Tuesday June 14, 2005
Fixed 9 year old bug in usermod(1m). usermod: ERROR: username is in use. Cannot change it (for 9 years!)
I thought some people might find this small bug fix interesting now that OpenSolaris is open for business to all. It is in those class of things that really only get fixed because it anoys an engineer so much one day that they fix it. The problem with is one was this had been the behaviour since day one (SunOS 5.0) and the bug (1236941) was logged on 1996-02-02 and marked as an RFE. It had be evaulated in 1998-03-18 and marked as fix understood. Being an RFE and in a not very critical part of the code it just never got fixed.
I recently (2005-04-29) fixed it as a BUG, which is what it really was. The introduction of RBAC in Solaris 8 really pushed this from being midly anoying to a blatent bug, it mean I couldn't make root a role without editing /etc/user_attr directly. More importantly it meant I couldn't add profiles or authorisations to a role to give a user more access while they were logged in.
I fixed this because it was anoying users of my (currently internal but soon to appear externally) netprof package. In the postinstall of my package I ask for the username of the laptop primary user and attempt to use usermod(1M) to add the RBAC 'Network Administrator' profile to that account.
If the user was logged in and had su'd to root to add the package or had used pfexec pkgadd (with the Software Installation profile) and users couldn't use netprof out of the box. This resulting in so many emails over a period of a few months that I decided to fix usermod.
I actually did the fix on my laptop while in Tokyo giving the Solaris 10 TPT training. This is a nice simple case that shows how valuable the partial bringover feature of teamware can be sometimes all I needed in the workspace was $SRC/cmd/oamuser.
There are still some cases were we don't allow a change if the user is logged in. The following comment in usermod.c explains those cases:
/*
* We can't modify a logged in user if any of the following
* are being changed:
* uid (-u & -o), group (-g), home dir (-m), loginname (-l).
* If none of those are specified it is okay to go ahead
* some types of changes only take effect on next login, some
* like authorisations and profiles take effect instantly.
* One might think that -K type=role should require that the
* user not be logged in, however this would make it very
* difficult to make the root account a role using this command.
*/
The fix was really quite simple, it was really just making sure that we only
call isbusy()
when we were doing something that has critical impact the the account, for example
chaning its uid/gid or loginname. I'm now wondering if changing the home
dir should have been allowed, but for most people this is usually /home/
I need to check that smuser(1M) and smc(1M) don't have the same
problem. Those tools aren't yet in opensolaris.org since they aren't
in the ON consolidation but I expect they will arrive when the
ADMIN consolidation arrives in opensolaris.org.
Technorati Tag: OpenSolaris
Technorati Tag: Solaris
This is a personal weblog, I do not speak for my employer.
