Jeroen van Wolffelaar
2007-May-01 14:21 UTC
Bug#152195: passwd: useradd lists home directory in /etc/passwd even when it doesn''t create it.
On Fri, Mar 26, 2004 at 06:25:12PM +0100, Marc Haber wrote:> On Fri, Mar 26, 2004 at 09:57:51AM -0500, Bob Hilliard wrote: > > It is ridiculous > > to require /etc/passwd to carry false information. > > But it is dictated by the robustness principle that one should not > provoke such scripts to cause potentially deadly harm.Ack here.> > User ids that are > > not intended to be login accounts should not require a home > > directory. That is why adduser has the --no-create-home option. > > You''re right. What risk do we introduce by pointing the home directory > to a non-existing directory whosen name is built from the account name?Well, this issue caught me by surprise after an sarge->etch upgrade, because of suddenly existing pointers in /etc/passwd to /home, which is speficially differently managed here (with subdirs). Also, in shared filesystem situations, the directory could be created by some other node, or it could already exist, even -- nothing says that a /home/foo can only exist iff a user named ''foo'' exists, that''s up to the system admin. I suggest making it /var/lib/non-existant or some other specific directory name which should not exist, and which *is* in a subdir managed by Debian packages. --Jeroen -- Jeroen van Wolffelaar Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl