Bug#271829: [Adduser-devel] Bug#271829: adduser deleted _all_ files on my disk from a 'dpkg --purge command'
Ernst Kloppenburg <email@example.com>, firstname.lastname@example.org
Wed, 15 Sep 2004 23:12:16 +0200
On Wed, Sep 15, 2004 at 18:04:40 +0200, Marc Haber wrote:
> On Wed, Sep 15, 2004 at 04:38:20PM +0200, Ernst Kloppenburg wrote:
> > My conclusion would be that either
> > - deluser should check that 'home' is reasonable
> Define "reasonable".
I suggest that deluser refuses to 'rm -rf /' which is
definitely not reasonable.
If somebody types 'rm -rf /' himself, he made a decision. But with
adduser this can happen by accident. This risk is not neglectable and
not limited to my amavis-experience. For example, on my current
sarge/sid system the command 'deluser --remove-home telnetd' would
again delete everything. And I definitely did not change the telnetd
home in passwd myself.
Therefore I do think something needs to be done about this to take
this risk out of debian.
And I also think this is more important than 'severity wishlist'.
> > or
> > - deluser should always be called with the '--home' option in package
> > removal scripts
> That is an issue with other packages. Or do you suggest that adduser
> won't remove any home dir without --home being explicitly given?
> What exactly is the fix you're suggesting without breaking existing
I tried to suggest an alternative fix in case changing adduser would
not be considered.
This fix would be to require package scripts not to use 'deluser' without
specifying '--home'. This suggestion of course does not apply to
adduser, but to the packaging policies.
But making deluser itself refuse to delete '/' would of course be much
easier and more effective.