Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recreate samba user after backup restore #871

Open
obsy opened this issue Apr 13, 2020 · 6 comments
Open

Recreate samba user after backup restore #871

obsy opened this issue Apr 13, 2020 · 6 comments

Comments

@obsy
Copy link
Contributor

obsy commented Apr 13, 2020
edited
Loading 

root@Gargoyle:~# cat /etc/config/share_users 

config user 'test'
	option password_salt 'ZxADAK40IF3W2qW41MPF2'
	option password_sha1 'a54a6b0a873e41f9feffb2a77c7705c75866da0c '

user test with password test. After backup restore and/or /etc/init.d/share_users start I have

root:x:0:0:root:/root:/bin/ash
daemon:*:1:1:daemon:/var:/bin/false
ftp:*:55:55:ftp:/tmp/share_home/anonymous:/bin/false
network:*:101:101:network:/var:/bin/false
nobody:*:65534:65534:nobody:/var:/bin/false
dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false
nfs:x:65536:65536:nfs:/var/run/nfs:/bin/false
rpc:x:65533:65533:rpc:/var/run/rpc:/bin/false
:/tmp/share_home/test:/bin/false

No user in passwd file. Because https://github.com/ericpaulbishop/gargoyle/blob/master/package/share-users/files/share_users.init#L43 and https://github.com/ericpaulbishop/gargoyle/blob/master/package/share-users/files/share_users.init#L70 - passwd is not stored in config?

BTW, gargoyle 1.13
@lantis1008
Copy link
Contributor

I've been looking at this for a few days.
There's no good solution. I can think of. Password is intentionally not stored in the config file in plaintext.

https://github.com/ericpaulbishop/gargoyle/blob/master/package/gargoyle/files/usr/lib/gargoyle/restore.sh#L238
Add a checkbox to the GUI to allow the user to restore passwords from the backup. This would risk the user locking themselves out.
It could provide a few options. Restore root password. Restore share users passwords. It would be best to leave other system users untouched (e.g. dnsmasq, tor, etc).
You would also need to preserve /etc/share_user_list

This is not a very nice solution. I don't know if i should implement, or leave this open for further comment/ideas.

@obsy
Copy link
Contributor Author

obsy commented May 5, 2020

I don't understand. Backup already has passwd/shadow file with valid user and password. My question: why after restore backup, system trying recreating valid user? Why is it destroying the username?

@lantis1008
Copy link
Contributor

The way it currently works, it doesn't use them.
It restores them temporarily, then swaps the original files back in.

It has a flag to not do this, but it is currently never used. We could fix this with my suggestion above. Either an option to restore passwords, or always do it.

The risk is that if someone restores a backup with a password they don't know, they will need to failsafe.

@obsy
Copy link
Contributor Author

obsy commented May 5, 2020

OK, but now it's just broken functionality (user without name in passwd file).

@lantis1008
Copy link
Contributor

Yes we can fix that.
https://github.com/ericpaulbishop/gargoyle/blob/master/package/share-users/files/share_users.init#L128
Needs a check for blank string as well, and should not enter the if statement.
This will result in no user at all.

This combined with option above is probably the full solution.

@lantis1008
Copy link
Contributor

This missing_lines function might be interesting here
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=9c2eceef90b3ca924b8cd836e904ddc480514031;hp=dfa357a3def512c13f22371d24138b6e8093be18

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@obsy @lantis1008