Ubuntu server install could end up with no user if an existing group name is used
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
subiquity |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
While attempting to install Ubuntu server 22.04.1, I gave "kvm" as the user name at the time of install.
However, it turns out there's an existing group called "kvm" and thus the user creation fails silently. But this isn't informed to the user. Install proceeds and completes; eventually when the user tries to login, the error simply says "Incorrect login" with no indication of what's wrong.
Since there's no other user, it's not easy to debug it either. I believe this would fail in the same way for any username if there's an existing group with that name.
I booted into the image again, mounted the root filesystem and did chroot to access the logs. Here's the cloud-init part where it fails to create the user: https:/
There are two issues here.
1. Users should be informed that this failure rather than proceeding with install and then locking them out.
2. Should the cloud-init script allow usernames to be created if it happens to be an existing group? It's arguable that this isn't a good idea as we can't tell whether someone really intended to create a user with some group which may have different semantics they didn't want.
But I think there needs to be some sort of message to the user about this before proceeding with install.
tags: | added: seg |
Changed in subiquity: | |
status: | New → Fix Committed |
Regarding issue 2 above, cloud-init does support adding a 'no_user_group: true' boolean to a user creation stanza, so subiquity could detect that a default userless group name was used and then either:
- prevent the user from using it (with an appropriate warning)
- allow the user to use it, but adjust the cloud-init config to use the boolean