GNOME Bugzilla – Bug 701514
Able to total block the system by deleteing the gdm-manager user
Last modified: 2013-07-15 10:47:44 UTC
User can notice that under some circumstances he can delete the gdm-manager user, leading total system block, reinstall necessary. Steps : 1. Boot system 2. Go to settings - user settings and add another user 3. Make sure he is enabled and has a password 4. Unlock with Root password and select the "-" sign to delete it 5. At dialogue box if to delete files or keep them, do nothing 6. Press on username - and select switch user 7. Log in as the second user 8. After log in as the second user, select switch user 9. Log in as the first user 10. Notice the dialogue box that ask you to keep the files of the user, select keep 11. Receive error that user is logged in 12. Keep the error and notice in the foreground the gdm-manager user 13. Select gdm-manager daemon user and press "-" and select keep files 14. Observe the user has been deleted 15. Try to restart the computer, observe you can't 16. Hard reset with power button, observe system cannot recover anymore Expected outcome User cannot delete the gdm-manager user and should not see it in the user list Actual outcome User can delete the gdm-manager user and can see it in the list
That the gdm user appears in the list is clearly a bug. It is a bug in the accountsservice, but it should already be fixed in git (we added the gdm user to the blacklist). The fact that you can remove the gdm user if you have administrator privileges is not a bug, I'd say.
http://cgit.freedesktop.org/accountsservice/commit/?id=b09603c5ea4d57bde623521626a0da4da96f2759
The bug is still present with accountsservice 0.6.34 on fedora 19 A new user in accounts service path /org/freedesktop/Accounts/User102 (gdm) is created but gdm seems not in username_in_exclude_list from libaccountsservice
Created attachment 247737 [details] [review] 0001-user-accounts-Don-t-threat-system-account-once-added.patch Hi, Are you sure this bug should be closed, because I tested gnome-control-center HEAD along accountsservices-0.6.34 and the bug Is still present ... So I thought that filtering system accounts will be safer to prevent this bug and probably others ... Regards
Created attachment 247741 [details] [review] 0001-user-accounts-Don-t-threat-system-account-once-added.patch Sorry This is 0001-user-accounts-Don-t-threat-system-account-once-added.patch And I tested with gnome-control-center gnome-3-8 branch
Review of attachment 247741 [details] [review]: The approach appears to be fine, but please could you improve the commit message and coding style? ::: panels/user-accounts/um-user-panel.c @@ +151,3 @@ + if ( act_user_is_system_account( user ) ) { + return ; The spacing here is not consistent with the rest of the code and includes a trailing space.
Created attachment 248870 [details] [review] 0001-user-accounts-do-not-display-system-type-accounts.patch Thanks, good to know accountsservices is "fine" the way it is and this could be done that way in g-c-c... (Else it looked a bit complicated) Btw, I suppose the reference document is : https://wiki.gnome.org/GTK+/BestPractices#Coding_Style Regards
Attachment 248870 [details] pushed to master and gnome-3-8 with an updated commit message.