You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code here checks /etc/login.defs to see if the user's UID is less than UID_MIN.
However, login.defs also has settings to defined min/max SYSTEM UID range:
# System accounts
SYS_UID_MIN 201
SYS_UID_MAX 999
In our use case, this causes problems because the admin ID is created very early in provisioning BEFORE we can set our standard values for UID_MIN / UID_MAX... and after we do, then the admin ID falls outside the range and is marked as a system user.
The check would be better to also validate against SYS_UID_MAX.
uid_min = None
try:
uid_min = int(ext_utils.get_line_starting_with("UID_MIN", "/etc/login.defs").split()[1])
except (ValueError, KeyError, AttributeError, EnvironmentError):
pass
if uid_min is None:
uid_min = 100
if user_entry is not None and user_entry[2] < uid_min:
logger.error(
"CreateAccount: " + user + " is a system user. Will not set password.")
return "Failed to set password for system user: " + user + " (0x06)."
Range of user IDs used for the creation of regular users by useradd or newusers.
The default value for UID_MIN (resp. UID_MAX) is 1000 (resp. 60000).
The UID_MIN and UID_MAX really just affect useradd command (which is the reason why we use it since other extensions execute useradd) and are not necessarily representative of system accounts
The code here checks /etc/login.defs to see if the user's UID is less than UID_MIN.
However, login.defs also has settings to defined min/max SYSTEM UID range:
In our use case, this causes problems because the admin ID is created very early in provisioning BEFORE we can set our standard values for UID_MIN / UID_MAX... and after we do, then the admin ID falls outside the range and is marked as a system user.
The check would be better to also validate against SYS_UID_MAX.
azure-linux-extensions/Utils/distroutils.py
Line 175 in b4d783a
The text was updated successfully, but these errors were encountered: