Bug#316271: [Pkg-nagios-devel] Bug#316271: nagios install fails "chage: can't open shadow password fileadduser"

Christian Perrier Christian Perrier <bubulle@debian.org>, 316271@bugs.debian.org
Thu, 30 Jun 2005 07:21:19 +0200

Quoting sean finney (seanius@debian.org):

> i can't be certain without reinstalling some system with an official
> sarge installer (i suppose i could deboostrap+base-config, but i still
> wouldn't be 100% certain), but i'm fairly certain shadow passwords
> are the default these days.  looking in the debconf templates for
> the shadow package included in the installer iso, i see the default
> for the shadow question in true though...
> i'll cc this to debian-boot to see if someone could verify this.

Well, the shadow maintainer could have better confirmed also but it
happens he reads -boot as well..:-)

Yes, the default is to install the system with shadow passwords. Both
when passwd is configured from base-config (thus in d-i) AND when it
is configured alone.

> > > so in your opinion, should this bug be closed or should i reorganize
> > > this bug as "nagios does not work on systems without shadow passwords"?
> > 
> > in my opinion you should reorganize it because there definitely was a problem on the system
> > without shadow passwords and because i think that the debian installer -
> > at least some versions of it - were not asking if they should be enabled
> > when setting up passwd.  so it is possible that a good number of systems
> > do not have shadow passwords enabled and could run into this same

This is not true. Default installs skip the question about shadow
passwords because the debconf priority is high whie the question has a
low priority.

But, in that case, the default settings are used and the answer to the
shadow passwords question is "True".

So, systems *without* shadow passwords should be very rare, at least
for sarge or above systems installed from scrtach. The only case where
shadow passwords may be disabled are:

-really really really old Debian systems (I haven't been able to find
 when the default was switch to shadow passwords but it probably older
 than potato and certainyl far older)

-systems where the admin deliberately chooses to NOT use shadow
 passwords by doing "dpkg-reconfigure passwd" and answer "False" to
 the question

-systems installed with d-i in "expert" mode where the admin also did
choose to deliberately answer "False" to that question

So all cases are very rare.

> > problem.  or maybe you could close it and just have the installer do a
> > quick test to see if shadow is enabled and then warn about it?
> in any case i think not installing for systems w/o shadow passwords is a bug,

Depends. In some cases (such as old NIS setups, IIRC), this may be needed.