userutils issueshttps://gitlab.redox-os.org/redox-os/userutils/-/issues2023-11-26T11:16:39Zhttps://gitlab.redox-os.org/redox-os/userutils/-/issues/38Unexpected error when deleting user2023-11-26T11:16:39ZCuriouscurious@curious.hostUnexpected error when deleting userAs shown in the screenshot, `userdel -r` can't delete the homedir which is not empty, hence the user delete will fail.
And we can't create a user with same name of the deleted one, because the group is not deleted together.
![image.png...As shown in the screenshot, `userdel -r` can't delete the homedir which is not empty, hence the user delete will fail.
And we can't create a user with same name of the deleted one, because the group is not deleted together.
![image.png](/uploads/83629d44f367fc986b6fb4be49856791/image.png)https://gitlab.redox-os.org/redox-os/userutils/-/issues/37Move AllGroupsExt into redox_users and Prevent Unintended Behavior2021-01-01T01:34:45ZSamwiseFilmoremggmugginsmc@gmail.comMove AllGroupsExt into redox_users and Prevent Unintended BehaviorI think the functionality that's provided by `AllGroupsExt` is valuable enough that it could possibly be used by other users of redox_users. It should probably be moved out of this crate and into that one.
@omac777 Brought up a couple o...I think the functionality that's provided by `AllGroupsExt` is valuable enough that it could possibly be used by other users of redox_users. It should probably be moved out of this crate and into that one.
@omac777 Brought up a couple of good points:
> - for atomicity's sake, all groups should exist before you add the user to the existing groups
> - ensure when adding user to a group, the user should not [be in the group] beforehand. [If] the user already exists, return an error condition useralreadyexists of some sort and recover gracefully continuing to add the user to other groups.
>
> There's a chance without doing the above that you will be adding the user to some groups, but the non-existing group will fail the operation and the user might not get added to the remaining existing groups.
>
> There's a chance that you might double-add a user to a group the way things are read.
For all the situations in this crate, error conditions are always fatal. However, if/when these functions get moved, they should be improved in these ways to prevent these situations from happening, since one of these returning an error condition doesn't necessarily prevent a `save` being called.SamwiseFilmoremggmugginsmc@gmail.comSamwiseFilmoremggmugginsmc@gmail.comhttps://gitlab.redox-os.org/redox-os/userutils/-/issues/36Backspaces handled incorrectly in the login password prompt2018-10-29T14:34:44ZNagy Tiborxnagytibor@gmail.comBackspaces handled incorrectly in the login password promptPressing backspace in the login password prompt only seems to remove the last byte of the password, not the last typed UTF-8 character. When that character is a multi-byte UTF-8 character this could result in a `incomplete utf-8 byte seq...Pressing backspace in the login password prompt only seems to remove the last byte of the password, not the last typed UTF-8 character. When that character is a multi-byte UTF-8 character this could result in a `incomplete utf-8 byte sequence from index 0` error.
**Reproduction:**
`redox login:` <kbd>r</kbd> <kbd>o</kbd> <kbd>o</kbd> <kbd>t</kbd> <kbd>Enter</kbd>
`password:` <kbd>[ű](http://unicode.org/cldr/utility/character.jsp?a=0171)</kbd> <kbd>Backspace</kbd> <kbd>Enter</kbd>
I could only reproducible it from an external terminal (Konsole).https://gitlab.redox-os.org/redox-os/userutils/-/issues/35Input validation in useradd2021-11-02T17:15:06ZJeremy SollerInput validation in useradd*Created by: xTibor*
`usedadd` doesn't seem to validate its input arguments. Usernames containing newlines and semicolons can corrupt the `group` and `passwd` files.
**Example:**
```
user:~# sudo useradd "aaa
bbb
ccc"
``...*Created by: xTibor*
`usedadd` doesn't seem to validate its input arguments. Usernames containing newlines and semicolons can corrupt the `group` and `passwd` files.
**Example:**
```
user:~# sudo useradd "aaa
bbb
ccc"
```
```
user:~# cat /etc/group
root;0;root
user;1000;user
sudo;1;user
aaa
bbb
ccc;1001;aaa
bbb
ccc
```
```
user:~# cat /etc/passwd
root;$argon2i$m=4096,t=10,p=1$Tnc4UVV0N00$ML9LIOujd3nmAfkAwEcSTMPqakWUF0OUiLWrIy0nGLk;0;0;root;file:/root;file:/bin/ion
user;;1000;1000;user;file:/home/user;file:/bin/ion
aaa
bbb
ccc;!;1001;1001;aaa
bbb
ccc;/;file:/bin/ion
```https://gitlab.redox-os.org/redox-os/userutils/-/issues/34User enumeration at login2018-06-13T19:39:51ZJeremy SollerUser enumeration at login*Created by: xTibor*
The `login` program is vulnerable to user enumeration. It only asks for a password and does a timeout when the specified user account exists, thus allowing malicious actors to brute force the possible users at a rat...*Created by: xTibor*
The `login` program is vulnerable to user enumeration. It only asks for a password and does a timeout when the specified user account exists, thus allowing malicious actors to brute force the possible users at a rate of hundreds of usernames per second. (when login asks for a password = valid user on the system).
