You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@vcl.apache.org by "Martinez, Emerio" <em...@Fullerton.edu> on 2020/06/17 15:58:31 UTC
RE: [External] Re: Creation of Base OS Images - Windows 10, CentOS 7
and Ubuntu 20 in VCL
Hello Josh,
Yes, the numeric username is a must have for us. It is the campus identifier for an end user. We use it to manage access and control privileges in our VCL.
I was able to find this Redhat KB article which matches the situation and provides a workaround.
https://access.redhat.com/solutions/3103631
Please note, shadow-utils-4.1.5.1-25 (shipped with Red Hat Enterprise Linux 7.6) does not allow to create all-numeric usernames. shadow-utils- 4.1.5.1-25.el7_6.1 and later (shipped with Red Hat Enterprise Linux 7.6 batch update 3) requires the environment variable SHADOW_ALLOW_ALL_NUMERIC_USER to be set to any value to allow the useradd command to create all-numeric usernames.
I verified that the workaround does work.
Before:
[root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d /home/899926760 -g vcl -u 524 899926760
useradd: invalid user name '899926760'
After:
[root@vclvm011206_4x10 ~]# echo $SHADOW_ALLOW_ALL_NUMERIC_USER
[root@vclvm011206_4x10 ~]# SHADOW_ALLOW_ALL_NUMERIC_USER=anyvalue
[root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d /home/899926760 -g vcl -u 524 899926760
useradd: invalid user name '899926760'
[root@vclvm011206_4x10 ~]# echo $SHADOW_ALLOW_ALL_NUMERIC_USER
anyvalue
[root@vclvm011206_4x10 ~]# SHADOW_ALLOW_ALL_NUMERIC_USER=1
[root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d /home/899926760 -g vcl -u 524 899926760
useradd: invalid user name '899926760'
[root@vclvm011206_4x10 ~]# export SHADOW_ALLOW_ALL_NUMERIC_USER=1
[root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d /home/899926760 -g vcl -u 524 899926760
[root@vclvm011206_4x10 ~]# id 899926760
uid=524(899926760) gid=1001(vcl) groups=1001(vcl)
Would you be able to develop a fix that is incremental (does not require a system wide upgrade) and modularized (code change is contained and not spread out) for this situation? We are using VCL 2.5. Please advise.
Thanks,
Emerio
-----Original Message-----
From: Josh Thompson <jo...@ncsu.edu>
Sent: Wednesday, June 17, 2020 7:30 AM
To: Martinez, Emerio <em...@Fullerton.edu>
Cc: user@vcl.apache.org; Elbettar, Bill <be...@fullerton.edu>; Yang, Charles <cy...@fullerton.edu>
Subject: [External] Re: Creation of Base OS Images - Windows 10, CentOS 7 and Ubuntu 20 in VCL
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Emerio,
Thanks for the update on Jim. I didn't realize he had moved on.
After looking over your logs, I'm seeing that in both cases, the reservations for the new images failed when trying to add the user account. Apparently, it doesn't like the user account name being 899926760.
- From the logs:
request id 31443 on vclvm011232_4x10
2020-06-12 16:51:50|2986|31443|31443|new|utils.pm:run_ssh_command|4392|
command: '/usr/sbin/useradd -s /bin/bash -m -d /home/899926760 -g vcl -u 524 899926760', exit_status: 3, output:
|2986|31443|31443|new|utils.pm:run_ssh_command|4392| useradd: invalid
|2986|31443|31443|new|user
name '899926760'
request id 31444 on vclvm011206_4x10
2020-06-12 16:58:58|4086|31444|31444|new|utils.pm:run_ssh_command|4392|
command: '/usr/sbin/useradd -s /bin/bash -m -d /home/899926760 -g vcl -u 524 899926760', exit_status: 3, output:
|4086|31444|31444|new|utils.pm:run_ssh_command|4392| useradd: invalid
|4086|31444|31444|new|user
name '899926760'
If that account was able to create reservations for the older CentOS image, then something has changed in one of the packages on CentOS that prevents that username from being valid. I'm asuming it's because it is a long number.
