Patch Name: PHCO_29380 Patch Description: s700_800 11.00 user/group(add/mod/del)(1M) cumulative patch Creation Date: 03/07/28 Post Date: 03/08/18 Hardware Platforms - OS Releases: s700: 11.00 s800: 11.00 Products: N/A Filesets: OS-Core.ADMN-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair general_release Path Name: /hp-ux_patches/s700_800/11.X/PHCO_29380 Symptoms: PHCO_29380: 1. useradd(1M) command is recursively changing the ownership of home directory to the new user being added, if the directory already exists. 2. useradd(1M) and usermod(1M) is giving incorrect error message when invalid argument is passed to -c option. PHCO_28505: 1. usermod(1M) command is recursively changing the ownership of home directory of the user being modified. PHCO_26017: 1. User*/Group* commands were not retaining the original attributes of /etc/passwd and /etc/group files after they modify the above files. 2. usermod & userdel commands changes group ID of /etc/passwd file after they modify the /etc/passwd file. 3. groupadd ,groupdel and groupmod removes the entries beginning with '+' from /etc/group file after they modify the /etc/group file. PHCO_20679: 1. user name "name" cannot be added if "name-t" already exists. 2. usermod with the new libc fails. 3. useradd zeroes /etc/group file when the filesystem is full. 4. userdel(1M) and usermod(1M) removes the NIS entry from the /etc/passwd file after performing the required operations. PHCO_17440: 1. useradd(1M) overwrites existing dot files ($HOME/.* files) even if -m option is not specified. 2. useradd(1M) changes the permission of files pointed to by symbolic links in an existing home directory. 3. useradd(1M) may dump core if certain undocumented behavior of qsort(3) changes in future releases. PHCO_15221: - useradd(1M) displays and represents the year field of the dates of the next century in three digits. Defect Description: PHCO_29380: 1. useradd(1M) command is recursively changing the ownership of the home directory for the new user if the directory already exist and is not the home directory of any other user. Steps to reproduce the problem: # mkdir /tmp/home # chown root:sys /tmp/home # useradd -d /tmp/home new_user # ll -d /tmp/home drwxrwxrwx 2 new_user users 96 Jul 25 11:14 /tmp/home In the above case the ownership of the directory /tmp/home got changed to the new user. Also the ownership of the files within the '/tmp/home' directory is getting changed to the new user. Resolution: New option '-r' has been added to define the behaviour of useradd(1M) command. If "no" is passed as argument to -r option then useradd(1M) won't change the ownership of the home directory. If "yes" is passed, useradd(1M) will recursively change the ownership of the home directory to the new user. Default behaviour of '-r' option can be set by using this option along with '-D' option. NOTE : Default behaviour of '-r' option will be set to "no" and hence useradd(1M) will not change the ownership of the home directory. User can get the old behaviour of useradd(1M) by setting the default behaviour of '-r' option to "yes" using the following command : # useradd -D -r "yes" 2. useradd(1M) and usermod(1M) is giving incorrect error message when a ':' is given in the comment specified using -c option. Steps for reproducing the problem : # useradd -c "testing:user" new_user group c will exceed the LINE_MAX limit In the above case we get an unrelated error message. Resolution : useradd(1M) and usermod(1M) has been modified to print the correct error message "Invalid argument : c". PHCO_28505: 1. usermod(1M) when used with -u or -g option is recursively changing the ownership of the home directory even when user does not have permissions on the home directory and the user being modified is not the owner of the home directory. Example: Execute the following commands as root : # useradd -d /tmp/testuser -m testuser # chown root:root /tmp/testuser # ll -d /tmp/testuser drwxr-xr-x 2 root root 96 Feb 23 21:07 /tmp/testuser/ # grep testuser /etc/passwd testuser:*:103:20::/tmp/testuser:/sbin/sh # usermod -u 104 testuser # ll -d /tmp/testuser drwxr-xr-x 2 testuser usr 96 Feb 23 21:07 /tmp/testuser/ In the above case even though testuser is not the owner of the directory "/tmp/testuser", its ownership is changed by usermod(1M) to testuser. This is happening because usermod is not checking the ownership of the files/directories before modifying its ownership. Resolution : usermod(1M) has been modified to check for the ownership of the home directory/files