Bug#1030253: gnome-control-center: Creating a user via "gnome-control-center user-accounts" results in a user with shell set to nologin

Simon McVittie smcv at debian.org
Wed Feb 1 19:53:32 GMT 2023 

Control: reassign -1 accountsservice 22.08.8-1
Control: severity -1 important

(Quoting full text for Cc'd packages' maintainers)

On Wed, 01 Feb 2023 at 19:09:07 +0200, Timo Lindfors wrote:
> Steps to reproduce:
> 1) Run "gnome-control-center user-accounts"
> 2) Click "Unlock..."
> 3) Enter root password
> 4) Click "Add User..."
> 5) Enter "demo2" as Name and Username and click "Add".
> 6) Select "Switch User..." from gnome power menu
> 7) Login as "demo2"
> 8) Enter new password when prompted
> 9) Start a browser
> 10) Start a terminal
> 
> Expected results:
> 9) Browser starts
> 10) Terminal starts
> 
> Actual results:
> 9) Browser starts
> 10) Terminal starts but immediately closes
> 
> More info:
> 
> This issue does not occur in Debian 11 so it is a
> regression. /etc/passwd contains the following line:
> 
> demo2:x:1002:1002:demo2,,,:/home/demo2:/usr/sbin/nologin
> 
> It seems that gnome-control-center calls accounts-daemon over dbus to
> create the user. It does not specify the shell in the dbus
> call. accounts-daemon eventually ends up calling
> 
> adduser --quiet --disabled-login --gecos demo2 demo2
> 
> It seems that the behavior of adduser has changed. In Debian 11 this
> creates a user with a shell but in adduser 3.130 it creates a user
> with shell set to nologin.
> 
> Please reassign if you believe this issue should be assigned to
> accounts-daemon or adduser.

I'm pretty sure this is not a gnome-control-center bug: creating a
user via accounts-daemon's D-Bus API should have sufficiently sensible
defaults that this doesn't happen (and gnome-control-center doesn't have
UI for the equivalent of chsh, so it shouldn't be second-guessing what
the default shell is).

I believe the adduser behaviour change is intentional, in
<https://salsa.debian.org/debian/adduser/-/commit/427ade7d9116af5af7baa9d0c538e14fa86560cf>,
which would point to this being an accountsservice (accounts-daemon) bug:
it needs updating to work correctly with the adduser behaviour change.

If I understand correctly, what gnome-control-center wants to do is
to create a user with an invalid password (unable to log in), and then
as a separate D-Bus transaction, do something to its password: either
change the password, or put it into a state where the user can log in
unauthenticated and will be prompted for a new password.

Probably it should now be using --disabled-password instead of
--disabled-login to get that effect? adduser maintainers: is my guess
correct?

For now I'm only escalating this to important, but I think it probably
deserves to be RC for accountsservice.

    smcv

More information about the pkg-gnome-maintainers mailing list