Missing API/interface for changing fullname (gecos) and shell

Question

Missing API/interface for changing fullname (gecos) and shell

thalman opened this issue 6 months ago · 5 comments

The shadow-util have binaries for setting user details and shell (chfn and chsh).

Those function are not exported. As a result the GUI for user settings can't actually use them, because chfn and chsh are designed for human interaction. Most of those tools uses usermode package witch provides userhelper binary and userhelper uses libuser for this purpose.

Libuser re-implements chfn and chsh and manipulates /etc/passwd on its own. Unfortunately libuser project is not actively developed any more (I'm the maintainer) and so the tools mentioned above depend on obsolete code.

It would be great to make functions like update_gecos and update_shell public. This will allow us to get rid of libuser dependency.

Just for completeness - libuser supposed to hide differences between LDAP and shadow users, this is kind of working but not for all LDAP schemes and there is no effort to catch up the technological debt.

Tomáš

Answer 1 · 2024-05-06T10:11:35.000Z

Correct me if I'm wrong, but the idea would be to provide the update_gecos and update_shell in a library, and link the GUI applications that make use of this functionally to the new library. This way we remove this linked dependency of usermode -> userhelper -> libuser and use this functionality directly from the package that originally provided this feature. Finally, distributions can remove libuser.

Answer 2 · 2024-05-06T10:56:04.000Z

Yes, you are correct. Just few notes:

We need to be root to do this so binary must have setuid bit. Therefore the GUI (wayland/X11) app will still use some lightweight wrapper like usermode to perform the operation. I expect that the chain will change from gui-app->(fork/exec)->userhelper->libuser.so to gui-app->(fork/exec)->userhelper->shadow-utils.so.

Also we will have just one code for manipulating /etc/passwd file instead having alternative implementation in libuser. Now I see that there are differences between chfn and libuser implementation for example in locking and signal handling.

Answer 3 · 2024-05-06T11:06:02.000Z

We need to be root to do this so binary must have setuid bit. Therefore the GUI (wayland/X11) app will still use some lightweight wrapper like usermode to perform the operation. I expect that the chain will change from gui-app->(fork/exec)->userhelper->libuser.so to gui-app->(fork/exec)->userhelper->shadow-utils.so.

This is kind of the standard procedure for these cases.

I'm fine with it. @hallyn please check this ticket and share your thoughts.