[Pkg-shadow-devel] Bug#531955: Bug#531955: Bug#531955: useradd creates local-only users on nis server

[Mark Brown]

On Sat, Jun 06, 2009 at 12:02:55AM +0200, nicolas.francois at centraliens.net wrote:

> On Fri, Jun 05, 2009 at 10:54:47AM +0200, harald.dunkel at aixigo.de wrote:
> > 
> > The new user "john" is added _before_ the first NIS compat entry,
> > instead of being appended to passwd. /var/yp/Makefile ignores
> > anything before the compat entries, i.e. John got a local account
> > on our NIS server only. This is not useful.

> I don't have any clue about NIS.
> I'm CC'ing the NIS maintainers as I'm not even able to find out if useradd

You might want to use CC rather than BCC for that...

> does not behave correctly or if the tool is not used correctly.

> Did it used to work previously (with which version)?
> Does adduser behave correctly regarding NIS?
> Is it legitimate in some cases to add an user locally, and not to NIS. How
> useradd should know about the intent of the caller?

You probably want an option if you want to do anything, though just
ignoring NIS is also fine since at worst the current the behaviour is to
not export accounts which is safe.  The user configuration here is
fairly unusual since it is exporting NIS accounts from /etc/passwd while
simultaneously making the server use NIS for passwd data.  It would be
more common to do something like have the NIS server use a separate data
source for the NIS data or have it not use NIS for passwd information.
Either of those options would avoid any problems with useradd.

Since the arrangement of compat entries could potentially get
complicated since there can be multiple compat entries with local
ccounts interleaved it's hard to see a sane UI.  A UI to specify
alternative passwd, shadow and group files (or a directory to find them
in) would be handy if it doesn't already exist but that's a separate
issue.