before changing the ownership of the directory/files to new uid/gid. Now usermod(1M), when used with -u or -g option, will modify ownership of only those directories/files owned by the user. PHCO_26017: 1. User*/Group* commands were not retaining the original permissions of the /etc/passwd and /etc/group files, after the above commands changes these files. It was being changed to 444.It is required that permissions of the above files modified using User*/Group* commands should retain their original attributes. Ex: # ls -l /etc/passwd -rwxr-xr-x 1 root sys 2487 Jan 25 18:53 /etc/passwd # usermod -l NEW_USER new_user # ls -l /etc/passwd -r--r--r-- 1 root sys 2487 Jan 25 18:53 /etc/passwd The Permission are changed from "755" to "444". # ls -l /etc/passwd -rwxr-xr-x 1 root sys 3191 Feb 5 19:09 /etc/passwd # /usr/sbin/userdel xx # ls -l /etc/passwd -r--r--r-- 1 root sys 3160 Feb 5 19:09 /etc/passwd The Permission are changed from "755" to "444". Resolution: Before modifying the /etc/passwd and /etc/group files it's attributes are stored and after modifying the above files , the attributes are re-stored to the stored values. 2. usermod and userdel commands were modifying group name of the /etc/passwd file after modifying it. userdel and usermod copies the /etc/passwd file to a temporary file and modifications are done to temporary file. Then this temporary file gets renamed as /etc/passwd file. This rename will copy the file attributes of the temporary file to /etc/passwd file.Thus changes the group of /etc/passwd file. Ex: # ls -l /etc/passwd -rwxr-xr-x 1 root group2 1968 Jan 25 19:05 /etc/passwd # usermod -l XX xx # ls -l /etc/passwd -r--r--r-- 1 root sys 1968 Jan 25 19:06 /etc/passwd The group name should have been "group2" instead of "sys". # ls -l /etc/passwd -rwxr-xr-x 1 root group2 1968 Jan 25 19:06 /etc/passwd # userdel XX # ls -l /etc/passwd -r--r--r-- 1 root sys 1937 Jan 25 19:11 /etc/passwd The group name should have been "group2" instead of "sys". Resolution: Fix ensures that before original /etc/passwd file gets copied to the temporary file,it's attributes are stored. while renaming the temporary file as /etc/passwd the attributes of the original /etc/passwd files are given. 3. groupadd and groupdel commands used to remove entries that start with '+' from /etc/group file, after modifying it. This was because groupadd and groupdel was not properly validating the NIS entries in the /etc/group file. Ex: # grep '+' /etc/group +: # groupadd new_grp1 # grep '+' /etc/group Entries beginning with '+' is removed. # grep '+' /etc/group +: # /usr/sbin/groupdel xx # grep '+' /etc/group Entries beginning with '+' is removed. # grep '+' /etc/group +: # /usr/sbin/groupmod -g 1000 xx # grep '+' /etc/group Entries beginning with '+' is removed. Resolution: Now the code of groupadd ,groupdel and groupmod is modified to validate the NIS entries properly. PHCO_20679: 1. On a trusted system, an user name 'name' cannot be added if 'name-t' is already existing in the passwd file. This problem was occurring because the return value of the libc call "putprpwnam" was not appropriately being checked. Resolution: The return value of the library call is changed to give the correct error message when the user cannot be added. 2. usermod when used with the -G option was failing with the new library. The problem was that the corresponding function was being called with inappropriate number of arguments. Resolution: The function which was being called with only one parameter, is changed and now an appropriate value is passed as the second argument. 3. useradd(1M) zeroes /etc/group file when the file system is full. useradd(1M) tries to create a temporary file and modify it for making changes to the group file. When the file system is full and no more write is possible, the temporary file will be created with zero bytes and useradd will copy this file to /etc/group. Resolution: The useradd code has been modified to make sure that writes to the temporary file was successful by checking the return value of fclose(). 4. userdel(1M) and usermod(1M) remove the NIS entry from the /etc/passwd file after performing the required operations. This is caused by a bug in the routine which modifies the passwd file. Resolution: Lines to add the NIS entry at the end of the passwd file have been added to the source code, which was removed by a previous fix. PHCO_17440: 1. useradd(1M) overwrites the existing dot files ($HOME/.* files) in a home directory with those in the /etc/skel directory even if the -m option is not specified. Resolution: useradd(1M) will overwrite the existing $HOME/.