Opened 11 years ago

Closed 10 years ago

#768 closed defect (fixed)

"Deploying MediaGoblin" manual tells to "adduser --system", meaning no shell, then to "su -" without specifying a shell → cannot log in.

Reported by: kumo Owned by:
Priority: critical Milestone:
Component: documentation Keywords: login, password
Cc: Parent Tickets:


There's something in the docs that doesn't make much sense for me:

"No password will be assigned to this account, and you will not be able to log in as this user. To switch to this account, enter either:"

and then sudoes to mediagoblin user. Also, it says:

"Unless otherwise noted, the remainder of this document assumes that all operations are performed using this unpriviledged account."

In my opinion, user mediagoblin should get shell permissions and when finished remove them. Otherwise, do everything as another user and at the end chown it all, but it may break something.

Change History (5)

comment:1 by Christopher Allan Webber, 11 years ago

Resolution: wontfix
Status: newclosed

I understand what you're saying, but I believe this is a feature. What this means isn't that you can't have shell permissions (when you sudo over, you are in the shell) it means that the user can't be logged into *as that user*. And there's good reason for that: you don't want to have to manage authentication stuff and possibly have a security breach by someone logging into a user that nobody actually ever logs in as directly. I believe that's the reason for the documentation's wording above... does that make sense?

(In the meanwhile I'm closing this ticket, but that doesn't mean discussion is over.)

comment:2 by Aleksej, 11 years ago

Resolution: wontfix
Status: closedaccepted

Reopening. The documentation is talking about "su - mediagoblin", while "sudo" is used only to get root permissions so that su works. The problem is that "su" does nothing visible unless you specify a shell with "-s".

After this:
adduser --system testuser4

This (which documentation suggests) does not work for me and at least two other Debian users:
su - testuser4

These do work:
su - testuser4 -s /bin/bash
sudo -u testuser4 /bin/bash

comment:3 by Aleksej, 10 years ago

Summary: user mediagoblin login"Deploying MediaGoblin" manual tells to "adduser --system", meaning no shell, then to "su -" without specifying a shell → cannot log in.

comment:4 by Aleksej, 10 years ago

Priority: majorcritical

Changing to critical, because it has probably stopped multiple people trying to try GMG.

comment:5 by Christopher Allan Webber, 10 years ago

Resolution: fixed
Status: acceptedclosed


Note: See TracTickets for help on using tickets.