Do you have to support long, numeric usernames?
Josh
On Monday, June 15, 2020 5:20:37 PM EDT Martinez, Emerio wrote:
> Hello Josh,
>
> Thank you for the work around on the Windows 10 2004 image. I will try it.
> Yes, Jim would have been a great resource on VCL but he has moved on.
>
> I ran two experiments in creating a base image for CentOS 7.8.2003:
> one experiment updates a CentOS 7.5 reservation to CentOS 7.8 and
> creates an image from it. The other experiment takes a CentOS 7.8 ISO
> and creates a base image from it. On both 7.8 images, a reservation
> request is kicked off and in both cases, the reservation process ends
> up failing at the end where it attempts to create the user local account. See snapshots below.
>
> I am providing the VCL log file: vcld.log.centos78203.txt which
> captures both experiments during the same time frame last Friday, June
> 12th between 3:30PM and 5:00PM PST. See attached file. To identify the
> experiments, look for the VM: vclvm0011206_4x10 using private and public IP addresses:
> 10.69.225.26 and 137.151.225.26 for the "install" experiment. And,
> look for the VMs: vclvm010627 (using 10.69.225.27 and
> 137.151.225.27)and
> vclvm011232_4x10 (using 10.69.225.52 and 137.151.225.52) for the "update"
> experiment. The first VM was used for the initial CentOS 7.5
> reservation and the later VM was the result of updating to CentOS 7.8.
>
> I was able to verify that the shadow-utils rpm was installed in both
> cases
> (experiments) so the useradd command exists. I think the issue is with
> the IPTables. I found a relevant and similar warning message in the
> system log
> (messages) across both experiment VM's. Have attached messages and
> IPTables files for both.
>
> Jun 12 16:48:40 vclvm011232 firewalld[655]: WARNING: NOT_ENABLED: rule
> '['-m', 'comment', '--comment', 'VCL: jump to rules added during the
> pre-capture stage (2020-06-12 16:35:34)', '-j', 'vcl-pre_capture']' is
> not in 'ipv4:filter:INPUT_direct'
>
> Jun 12 16:55:28 vclvm011206 firewalld[721]: WARNING: NOT_ENABLED: rule
> '['-m', 'comment', '--comment', 'VCL: jump to rules added during the
> pre-capture stage (2020-06-12 16:47:17)', '-j', 'vcl-pre_capture']' is
> not in 'ipv4:filter:INPUT_direct'
>
> Please advise on next steps.
>
> Thanks,
> Emerio
>
> Base CentOS 7.8.2003 Install:
>
> [cid:image002.jpg@01D64320.224AF300]
>
> Base CentOS 7.8.2003 Update:
>
> [cid:image004.jpg@01D64320.224AF300]
>
>
>
>
>
>
> -----Original Message-----
> From: Josh Thompson <jo...@ncsu.edu>
> Sent: Friday, June 12, 2020 12:51 PM
> To: Martinez, Emerio <em...@Fullerton.edu>
> Cc: user@vcl.apache.org; Elbettar, Bill <be...@fullerton.edu>;
> Yang, Charles <cy...@fullerton.edu> Subject: [External] Re: Creation
> of Base OS Images - Windows 10, CentOS 7 and Ubuntu 20 in VCL
>
>
>
> Hash: SHA1
>
>
>
> Hi Emerio,
>
>
>
> I found a temporary solution that will at least allow you to move
> forward with the Windows 10 image for now. When selecting the 4
> packages to install from Cygwin that are listed on this page:
>
>
>
> https://cwiki.apache.org/confluence/display/VCL/
>
> Install+and+Configure+Cygwin+SSHD
>
>
>
> there are a number of additional packages that automatically get
> selected for installation when selecting the 4 needed for VCL. One of
> those packages is named 'cygwin'. Before moving on from the screen
> where you select packages, find that cygwin package. For the version
> that is to be installed, select "3.1.4-1" instead of whatever is the
> default (currently, I'm seeing 3.1.5-1).
