4357 – bug in adduser script causes duplicate UIDs

Bug 4357 - bug in adduser script causes duplicate UIDs

Summary: bug in adduser script causes duplicate UIDs

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Mike Makonnen

URL:
Keywords:

Depends on:
Blocks:

Reported:	1997-08-22 18:30 UTC by agonzalez
Modified:	2003-02-22 22:30 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description agonzalez 1997-08-22 18:30:00 UTC

While adding a user the other day, I noticed that if somebody else
started another adduser script before I finished adding the current
user, both would get assigned the same UID.  Now, technically, this is
not a bug, since the script asks you which UID you want to use,
however, it would be quite hard to guess if somebody else is adding a
user and what UID they're using.

Fix: 

My suggestion would be to lock the password file from the beginning
of the script and notify the user if it can't get a lock.  That way
there can only be one adduser script running at any given time.

Looking at the script, however, this does not seem like a good idea.
It uses a subroutine called 'append_file' that takes care of the
locking while appending a line to a file.  Personally, I'm going to
do the pw file lock at the beginning, and make a modified append_file
routine specifically for the password file (which will already be
locked).  Hopefully, the author will come up with a 'cleaner'
solution later on :)
How-To-Repeat: Run the adduser script and start answering the questions.  Try adding
a dumb user (test1) and get to the point where it asks for the UID.
When you get there, start an adduser script from another session and
add another dumb user (test2).  When you get to the UID prompt, you
will get the same UID for this user.  If you go through and add the
users, the script will happily add the two users with the same UID.

Comment 1 Wolfram Schneider freebsd_committer

1997-08-26 17:42:36 UTC

Responsible Changed
From-To: freebsd-bugs->wosch

Adduser is my area.

Comment 2 Wolfram Schneider freebsd_committer

2002-01-13 11:55:51 UTC

Responsible Changed
From-To: wosch->freebsd-bugs

I'm no longer the maintainer of adduser.

Comment 3 Johan Karlsson freebsd_committer

2003-02-22 14:10:12 UTC

Responsible Changed
From-To: freebsd-bugs->mtm

Over to adduser.sh author. This report was for the old 
adduser perl script but it is still a problem with 
the new sh script.

Comment 4 Mike Makonnen freebsd_committer

2003-02-22 22:25:20 UTC

State Changed
From-To: open->closed

This is no longer a problem. 
The script automatically checks to ensure that any uid it 
is given does not allready exist. Should a conflicting uid 
be created between the time it does the check and when it 
gets around to adding it, the duplicate will be rejected by pw(8).