "", 4096) = 0
getpid() = 49452
openat(AT_FDCWD, "/etc/subgid.
getpid() = 49452
write(9, "49452\0", 6) = 6
close(9) = 0
link("/
stat("/
unlink(
openat(AT_FDCWD, "/etc/subgid", O_RDWR|
fcntl(9, F_GETFL) = 0x28802 (flags O_RDWR|
fcntl(9, F_SETFD, FD_CLOEXEC) = 0
fstat(9, {st_mode=
read(9, "ubuntu:
read(9, "", 4096) = 0
brk(0x5631ba20a000) = 0x5631ba20a000
socket(AF_UNIX, SOCK_STREAM|
connect(10, {sa_family=AF_UNIX, sun_path=
sendto(10, "\2\0\0\
poll([{fd=10, events=
read(10, "\2\0\0\
close(10) = 0
brk(0x5631ba1fb000) = 0x5631ba1fb000
getpid() = 49452
openat(AT_FDCWD, "/etc/shadow.
getpid() = 49452
write(10, "49452\0", 6) = 6
close(10) = 0
link("/
stat("/
unlink(
openat(AT_FDCWD, "/etc/shadow", O_RDWR|
fcntl(10, F_GETFL) = 0x28802 (flags O_RDWR|
fcntl(10, F_SETFD, FD_CLOEXEC) = 0
fstat(10, {st_mode=
read(10, "root:$
read(10, "", 4096) = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
fstat(0, {st_mode=
readlink(
stat("/dev/pts/0", {st_mode=
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 11
fstat(11, {st_mode=
fstat(11, {st_mode=
read(11, "TZif2\
lseek(11, -1810, SEEK_CUR) = 1042
read(11, "TZif2\
close(11) = 0
getpid() = 49452
socket(AF_UNIX, SOCK_DGRAM|
connect(11, {sa_family=AF_UNIX, sun_path=
sendto(11, "<86>Nov 28 19:12:15 useradd[4945"..., 129, MSG_NOSIGNAL, NULL, 0) = 129
access(
access(
openat(AT_FDCWD, "/var/log/lastlog", O_RDWR) = 12
lseek(12, 295796, SEEK_SET) = 295796
write(12, "\0\0\0\
fsync(12) = 0
close(12) = 0
readlink(
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
fstat(0, {st_mode=
readlink(
stat("/dev/pts/0", {st_mode=
lstat("/dev/pts/0", {st_mode=
uname({
sendto(3, {{len=124, type=0x45a /* NLMSG_??? */, flags=NLM_
poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, {{len=36, type=NLMSG_ERROR, flags=NLM_F_CAPPED, seq=1, pid=49452}, {error=0, msg={len=124, type=0x45a /* AUDIT_??? */, flags=NLM_
recvfrom(3, {{len=36, type=NLMSG_ERROR, flags=NLM_F_CAPPED, seq=1, pid=49452}, {error=0, msg={len=124, type=0x45a /* AUDIT_??? */, flags=NLM_
access(
access("/home", F_OK) = 0
access(
mkdir("
chown("
chmod("
chown("
clone(child_
wait4(49453, [{WIFEXITED(s) && WEXITSTATUS(s) == 42}], 0, NULL) = 49453
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49453, si_uid=0, si_status=42, si_utime=0, si_stime=0} ---
chown("
chmod("
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
fstat(0, {st_mode=
readlink(
stat("/dev/pts/0", {st_mode=
lstat("/dev/pts/0", {st_mode=
sendto(3, {{len=136, type=0x45a /* AUDIT_??? */, flags=NLM_
poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, {{len=36, type=NLMSG_ERROR, flags=NLM_F_CAPPED, seq=2, pid=49452}, {error=0, msg={len=136, type=0x45a /* AUDIT_??? */, flags=NLM_
recvfrom(3, {{len=36, type=NLMSG_ERROR, flags=NLM_F_CAPPED, seq=2, pid=49452}, {error=0, msg={len=136, type=0x45a /* AUDIT_??? */, flags=NLM_
openat(AT_FDCWD, "/etc/skel", O_RDONLY|
openat(AT_FDCWD, "/home/user20", O_RDONLY|
fstat(12, {st_mode=
fcntl(12, F_GETFL) = 0x38000 (flags O_RDONLY|
fcntl(12, F_SETFD, FD_CLOEXEC) = 0
getdents64(12, /* 13 entries */, 32768) = 408
newfstatat(12, "WinAte", {st_mode=
mkdirat(13, "WinAte", 0700) = 0
fchownat(13, "WinAte", 1013, 900, AT_SYMLINK_
close(12) = 0
close(13) = 0
fstat(5, {st_mode=
fstat(5, {st_mode=
umask(0777) = 077
openat(AT_FDCWD, "/etc/passwd-", O_WRONLY|
umask(077) = 0777
fchown(12, 0, 0) = 0
fchmod(12, 0644) = 0
lseek(5, 0, SEEK_SET) = 0
read(5, "root:x:
fstat(12, {st_mode=
read(5, "", 4096) = 0
write(12, "root:x:
fsync(12) = 0
close(12) = 0
utime("
close(5) = 0
umask(0777) = 077
openat(AT_FDCWD, "/etc/passwd+", O_WRONLY|
umask(077) = 0777
fchown(5, 0, 0) = 0
fchmod(5, 0644) = 0
fstat(5, {st_mode=
write(5, "root:x:
fsync(5) = 0
close(5) = 0
lstat("
rename(
fstat(10, {st_mode=
fstat(10, {st_mode=
umask(0777) = 077
openat(AT_FDCWD, "/etc/shadow-", O_WRONLY|
umask(077) = 0777