>
> Apparently, something changed between 3.1.4-1 and 3.1.5-1 that is
> causing the problem. After making that change and finishing the
> Cygwin configuration, I was able to successfully capture an image.
>
>
>
> Josh
>
> On Thursday, June 11, 2020 5:27:57 PM EDT Josh Thompson wrote:
> > Hi Emerio,
> >
> >
> >
> > It's good to hear from someone at Fullerton! I don't know if Jim
> >
> > O'Dell is still around there somewhere, but he's actually a
> > committer
> >
> > on the VCL project here at Apache.
> >
> >
> >
> > Unfortunately, we have a mix of some installation information being
> >
> > out of date and some being more accurate. The page on installing
> > and
> >
> > configuring Cygwin has recently been updated and is what I followed
> > to
> >
> > test things out below.
> >
> >
> >
> > For Windows 10 2004, there was a problem with the
> >
> > cygwin-sshd-config.sh script related to how it was detecting the
> > name of the sshd service name.
> >
> > I've updated the script. However, I'm still seeing the same error
> > you
> >
> > were referring to when it tries to create VCL folder under the
> > Cygwin
> >
> > root home
> >
> > directory:
> >
> >
> >
> > The filename, directory name, or volume label syntax is incorrect.
> >
> >
> >
> > I'm still looking in to this one.
> >
> >
> >
> > For CentOS 7.8.2003 (I couldn't find anything about .2004), I was
> > able
> >
> > to create and reserve a new image successfully. Given that it is
> >
> > failing when trying to create the user account, make sure the
> > useradd
> >
> > command is installed. I'm seeing that is is part of the shadow-utils
> >
> > package. If useradd is installed, can you provide part of the
> >
> > vcld.log file where it is trying to add the user and failing?
> >
> >
> >
> > For Ubuntu 20, see if the information Mike provided in this email helps:
> >
> >
> >
> > https://mail-archives.apache.org/mod_mbox/vcl-user/202005.mbox/
> >
> > %3CCANdMdR0q8t7B19MiHcnZCa7vJsRNwYsMrForC68u-vGFbSYthQ%40mail.gmail.
> > co
> >
> > m%3E
> >
> >
> >
> > I know it's related to Ubuntu 18, but it may work for 20 as well.
> >
> >
> >
> > Josh
> >
> > On Wednesday, June 10, 2020 1:14:23 PM EDT Martinez, Emerio wrote:
> > > Hello,
> > >
> > >
> > >
> > > My co-worker and I are running into issues in creating base OS
> > >
> > > images for Windows 10 2004, CentOS 7.8.2004 and Ubuntu 20.04 LTS
> > > on
> > >
> > > VCL 2.5. Part of the challenge is that we are new to this process
> > >
> > > and the procedures that we found on cwiki.apache.org are old and
> > > in
> > >
> > > some parts, the steps don't provide enough detail.
> > >
> > >
> > >
> > > My first question, do you have updated procedures for the three
> > > base
> > >
> > > images that we are trying to create?
> > >
> > >
> > >
> > > If not, here are the issues that we are experiencing and could use
> > >
> > > your technical guidance.
> > >
> > >
> > >
> > > On Windows 10 2004, able get to the "vcld -setup" stage of the
> > >
> > > process but from the vcld logs, it is failing on the creation of a
> > >
> > > VCL folder under the Cygwin root home directory. I am using Cygwin
> > >
> > > setup version 2.904 (64 bit).
> > >
> > >
> > >
> > > On the CentOS 7.8.2004, able to complete the "vcld -setup" stage
> > > and
> > >
> > > can submit a reservation request but it fails. From the vcld logs,
> > >
> > > the reservation is failing when it attempts to create the user
> > > login
> > >
> > > account on the VM.
> > >
> > >
> > >
> > > On the Ubuntu 20.04 LTS, my co-worker is at the OS finished
> > >
> > > installing on the VM stage and would like to know the next steps.
