[Adduser-devel] Bug#152195: passwd: useradd lists home directory in /etc/passwd even when it doesn't create it.

Jeroen van Wolffelaar jeroen at wolffelaar.nl
Tue May 1 14:14:50 UTC 2007

On Fri, Mar 26, 2004 at 06:25:12PM +0100, Marc Haber wrote:
> On Fri, Mar 26, 2004 at 09:57:51AM -0500, Bob Hilliard wrote:
> > It is ridiculous
> > to require /etc/passwd to carry false information.
> But it is dictated by the robustness principle that one should not
> provoke such scripts to cause potentially deadly harm.

Ack here.

> > User ids that are
> > not intended to be login accounts should not require a home
> > directory.  That is why adduser has the --no-create-home option.
> You're right. What risk do we introduce by pointing the home directory
> to a non-existing directory whosen name is built from the account name?

Well, this issue caught me by surprise after an sarge->etch upgrade,
because of suddenly existing pointers in /etc/passwd to /home, which is
speficially differently managed here (with subdirs). Also, in shared
filesystem situations, the directory could be created by some other
node, or it could already exist, even -- nothing says that a /home/foo
can only exist iff a user named 'foo' exists, that's up to the system

I suggest making it /var/lib/non-existant or some other specific
directory name which should not exist, and which *is* in a subdir
managed by Debian packages.


Jeroen van Wolffelaar
Jeroen at wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)

More information about the Adduser-devel mailing list