[Adduser-devel] Bug#331720: marked as done (adduser: deluser --backup creates world readable file)

Debian Bug Tracking System owner at bugs.debian.org
Sun Oct 23 21:03:32 UTC 2005

Your message dated Sun, 23 Oct 2005 13:47:11 -0700
with message-id <E1ETmkJ-0000nA-00 at spohr.debian.org>
and subject line Bug#331720: fixed in adduser 3.77
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 4 Oct 2005 22:05:22 +0000
>From mgeisler at mgeisler.net Tue Oct 04 15:05:22 2005
Return-path: <mgeisler at mgeisler.net>
Received: from mail11.bluewin.ch [] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1EMuuY-0007Qx-00; Tue, 04 Oct 2005 15:05:22 -0700
Received: from futtelifut.dyndns.org ( by mail11.bluewin.ch (Bluewin 7.2.063)
        id 433ABA2E0014910B for submit at bugs.debian.org; Tue, 4 Oct 2005 22:04:50 +0000
Received: from mg by futtelifut.dyndns.org with local (Exim 4.50)
	id 1EMuth-0003h7-Pb
	for submit at bugs.debian.org; Wed, 05 Oct 2005 00:04:29 +0200
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: adduser: deluser --backup creates world readable file
X-Debbugs-CC: Martin Geisler <mgeisler at mgeisler.net>
Message-Id: <E1EMuth-0003h7-Pb at futtelifut.dyndns.org>
From: Martin Geisler <mgeisler at mgeisler.net>
Date: Wed, 05 Oct 2005 00:04:29 +0200
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: adduser
Version: 3.63
Severity: normal
File: /usr/sbin/deluser

When making a backup with deluser, the resulting file is created like
any other file made by root, and with my umask of 022 it is world

This is bad since then everybody who get hold of it has access to the
old users files if the administrator does not take care to store the
backup in some safe place.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages adduser depends on:
ii  debconf               Debian configuration management sy
ii  passwd                  1:4.0.3-31sarge5 change and administer password and
ii  perl-base               5.8.4-8          The Pathologically Eclectic Rubbis

-- debconf information:
* adduser/homedir-permission: true

Received: (at 331720-close) by bugs.debian.org; 23 Oct 2005 20:49:48 +0000
>From katie at spohr.debian.org Sun Oct 23 13:49:48 2005
Return-path: <katie at spohr.debian.org>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
	id 1ETmkJ-0000nA-00; Sun, 23 Oct 2005 13:47:11 -0700
From: Marc Haber <mh+debian-packages at zugschlus.de>
To: 331720-close at bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#331720: fixed in adduser 3.77
Message-Id: <E1ETmkJ-0000nA-00 at spohr.debian.org>
Sender: Archive Administrator <katie at spohr.debian.org>
Date: Sun, 23 Oct 2005 13:47:11 -0700
Delivered-To: 331720-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: adduser
Source-Version: 3.77

We believe that the bug you reported is fixed in the latest version of
adduser, which is due to be installed in the Debian FTP archive:

  to pool/main/a/adduser/adduser_3.77.dsc
  to pool/main/a/adduser/adduser_3.77.tar.gz
  to pool/main/a/adduser/adduser_3.77_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 331720 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Marc Haber <mh+debian-packages at zugschlus.de> (supplier of updated adduser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)

Hash: SHA1

Format: 1.7
Date: Sun, 23 Oct 2005 18:41:21 +0000
Source: adduser
Binary: adduser
Architecture: source all
Version: 3.77
Distribution: unstable
Urgency: low
Maintainer: Debian Adduser Developers <adduser-devel at lists.alioth.debian.org>
Changed-By: Marc Haber <mh+debian-packages at zugschlus.de>
 adduser    - Add and remove users and groups
Closes: 331720
 adduser (3.77) unstable; urgency=low
   [ Marc Haber ]
   * call make -C po update clean in debian/rules clean.
     Thanks to Eduard Bloch. (mh)
   * invoke debconf-updatepo and po4a in clean target.
     Thanks to Thomas Huriaux. (mh)
   [ Joerg Hoh ]
   * fixed bug in deluser which made not specified parameters valid
   * backup files for users have a mask of 600 and ownership is set to root
     only (Closes: #331720)
 9f203c4f5345d3f32a600bffda89d15b 643 admin important adduser_3.77.dsc
 aab3fd55351135469eba93b4f3c04292 151416 admin important adduser_3.77.tar.gz
 0f402bca822ad859a6913156141e4647 81740 admin important adduser_3.77_all.deb

Version: GnuPG v1.4.2 (GNU/Linux)


More information about the Adduser-devel mailing list