> > >
> > >
> > >
> > > Thank you.
> > >
> > > Emerio
> >
> > --
> >
> > -------------------------------
> >
> > Josh Thompson
> >
> > VCL Developer
> >
> > North Carolina State University
> >
> >
> >
> > my GPG/PGP key can be found on pool.sks-keyservers.net
> >
> >
> >
> > All electronic mail messages in connection with State business which
> >
> > are sent to or received by this account are subject to the NC Public
> >
> > Records Law and may be disclosed to third parties.
>
> --
>
> -------------------------------
>
> Josh Thompson
>
> VCL Developer
>
> North Carolina State University
>
>
>
> my GPG/PGP key can be found on pool.sks-keyservers.net
>
>
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found on pool.sks-keyservers.net
All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQRMIdRtWXideTZDK31X8tBw1209AwUCXuoo1gAKCRBX8tBw1209
AxCEAJ9qfP4iRteQIDSrP5UTwGt6rhSgvwCdEC9Riv13vKhe+iDJWAuRHJk5c5A=
=uKKc
-----END PGP SIGNATURE-----
Re: [External] Re: Creation of Base OS Images - Windows 10, CentOS 7 and Ubuntu 20 in VCL
Posted by Josh Thompson <jo...@ncsu.edu>.
Hi Emerio,
I'm glad VCL has been helpful to you in dealing with COVID-19.
Yes, I'd be happy to have a look at the vcld log for the Ubuntu 20 image
capture that isn't working. I haven't actually given Ubuntu 20 a try yet.
So, it will be good to see what needs to happen for it to work.
Josh
On Friday, June 19, 2020 11:56:30 AM EDT Martinez, Emerio wrote:
> Hello Josh,
>
> Thank you very much for a solution! And, it does not require a source code
> update to VCL which is a big plus.
>
> Our campus has significantly expanded the use of VCL due to the COVID-19
> situation and your support is greatly appreciated.
>
> We still are having an issue with creating a base image for Ubuntu 20. My
> co-worker, Chuck Yang was working on it. If he provides the VCL log for the
> portion of his image process, would you mind taking a look?
>
> Again, thank you for your help on the other two image issues, Windows 10
> 2004 and CentOS 7.8.2003.
>
> Sincerely,
> Emerio
>
> -----Original Message-----
> From: Josh Thompson <jo...@ncsu.edu>
> Sent: Friday, June 19, 2020 7:41 AM
> To: Martinez, Emerio <em...@Fullerton.edu>
> Cc: user@vcl.apache.org; Elbettar, Bill <be...@fullerton.edu>; Yang,
> Charles <cy...@fullerton.edu> Subject: Re: [External] Re: Creation of Base
> OS Images - Windows 10, CentOS 7 and Ubuntu 20 in VCL
>
> Hi Emerio,
>
> No changes are needed in the VCL code for this. A fix can just be done
> within the image before capturing it. The fix would then be passed along
> to any images created using it as a base.
>
> Create the following file:
>
> /etc/profile.d/allow_numeric_users.sh
>
> with the following content:
>
> export SHADOW_ALLOW_ALL_NUMERIC_USER=1
>
> After creating the above file, I tested this successfully by running the
> following on the management node:
>
> $ ssh testvm1 'useradd -m 55555'
>
> That didn't return any errors, and after logging in to testvm1, I saw that
> the account had been created.
>
> Josh
>
> On Wednesday, June 17, 2020 11:58:31 AM EDT Martinez, Emerio wrote:
> > Hello Josh,
> >
> > Yes, the numeric username is a must have for us. It is the campus
> > identifier for an end user. We use it to manage access and control
> > privileges in our VCL.
> >
> > I was able to find this Redhat KB article which matches the situation
> > and provides a workaround.
> >
> > https://access.redhat.com/solutions/3103631
> >
> > Please note, shadow-utils-4.1.5.1-25 (shipped with Red Hat
>
> Enterprise Linux
>
> > 7.6) does not allow to create all-numeric usernames.
> > shadow-utils- 4.1.5.1-25.el7_6.1 and later (shipped with Red Hat
>
> Enterprise
>
> > Linux 7.6 batch update 3) requires the environment variable
> >
> > SHADOW_ALLOW_ALL_NUMERIC_USER to be set to any value to allow the
>
> useradd
>
> > command to create all-numeric usernames.
> >
> > I verified that the workaround does work.
> >
> > Before:
> >
> > [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> >
> > /home/899926760 -g vcl -u 524 899926760 useradd: invalid user name
> > '899926760'
> >
> > After:
> >
> > [root@vclvm011206_4x10 ~]# echo $SHADOW_ALLOW_ALL_NUMERIC_USER
> >
> > [root@vclvm011206_4x10 ~]# SHADOW_ALLOW_ALL_NUMERIC_USER=anyvalue
> > [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> >
> > /home/899926760 -g vcl -u 524 899926760 useradd: invalid user name
> > '899926760'
> >
> > [root@vclvm011206_4x10 ~]# echo $SHADOW_ALLOW_ALL_NUMERIC_USER
> > anyvalue
> > [root@vclvm011206_4x10 ~]# SHADOW_ALLOW_ALL_NUMERIC_USER=1
> > [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> >
> > /home/899926760 -g vcl -u 524 899926760 useradd: invalid user name
> > '899926760'
> >
> > [root@vclvm011206_4x10 ~]# export SHADOW_ALLOW_ALL_NUMERIC_USER=1
> > [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> >
> > /home/899926760 -g vcl -u 524 899926760 [root@vclvm011206_4x10 ~]# id
> > 899926760
> >
> > uid=524(899926760) gid=1001(vcl) groups=1001(vcl)
> >
> > Would you be able to develop a fix that is incremental (does not
> > require a system wide upgrade) and modularized (code change is
> > contained and not spread out) for this situation? We are using VCL 2.5.
> > Please advise.
> >
> > Thanks,
> > Emerio
> >
> > -----Original Message-----
> > From: Josh Thompson <jo...@ncsu.edu>
> > Sent: Wednesday, June 17, 2020 7:30 AM
> > To: Martinez, Emerio <em...@Fullerton.edu>
> > Cc: user@vcl.apache.org; Elbettar, Bill <be...@fullerton.edu>;
> > Yang, Charles <cy...@fullerton.edu> Subject: [External] Re: Creation
> > of Base OS Images - Windows 10, CentOS 7 and Ubuntu 20 in VCL
>
> --
> -------------------------------
> Josh Thompson
> Systems Programmer
> Virtual Computing Lab (VCL)
> North Carolina State University
>
> Josh_Thompson@ncsu.edu
> 919-515-5323
>
> my GPG/PGP key can be found on pool.sks-keyservers.net
>
> All electronic mail messages in connection with State business which are
> sent to or received by this account are subject to the NC Public Records
> Law and may be disclosed to third parties.
--
-------------------------------
Josh Thompson
Systems Programmer
Virtual Computing Lab (VCL)
North Carolina State University
Josh_Thompson@ncsu.edu
919-515-5323
my GPG/PGP key can be found on pool.sks-keyservers.net
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
RE: [External] Re: Creation of Base OS Images - Windows 10, CentOS 7
and Ubuntu 20 in VCL
Posted by "Martinez, Emerio" <em...@Fullerton.edu>.
Hello Josh,
Thank you very much for a solution! And, it does not require a source code update to VCL which is a big plus.
Our campus has significantly expanded the use of VCL due to the COVID-19 situation and your support is greatly appreciated.
We still are having an issue with creating a base image for Ubuntu 20. My co-worker, Chuck Yang was working on it. If he provides the VCL log for the portion of his image process, would you mind taking a look?
Again, thank you for your help on the other two image issues, Windows 10 2004 and CentOS 7.8.2003.
