Bug#1030262: gnome-control-center: User deleted via "gnome-control-center user-accounts" can still login
Simon McVittie
smcv at debian.org
Wed Feb 1 21:07:09 GMT 2023
Control: reassign -1 gnome-control-center,accountsservice
Control: found -1 gnome-control-center 1:43.2-2
Control: found -1 accountsservice 22.08.8-1
(Quoting full bug report for accountsservice maintainers)
On Wed, 01 Feb 2023 at 20:56:08 +0200, Timo Lindfors wrote:
> Steps to reproduce:
> 1) Run "gnome-control-center user-accounts"
> 2) Click "Unlock..."
> 3) Enter root password
> 4) Click "Add User..."
> 5) Enter "demo2" as Name and Username and click "Add".
> 6) Click "Remove User..."
> 7) Click "Delete" when prompted.
> 8) Logout
> 9) Select "Not listed?" and login as "demo2". Set the new password when prompted.
> 10) Hit the GUI key and type terminal, right click to access terminal preferences
> 11) Set the custom command in Unnamed/Command to /bin/bash
> 12) Start terminal
>
> Expected results:
> 9) Login fails since the user has been deleted
>
> Actual results:
> 9) Login succeeds even though the user was deleted from the UI.
>
> More info:
>
> This issue is particularly scary since both the settings application
> and the login screen do not show the user after it has been
> deleted. This gives the user the impression that the deletion actually
> succeeded.
The prompt for "Remove User..." says "Are you sure you want to revoke
remotely managed demo2's account?" which is unexpected: I didn't create
this as a remotely managed user, I created it as a local user. This might
indicate that gnome-control-center has got confused about the correct way
to delete the account.
Another clue that the wrong thing is happening is that I wasn't prompted
for whether to delete the user's home directory and mail spool.
Looking briefly at the gnome-control-center code, I think this indicates
that act_user_is_local_account() is returning false, so instead of deleting
a local user, gnome-control-center is telling accountsservice to
"uncache" a remotely-managed (enterprise) user? I don't know what practical
effect that has, but it doesn't sound like a true "delete" operation?
This seems like at least partially an accountsservice bug: I would have
expected that it would reject attempts to do enterprise-single-signon
operations on a local Unix user.
smcv
More information about the Pkg-freedesktop-maintainers
mailing list