**Demo:**
https://www.youtube.com/watch?v=7XfipgWmpxM
**Possible fix:**
Ask for a password and do a timeout even the specified user doesn't exist.https://gitlab.redox-os.org/redox-os/userutils/-/issues/31Sudo2023-10-08T10:19:23ZSamwiseFilmoremggmugginsmc@gmail.comSudoA few things I thought I should document in an issue:
~~Wondering if I should remove arg parsing from `login` completely, since there is only `--help`, and it only prints the man page right now. Would simplify that significantly.~~
I'm...A few things I thought I should document in an issue:
~~Wondering if I should remove arg parsing from `login` completely, since there is only `--help`, and it only prints the man page right now. Would simplify that significantly.~~
I'm also thinking about dropping `sudo` from this crate, for a few reasons:
- `sudo` is a bigger program than many think, and implementing sudo correctly takes a lot of effort. You need to have the configuration file, and some command line options, probably sudoedit, etc.
- For packaging reasons: many os's package sudo separately from other utilities or coreutils.
rudo might be an alternative, although it's PAM based so we'd either need to impl PAM for redox or port PAM, neither of which I'd be thrilled about doing, or building a different backend into rudo for redox_users. @shawnanastasio I guess I should mention you on this one since rudo is your program...https://gitlab.redox-os.org/redox-os/userutils/-/issues/29Use clap-rs Instead of ArgParser2018-06-15T22:19:28ZSamwiseFilmoremggmugginsmc@gmail.comUse clap-rs Instead of ArgParserSeems to me that there isn't a good reason that these utils don't use clap-rs. It would make them significantly more robust, and make them easier to implement and maintain. If there are any good reasons, please let me know. I'm willing t...Seems to me that there isn't a good reason that these utils don't use clap-rs. It would make them significantly more robust, and make them easier to implement and maintain. If there are any good reasons, please let me know. I'm willing to port things if we decide that it would be a good idea to use clap.
I realize that somebody put a lot of effort into writing the ArgParser crate, but it seems like the less code we have to maintain ourselves the better.https://gitlab.redox-os.org/redox-os/userutils/-/issues/26Useradd Issues:2018-06-15T22:19:28ZSamwiseFilmoremggmugginsmc@gmail.comUseradd Issues:- [x] When running useradd as not root, the program should return an error about not having sufficient permissions to save the user infos, not about not being able to create the home dir. This should be a simple fix of moving the sys_use...- [x] When running useradd as not root, the program should return an error about not having sufficient permissions to save the user infos, not about not being able to create the home dir. This should be a simple fix of moving the sys_users and sys_groups `save` calls up a few lines.
- [x] In a similar vein, home directories are created with incorrect permissions.
- [x] As per the [FreeBSD man page](https://www.freebsd.org/cgi/man.cgi?query=useradd&apropos=0&sektion=0&manpath=Red+Hat+Linux%2Fi386+9&format=html)(and linux, as it happens, but these tools are based on BSD), useradd disables the password instead of leaving it blank, like the current implementation. This is more of a todo for when I implement disabled passwords.https://gitlab.redox-os.org/redox-os/userutils/-/issues/24Whoami would better serve as some kind of link or redirect.2018-06-15T22:19:28ZJeremy SollerWhoami would better serve as some kind of link or redirect.*Created by: nobubby*
The id command contains the entire scope of functionality of the whoami command, so it contributes nothing functionally. If you're looking to force backwards compatibility with scripts that try to use it, then in r...*Created by: nobubby*
The id command contains the entire scope of functionality of the whoami command, so it contributes nothing functionally. If you're looking to force backwards compatibility with scripts that try to use it, then in redox it should just be a light wrapper to the id executable. It doesn't really need to exist.https://gitlab.redox-os.org/redox-os/userutils/-/issues/18Compile issues with Cargo and getty2018-06-13T19:39:51ZSamwiseFilmoremggmugginsmc@gmail.comCompile issues with Cargo and gettyI get a lot of mismatched type errors with `getty` when I compile the repo with `cargo build`. When userutils is built as a part of cookbook, then it builds and deploys fine. All the errors are either "expected usize, found i32" or "expe...I get a lot of mismatched type errors with `getty` when I compile the repo with `cargo build`. When userutils is built as a part of cookbook, then it builds and deploys fine. All the errors are either "expected usize, found i32" or "expected i32, found usize". Any thoughts/ideas?https://gitlab.redox-os.org/redox-os/userutils/-/issues/16Useradd?2018-06-15T22:19:28ZSamwiseFilmoremggmugginsmc@gmail.comUseradd?Is there a useradd command? I'm probably not looking in the right place, but it seems like a fairly important base functionality.Is there a useradd command? I'm probably not looking in the right place, but it seems like a fairly important base functionality.https://gitlab.redox-os.org/redox-os/userutils/-/issues/5Login panics on Ctrl+C and Ctrl+D2018-06-15T22:19:28ZJeremy SollerLogin panics on Ctrl+C and Ctrl+D*Created by: xTibor*
Pressing Ctrl+C or Ctrl+D at the Redox login prompt results in a panic. It was a bit hard to notice because the error messages are cleared immediately and the login process is restarted by the `getty` daemon.
**P...*Created by: xTibor*
Pressing Ctrl+C or Ctrl+D at the Redox login prompt results in a panic. It was a bit hard to notice because the error messages are cleared immediately and the login process is restarted by the `getty` daemon.
**Panic messages:**
```
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Error { repr: Custom { kind: Interrupted, error: StringError("ctrl+c") }) }', /home/user/git/redox/rust/src/libcore/result.rs:860
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Error { repr: Custom { kind: UnexpectedEof, error: StringError("ctrl+d") }) }', /home/user/git/redox/rust/src/libcore/result.rs:860
```https://gitlab.redox-os.org/redox-os/userutils/-/issues/1Sudo doesn't require password2018-06-15T22:19:28ZJeremy SollerSudo doesn't require password*Created by: bjorn3*
*Created by: bjorn3*