Sincerely,
Emerio
-----Original Message-----
From: Josh Thompson <jo...@ncsu.edu>
Sent: Friday, June 19, 2020 7:41 AM
To: Martinez, Emerio <em...@Fullerton.edu>
Cc: user@vcl.apache.org; Elbettar, Bill <be...@fullerton.edu>; Yang, Charles <cy...@fullerton.edu>
Subject: Re: [External] Re: Creation of Base OS Images - Windows 10, CentOS 7 and Ubuntu 20 in VCL
Hi Emerio,
No changes are needed in the VCL code for this. A fix can just be done within the image before capturing it. The fix would then be passed along to any images created using it as a base.
Create the following file:
/etc/profile.d/allow_numeric_users.sh
with the following content:
export SHADOW_ALLOW_ALL_NUMERIC_USER=1
After creating the above file, I tested this successfully by running the following on the management node:
$ ssh testvm1 'useradd -m 55555'
That didn't return any errors, and after logging in to testvm1, I saw that the account had been created.
Josh
On Wednesday, June 17, 2020 11:58:31 AM EDT Martinez, Emerio wrote:
> Hello Josh,
>
> Yes, the numeric username is a must have for us. It is the campus
> identifier for an end user. We use it to manage access and control
> privileges in our VCL.
>
> I was able to find this Redhat KB article which matches the situation
> and provides a workaround.
>
> https://access.redhat.com/solutions/3103631
>
> Please note, shadow-utils-4.1.5.1-25 (shipped with Red Hat
Enterprise Linux
> 7.6) does not allow to create all-numeric usernames.
> shadow-utils- 4.1.5.1-25.el7_6.1 and later (shipped with Red Hat
Enterprise
> Linux 7.6 batch update 3) requires the environment variable
> SHADOW_ALLOW_ALL_NUMERIC_USER to be set to any value to allow the
useradd
> command to create all-numeric usernames.
>
> I verified that the workaround does work.
>
> Before:
>
> [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> /home/899926760 -g vcl -u 524 899926760 useradd: invalid user name
> '899926760'
>
> After:
>
> [root@vclvm011206_4x10 ~]# echo $SHADOW_ALLOW_ALL_NUMERIC_USER
>
> [root@vclvm011206_4x10 ~]# SHADOW_ALLOW_ALL_NUMERIC_USER=anyvalue
> [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> /home/899926760 -g vcl -u 524 899926760 useradd: invalid user name
> '899926760'
> [root@vclvm011206_4x10 ~]# echo $SHADOW_ALLOW_ALL_NUMERIC_USER
> anyvalue
> [root@vclvm011206_4x10 ~]# SHADOW_ALLOW_ALL_NUMERIC_USER=1
> [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> /home/899926760 -g vcl -u 524 899926760 useradd: invalid user name
> '899926760'
> [root@vclvm011206_4x10 ~]# export SHADOW_ALLOW_ALL_NUMERIC_USER=1
> [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> /home/899926760 -g vcl -u 524 899926760 [root@vclvm011206_4x10 ~]# id
> 899926760
> uid=524(899926760) gid=1001(vcl) groups=1001(vcl)
>
> Would you be able to develop a fix that is incremental (does not
> require a system wide upgrade) and modularized (code change is
> contained and not spread out) for this situation? We are using VCL 2.5. Please advise.
>
> Thanks,
> Emerio
>
> -----Original Message-----
> From: Josh Thompson <jo...@ncsu.edu>
> Sent: Wednesday, June 17, 2020 7:30 AM
> To: Martinez, Emerio <em...@Fullerton.edu>
> Cc: user@vcl.apache.org; Elbettar, Bill <be...@fullerton.edu>;
> Yang, Charles <cy...@fullerton.edu> Subject: [External] Re: Creation
> of Base OS Images - Windows 10, CentOS 7 and Ubuntu 20 in VCL
--
-------------------------------
Josh Thompson
Systems Programmer
Virtual Computing Lab (VCL)
North Carolina State University
Josh_Thompson@ncsu.edu
919-515-5323
my GPG/PGP key can be found on pool.sks-keyservers.net
All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties.
