[Bug 5924] New: Concurrent "adduser" command truncates /etc/passwd and /etc/shadow causes missing "root" user

bugzilla at busybox.net bugzilla at busybox.net
Tue Feb 12 02:09:50 UTC 2013


https://bugs.busybox.net/show_bug.cgi?id=5924

           Summary: Concurrent "adduser" command truncates /etc/passwd and
                    /etc/shadow causes missing "root" user
           Product: Busybox
           Version: 1.18.x
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Other
        AssignedTo: unassigned at busybox.net
        ReportedBy: kyeongyoo at gmail.com
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


Created attachment 4742
  --> https://bugs.busybox.net/attachment.cgi?id=4742
Possible fix for the adduser issue

If multiple "adduser" command is executed in parallel, /etc/passwd and
/etc/shadow files are corrupted and easily causes the device not bootable due
to missing user names like "root".

For example, the following script will add 30 users in parallel and the
resulting /etc/passwd file is normally truncated.

N=${1:-30}
I=1
while [ $I -le $N ]; do
  USER=$(printf "user-%02d" $I)
  echo ==== $USER
  adduser -H -h /flash -D -s /sbin/startshell -g group -G wheel $USER &
  I=$((I+1))
done


I've attached a possible fix for this which resolves:
1. Previously if "passwd+" file is not cleaned up (say due to "adduser" being
killed), then second "adduser" cannot modify "passwd" file forever.
2. Added flock() to detect unoccupied "passwd+" file (so the second process can
delete it).
3. Make sure to open "passwd" file after getting proper permission to use
"passwd+". Otherwise the old "passwd" may be used instead.

I've also checked the code is same in 1.21.0.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list