* files only when the '-m' option is specified. 2. If the home directory specified in the useradd(1M) command line already exists and it contains symbolic links, useradd will change the permissions of the files pointed to by the symbolic links to the new user. Resolution: Command has been modified so that only the permissions of the symbolic link is changed and not the target of the symbolic link. 3. useradd(1M) may dump core if certain undocumented behavior of qsort(3) changes in future releases. Resolution: useradd(1M) has been modified so that it does not rely on the undocumented behavior of qsort(3) PHCO_15221: - useradd(1M) displays and represents the year field of the dates of the next century in three digits. Enhancement: No SR: 8606315117 8606319716 8606289009 8606222515 5003377986 8606133048 8606106850 8606106709 1653298778 5003451898 5003437574 1653285346 5003443788 4701391466 Patch Files: OS-Core.ADMN-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64, v=HP: /usr/share/man/man1m.Z/useradd.1m OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/lib/nls/msg/C/ugm.cat /usr/newconfig/etc/default/useradd /usr/sbin/groupadd /usr/sbin/groupdel /usr/sbin/groupmod /usr/sbin/useradd /usr/sbin/userdel /usr/sbin/usermod what(1) Output: OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/lib/nls/msg/C/ugm.cat: None OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/newconfig/etc/default/useradd: None OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/sbin/groupadd: $Revision: 82.1.1.1 $ $Revision: 82.5.1.11 $ PATCH_11_00: groupadd.o ugm_cmn.o 03/07/28 OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/sbin/groupdel: $Revision: 82.1.1.1 $ $Revision: 82.5.1.11 $ PATCH_11_00: groupadd.o ugm_cmn.o 03/07/28 OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/sbin/groupmod: $Revision: 82.1.1.1 $ $Revision: 82.5.1.11 $ PATCH_11_00: groupadd.o ugm_cmn.o 03/07/28 OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/sbin/useradd: $Revision: 82.4.1.8 $ $Revision: 82.5.1.11 $ PATCH_11_00: useradd.o ugm_cmn.o 03/07/28 OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/sbin/userdel: $Revision: 82.2.1.2 $ $Revision: 82.5.1.11 $ PATCH_11_00: userdel.o ugm_cmn.o 03/07/28 OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: /usr/sbin/usermod: $Revision: 82.2.1.4 $ $Revision: 82.5.1.11 $ PATCH_11_00: usermod.o ugm_cmn.o 03/07/28 OS-Core.ADMN-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64, v=HP: /usr/share/man/man1m.Z/useradd.1m: None cksum(1) Output: OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 401253854 2757 /usr/lib/nls/msg/C/ugm.cat OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 3809409965 84 /usr/newconfig/etc/default/useradd OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 1083628578 40960 /usr/sbin/groupadd OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 1083628578 40960 /usr/sbin/groupdel OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 1083628578 40960 /usr/sbin/groupmod OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 4073114965 61440 /usr/sbin/useradd OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 3956353390 49152 /usr/sbin/userdel OS-Core.SYS-ADMIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP: 1940471825 57344 /usr/sbin/usermod OS-Core.ADMN-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64, v=HP: 207446235 5011 /usr/share/man/man1m.Z/useradd.1m Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_15221 PHCO_17440 PHCO_20679 PHCO_26017 PHCO_28505 Equivalent Patches: PHCO_29269: s700: 11.11 s800: 11.11 Patch Package Size: 150 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_29380 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHCO_29380.depot By default swinstall will archive the original software in /var/adm/sw/save/PHCO_29380. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHCO_29380.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHCO_29380.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_29380.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: If /etc/passwd and /etc/group files are on a VxFS file system and ACL's are set for these files, then User*/Group* binaries patched in this patch will not restore the ACL permissions of /etc/passwd and /etc/group files. However, the ACL entries are restored if /etc/passwd and /etc/group files are on a HFS file system. We recommend "not to set" ACL permissions for /etc/passwd and /etc/group files on a VXFS file system.