Skip to content

Commit

Permalink
Make an entry in /etc/group when we modify /etc/passwd
Browse files Browse the repository at this point in the history
To ensure that the user running in the container ahs a valid
entry in /etc/passwd so lookup functions for the current user
will not error, Podman previously began adding entries to the
passwd file. We did not, however, add entries to the group file,
and this created problems - our passwd entries included the group
the user is in, but said group might not exist. The solution is
to mirror our logic for /etc/passwd modifications to also edit
/etc/group in the container.

Unfortunately, this is not a catch-all solution. Our logic here
is only advanced enough to *add* to the group file - so if the
group already exists but we add a user not a part of it, we will
not modify that existing entry, and things remain inconsistent.
We can look into adding this later if we absolutely need to, but
it would involve adding significant complexity to this already
massively complicated function.

While we're here, address an edge case where Podman could add a
user or group whose UID overlapped with an existing user or
group.

Also, let's make users able to log into users we added. Instead
of generating user entries with an 'x' in the password field,
indicating they have an entry in /etc/shadow, generate a '*'
indicating the user has no password but can be logged into by
other means e.g. ssh key, su.

Fixes containers#7503
Fixes containers#7389
Fixes containers#7499

Signed-off-by: Matthew Heon <[email protected]>
  • Loading branch information
mheon committed Sep 10, 2020
1 parent 1184cdf commit f57c39f
Show file tree
Hide file tree
Showing 3 changed files with 426 additions and 79 deletions.
Loading

0 comments on commit f57c39f

Please sign in to comment.