fchown(5, 0, 42) = 0
fchmod(5, 0640) = 0
lseek(10, 0, SEEK_SET) = 0
read(10, "root:$
fstat(5, {st_mode=
read(10, "", 4096) = 0
write(5, "root:$
fsync(5) = 0
close(5) = 0
utime("
close(10) = 0
umask(0777) = 077
openat(AT_FDCWD, "/etc/shadow+", O_WRONLY|
umask(077) = 0777
fchown(5, 0, 42) = 0
fchmod(5, 0640) = 0
fstat(5, {st_mode=
write(5, "root:$
fsync(5) = 0
close(5) = 0
lstat("
rename(
fstat(8, {st_mode=
fstat(8, {st_mode=
umask(0777) = 077
openat(AT_FDCWD, "/etc/subuid-", O_WRONLY|
umask(077) = 0777
fchown(5, 0, 0) = 0
fchmod(5, 0644) = 0
lseek(8, 0, SEEK_SET) = 0
read(8, "ubuntu:
fstat(5, {st_mode=
read(8, "", 4096) = 0
write(5, "ubuntu:
fsync(5) = 0
close(5) = 0
utime("
close(8) = 0
umask(0777) = 077
openat(AT_FDCWD, "/etc/subuid+", O_WRONLY|
umask(077) = 0777
fchown(5, 0, 0) = 0
fchmod(5, 0644) = 0
fstat(5, {st_mode=
write(5, "ubuntu:
fsync(5) = 0
close(5) = 0
lstat("
rename(
fstat(9, {st_mode=
fstat(9, {st_mode=
umask(0777) = 077
openat(AT_FDCWD, "/etc/subgid-", O_WRONLY|
umask(077) = 0777
fchown(5, 0, 0) = 0
fchmod(5, 0644) = 0
lseek(9, 0, SEEK_SET) = 0
read(9, "ubuntu:
fstat(5, {st_mode=
read(9, "", 4096) = 0
write(5, "ubuntu:
fsync(5) = 0
close(5) = 0
utime("
close(9) = 0
umask(0777) = 077
openat(AT_FDCWD, "/etc/subgid+", O_WRONLY|
umask(077) = 0777
fchown(5, 0, 0) = 0
fchmod(5, 0644) = 0
fstat(5, {st_mode=
write(5, "ubuntu:
fsync(5) = 0
close(5) = 0
lstat("
rename(
unlink(
unlink(
close(6) = 0
unlink(
close(7) = 0
unlink(
unlink(
unlink(
clone(child_
wait4(49454, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 49454
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49454, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_
wait4(49455, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 49455
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49455, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_
wait4(49456, [{WIFEXITED(s) && WEXITSTATUS(s) == 127}], 0, NULL) = 49456
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49456, si_uid=0, si_status=127, si_utime=0, si_stime=0} ---
close(4) = 0
socket(AF_UNIX, SOCK_STREAM|
connect(4, {sa_family=AF_UNIX, sun_path=
sendto(4, "\2\0\0\
poll([{fd=4, events=
read(4, "\2\0\0\
read(4, "user20\
close(4) = 0
access(
clone(child_
wait4(49457, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 49457
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49457, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_
wait4(49458, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 49458
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49458, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_
wait4(49459, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 49459
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49459, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_
wait4(49460, [{WIFEXITED(s) && WEXITSTATUS(s) == 127}], 0, NULL) = 49460
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49460, si_uid=0, si_status=127, si_utime=0, si_stime=0} ---
exit_group(0) = ?
+++ exited with 0 +++
CVE References
description: | updated |
Changed in shadow (Ubuntu): | |
status: | New → Confirmed |
Changed in shadow (Ubuntu): | |
status: | Fix Released → In Progress |
Initial analysis seems to indicate that this is happening due to a patch added in the last update which is related to this commit:
https:/ /github. com/shadow- maint/shadow/ commit/ f3bdb28e57e5e38 c1e89347976c7d6 1a181eec32
Checking the manual for fchmodat in focal, it is possible to see the following:
AT_SYMLINK_NOFOLLOW
If pathname is a symbolic link, do not dereference it: instead operate on the link itself. This flag is not currently implemented.
The flags seems to not be currently implemented.
No further changes to the code have been made by upstream.
More investigation will be made and the last update will possibly be reverted.