Re: [External] Re: Creation of Base OS Images - Windows 10, CentOS 7 and Ubuntu 20 in VCL
Posted by Josh Thompson <jo...@ncsu.edu>.
Hi Emerio,
No changes are needed in the VCL code for this. A fix can just be done within
the image before capturing it. The fix would then be passed along to any
images created using it as a base.
Create the following file:
/etc/profile.d/allow_numeric_users.sh
with the following content:
export SHADOW_ALLOW_ALL_NUMERIC_USER=1
After creating the above file, I tested this successfully by running the
following on the management node:
$ ssh testvm1 'useradd -m 55555'
That didn't return any errors, and after logging in to testvm1, I saw that the
account had been created.
Josh
On Wednesday, June 17, 2020 11:58:31 AM EDT Martinez, Emerio wrote:
> Hello Josh,
>
> Yes, the numeric username is a must have for us. It is the campus identifier
> for an end user. We use it to manage access and control privileges in our
> VCL.
>
> I was able to find this Redhat KB article which matches the situation and
> provides a workaround.
>
> https://access.redhat.com/solutions/3103631
>
> Please note, shadow-utils-4.1.5.1-25 (shipped with Red Hat
Enterprise Linux
> 7.6) does not allow to create all-numeric usernames.
> shadow-utils- 4.1.5.1-25.el7_6.1 and later (shipped with Red Hat
Enterprise
> Linux 7.6 batch update 3) requires the environment variable
> SHADOW_ALLOW_ALL_NUMERIC_USER to be set to any value to allow the
useradd
> command to create all-numeric usernames.
>
> I verified that the workaround does work.
>
> Before:
>
> [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> /home/899926760 -g vcl -u 524 899926760 useradd: invalid user name
> '899926760'
>
> After:
>
> [root@vclvm011206_4x10 ~]# echo $SHADOW_ALLOW_ALL_NUMERIC_USER
>
> [root@vclvm011206_4x10 ~]# SHADOW_ALLOW_ALL_NUMERIC_USER=anyvalue
> [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> /home/899926760 -g vcl -u 524 899926760 useradd: invalid user name
> '899926760'
> [root@vclvm011206_4x10 ~]# echo $SHADOW_ALLOW_ALL_NUMERIC_USER
> anyvalue
> [root@vclvm011206_4x10 ~]# SHADOW_ALLOW_ALL_NUMERIC_USER=1
> [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> /home/899926760 -g vcl -u 524 899926760 useradd: invalid user name
> '899926760'
> [root@vclvm011206_4x10 ~]# export SHADOW_ALLOW_ALL_NUMERIC_USER=1
> [root@vclvm011206_4x10 ~]# /usr/sbin/useradd -s /bin/bash -m -d
> /home/899926760 -g vcl -u 524 899926760 [root@vclvm011206_4x10 ~]# id
> 899926760
> uid=524(899926760) gid=1001(vcl) groups=1001(vcl)
>
> Would you be able to develop a fix that is incremental (does not require a
> system wide upgrade) and modularized (code change is contained and not
> spread out) for this situation? We are using VCL 2.5. Please advise.
>
> Thanks,
> Emerio
>
> -----Original Message-----
> From: Josh Thompson <jo...@ncsu.edu>
> Sent: Wednesday, June 17, 2020 7:30 AM
> To: Martinez, Emerio <em...@Fullerton.edu>
> Cc: user@vcl.apache.org; Elbettar, Bill <be...@fullerton.edu>; Yang,
> Charles <cy...@fullerton.edu> Subject: [External] Re: Creation of Base OS
> Images - Windows 10, CentOS 7 and Ubuntu 20 in VCL
--
-------------------------------
Josh Thompson
Systems Programmer
Virtual Computing Lab (VCL)
North Carolina State University
Josh_Thompson@ncsu.edu
919-515-5323
my GPG/PGP key can be found on pool.sks-keyservers.net
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.