[BUG]: Unable to add user to the users group #12
https://github.com/AlmaLinux/bootc-images/issues/12
Open Open [BUG]: Unable to add user to the users group #12 @gbraad Description gbraad opened on Feb 23 · edited by gbraad Is there an existing issue for this?
I have searched the existing issues Current behaviour It is currently not possible to add a user to the users group.
Expected behaviour
A usermod -a -G users
Steps To Reproduce bash-5.1# cat /etc/group | grep users bash-5.1# bash-5.1# groupadd -g 100 users groupadd: group ‘users’ already exists bash-5.1# useradd gbraad bash-5.1# usermod -a -G users gbraad bash-5.1# groups gbraad gbraad : gbraad The following workaround is possible:
bash-5.1# echo “users:x:100:gbraad” | sudo tee -a /etc/group users:x:100:gbraad bash-5.1# groups gbraad gbraad : gbraad users Anything else? This is reported upstream: https://gitlab.com/fedora/bootc/base-images/-/issues/42 as this is also happening for the fedora-bootc and centos-bootc images.
Search terms usermod users useradd
Activity
gbraad added bug Something isn’t working on Feb 23
gbraad mentioned this on Feb 23 Bootc issues for rdesktop gbraad-dotfiles/upstream#69 gbraad gbraad commented on Feb 24 gbraad on Feb 24 Author I am guessing here; but I have seen changes related to sysusers.d; I think they might want to create the users group at boot-time or so (to handle possible upgrade scenarios?). If so, at the moment this is not working.
There are entries in /etc/group, but the users group does exist in /etc/gshadow:
$ cat /etc/gshadow | grep users users::: It seems it is defined in sysusers.d, but does not run ?
$ cat /usr/lib/sysusers.d/20-setup-groups.conf | grep users g users 100 Does the entry in /etc/gshadow maybe causes issues with sysusers.d ?
gbraad gbraad commented on Feb 24 gbraad on Feb 24 Author I think I got it:
$ getent -s altfiles group users users:x:100: $ ls -l /usr/lib/group /usr/lib/passwd -rw-rw-r–. 1 root root 803 Jan 1 1970 /usr/lib/group -rw-rw-r–. 1 root root 2058 Jan 1 1970 /usr/lib/passwd $ cat /usr/lib/group | grep users users:x:100: So altfiles provides the value, but systemd-sysusers will not create the group /etc/, and usermod only operates on /etc properly as the filesystem at /usr is read-only. It should create the entries in /etc/ instead
gbraad mentioned this on Feb 24 Handling of default users/groups coreos/fedora-coreos-tracker#155 gbraad gbraad commented on Feb 24 gbraad on Feb 24 · edited by gbraad Author $ cat /etc/group | grep users $ sudo bootc usr-overlay Development mode enabled. A writable overlayfs is now mounted on /usr. All changes there will be discarded on reboot. $ sudo rm -f /usr/lib/group $ sudo systemd-sysusers Creating group ‘nobody’ with GID 65534. Creating group ‘utmp’ with GID 992. Creating group ‘audio’ with GID 986. Creating group ‘cdrom’ with GID 985. Creating group ‘dialout’ with GID 984. Creating group ‘disk’ with GID 983. Creating group ‘input’ with GID 981. Creating group ‘kmem’ with GID 980. Creating group ‘kvm’ with GID 979. Creating group ‘lp’ with GID 978. Creating group ‘render’ with GID 977. Creating group ‘tape’ with GID 976. Creating group ‘tty’ with GID 5. Creating group ‘video’ with GID 975. Creating group ‘users’ with GID 100. Creating group ‘ssh_keys’ with GID 101. Creating group ‘printadmin’ with GID 974. Creating group ‘chrony’ with GID 973. Creating group ‘dbus’ with GID 972. Creating group ‘sshd’ with GID 971. Creating group ‘systemd-coredump’ with GID 970. Creating group ‘systemd-resolve’ with GID 969. Creating group ‘tss’ with GID 968. /etc/gshadow: Group “tty” already exists. $ For the command
$ usermod -a -G users gbraad I expect if this can’t work on /usr/lib it should error, otherwise it should fallback using /etc/group. At the moment it does neither.
imbev imbev commented on May 26 imbev on May 26 Contributor Is this still a problem as of AlmaLinux 9.6?
quay.io/almalinuxorg/almalinux-bootc:9.6
gbraad gbraad commented on May 26 gbraad on May 26 Author Upstream issue still exists
kfox1111 kfox1111 commented on Jun 30 kfox1111 on Jun 30 /etc/groups can be overridden on the host and then wont get updated by images. For service accounts, they recommend using json user/group records: https://systemd.io/USER_RECORD