[Bug 5924] New: Concurrent "adduser" command truncates /etc/passwd and /etc/shadow causes missing "root" user
bugzilla at busybox.net
bugzilla at busybox.net
Tue Feb 12 02:09:50 UTC 2013
https://bugs.busybox.net/show_bug.cgi?id=5924
Summary: Concurrent "adduser" command truncates /etc/passwd and
/etc/shadow causes missing "root" user
Product: Busybox
Version: 1.18.x
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
AssignedTo: unassigned at busybox.net
ReportedBy: kyeongyoo at gmail.com
CC: busybox-cvs at busybox.net
Estimated Hours: 0.0
Created attachment 4742
--> https://bugs.busybox.net/attachment.cgi?id=4742
Possible fix for the adduser issue
If multiple "adduser" command is executed in parallel, /etc/passwd and
/etc/shadow files are corrupted and easily causes the device not bootable due
to missing user names like "root".
For example, the following script will add 30 users in parallel and the
resulting /etc/passwd file is normally truncated.
N=${1:-30}
I=1
while [ $I -le $N ]; do
USER=$(printf "user-%02d" $I)
echo ==== $USER
adduser -H -h /flash -D -s /sbin/startshell -g group -G wheel $USER &
I=$((I+1))
done
I've attached a possible fix for this which resolves:
1. Previously if "passwd+" file is not cleaned up (say due to "adduser" being
killed), then second "adduser" cannot modify "passwd" file forever.
2. Added flock() to detect unoccupied "passwd+" file (so the second process can
delete it).
3. Make sure to open "passwd" file after getting proper permission to use
"passwd+". Otherwise the old "passwd" may be used instead.
I've also checked the code is same in 1.21.0.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list