[Pkg-shadow-devel] Bug#632461: passwd: usermod -p fails silently if user is missing in /etc/shadow

[Henrik Christian Grove]

Package: passwd
Version: 1:4.1.4.2+svn3283-2+squeeze1
Severity: minor

If a user has been removed from /etc/shadow, usermod -p fails silently:
root at cassiopeia:~# adduser --disabled-password --gecos "" test
Adding user `test' ...
Adding new group `test' (1001) ...
Adding new user `test' (1001) with group `test' ...
The home directory `/home/test' already exists.  Not copying from `/etc/skel'.
root at cassiopeia:~# sed -e '/test/ d' -i /etc/shadow
root at cassiopeia:~# grep test /etc/passwd
test:x:1001:1001:,,,:/home/test:/bin/bash
root at cassiopeia:~# grep test /etc/shadow
root at cassiopeia:~# usermod -p '$1$4qlPRcSR$KFWIwhy82h7EPnUkNb58f.' test
root at cassiopeia:~# echo $?
0
root at cassiopeia:~# grep test /etc/shadow
root at cassiopeia:~# 

I admit it's a rather unlikely scenario, but silent failure is still
not good.

-- System Information:
Debian Release: 6.0.1
  APT prefers stable-updates
  APT policy: (700, 'stable-updates'), (700, 'stable'), (600, 'testing'), (25, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=da_DK.utf8, LC_CTYPE=da_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages passwd depends on:
ii  debianutils                   3.4        Miscellaneous utilities specific t
ii  libc6                         2.11.2-10  Embedded GNU C Library: Shared lib
ii  libpam-modules                1.1.1-6.1  Pluggable Authentication Modules f
ii  libpam0g                      1.1.1-6.1  Pluggable Authentication Modules l
ii  libselinux1                   2.0.96-1   SELinux runtime shared libraries

passwd recommends no packages.

passwd suggests no packages.

-- no debconf information