Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix sudo command failed because root user password expired by password hardening feature issue. #215

Merged
merged 1 commit into from
Feb 13, 2025
Merged

Fix sudo command failed because root user password expired by password hardening feature issue. #215

merged 1 commit into from
Feb 13, 2025

Conversation

liuh-80
Copy link
Contributor

@liuh-80 liuh-80 commented Feb 7, 2025

Fix sudo command failed because root user password expired by password hardening feature issue.

Why I did it

some sudo command failed after enable password hardening feature:

admin@vlab-01:~$ sudo config reload -y
sudo: Account or password is expired, reset your password and try again
Changing password for root.
Current password:

This is because:

  1. root user password change time is image build time.
  2. password hardening feature will set expiration time smaller than 1 year, in sonic-mgmt test it's 100 days.
  3. some SONiC command will run another commands, those sub-commands will run with root user.
  4. any command run by 'root' user will be blocked and ask update password.
  5. SONiC diabled the 'root' user, this user not have password, also can't login with SSH/Console, which means when ask change password by the sudo command, there is no way to provide the 'current' password user will be blocked there.

The only solution is to run 'sudo passwd root' command, this command will not ask current password, so user can set a new root password.

Work item tracking
  • Microsoft ADO: 31221102

How I did it

Remove the 'root' user expiration code.

How to verify it

Manually verified.
Pass all test case.

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211
  • 202305

Tested branch (Please provide the tested image version)

will updated with this PR image later.

  • [] SONiC.master-16482.360728-2c8b4066f

Description for the changelog

Fix hostcfgd modify_single_file method generates empty file issue

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@mssonicbld
Copy link

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@liuh-80
Copy link
Contributor Author

liuh-80 commented Feb 7, 2025

@davidpil2002 , can you review this PR?

@liuh-80 liuh-80 requested a review from qiluo-msft February 7, 2025 06:07
@davidpil2002
Copy link
Contributor

I'm sorry for the delay, Im reviewing if this modification is good enough.
BTW did you test this solution in regression?

davidpil2002
davidpil2002 approved these changes Feb 12, 2025
View reviewed changes
Copy link
Contributor

@davidpil2002 davidpil2002 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I double check and yes root user have no password, so no need for expiring.

@qiluo-msft qiluo-msft merged commit d925457 into sonic-net:master Feb 13, 2025
5 checks passed
@mssonicbld mssonicbld mentioned this pull request Feb 14, 2025
Merged
9 tasks
@mssonicbld
Copy link

Cherry-pick PR to 202411: #220

@mssonicbld mssonicbld mentioned this pull request Feb 14, 2025
Merged
9 tasks
@mssonicbld
Copy link

Cherry-pick PR to 202405: #221

@StormLiangMS
Copy link

hi @liuh-80 what's the issue if we don't port back this to 202305?

@liuh-80
Copy link
Contributor Author

liuh-80 commented Feb 24, 2025

hi @liuh-80 what's the issue if we don't port back this to 202305?

The only issue is this bug does not fix on 202305.
The test case already ignored on 202305 so there will no more nightly test failure.
Also, the feature does not enable, so will no impact.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qiluo-msft qiluo-msft qiluo-msft approved these changes

@davidpil2002 davidpil2002 davidpil2002 approved these changes

@yxieca yxieca Awaiting requested review from yxieca

@kperumalbfn kperumalbfn Awaiting requested review from kperumalbfn

@bingwang-ms bingwang-ms Awaiting requested review from bingwang-ms

Assignees
No one assigned
Labels
Approved for 202405 Branch Approved for 202411 Branch Included in 202405 Branch Included in 202411 Branch Request for 202305 Branch Request for 202311 Branch Request for 202405 Branch Request for 202411 Branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@liuh-80 @mssonicbld @davidpil2002 @StormLiangMS @qiluo-msft @kperumalbfn @bingwang-ms