[Adduser-devel] Bug#152195: passwd: useradd lists home directory in
/etc/passwd even when it doesn't create it.
Jeroen van Wolffelaar
jeroen at wolffelaar.nl
Tue May 1 14:14:50 UTC 2007
On Fri, Mar 26, 2004 at 06:25:12PM +0100, Marc Haber wrote:
> On Fri, Mar 26, 2004 at 09:57:51AM -0500, Bob Hilliard wrote:
> > It is ridiculous
> > to require /etc/passwd to carry false information.
>
> But it is dictated by the robustness principle that one should not
> provoke such scripts to cause potentially deadly harm.
Ack here.
> > User ids that are
> > not intended to be login accounts should not require a home
> > directory. That is why adduser has the --no-create-home option.
>
> You're right. What risk do we introduce by pointing the home directory
> to a non-existing directory whosen name is built from the account name?
Well, this issue caught me by surprise after an sarge->etch upgrade,
because of suddenly existing pointers in /etc/passwd to /home, which is
speficially differently managed here (with subdirs). Also, in shared
filesystem situations, the directory could be created by some other
node, or it could already exist, even -- nothing says that a /home/foo
can only exist iff a user named 'foo' exists, that's up to the system
admin.
I suggest making it /var/lib/non-existant or some other specific
directory name which should not exist, and which *is* in a subdir
managed by Debian packages.
--Jeroen
--
Jeroen van Wolffelaar
Jeroen at wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
More information about the Adduser-devel
mailing list