Ernst Kloppenburg
2004-Sep-15 14:38 UTC
[Adduser-devel] Bug#271829: adduser deleted _all_ files on my disk from a ''dpkg --purge command''
Package: adduser Version: 3.53 Severity: important Hello, recently _all_ files on my disk were deleted by issuing a ''dpkg --purge command''. A few days ago I did ''dpkg --purge amavisd-new''. The package had already been deinstalled a long time ago (it was the version 20021227p2-5). Now I also wanted to get rid of the remaining config files. Instead I ended up with _all_ files on _all_ mounted partitions deleted, except symlinks. I now found out the reason: the postrm script calls ''deluser --remove-home amavis''. And the home directory of the amavis user was set to ''/'' in /etc/passwd on my system, I do not know why. My conclusion would be that either - deluser should check that ''home'' is reasonable or - deluser should always be called with the ''--home'' option in package removal scripts Therefore this bug maybe does not refer to the package but to policy. E. Kloppenburg -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, ''unstable''), (500, ''testing'') Architecture: i386 (i686) Kernel: Linux 2.6.5-1-k7 Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro Versions of packages adduser depends on: ii debconf 1.4.25 Debian configuration management sy ii passwd 1:4.0.3-28.3 Change and administer password and ii perl-base 5.8.4-2 The Pathologically Eclectic Rubbis -- debconf information excluded
Marc Haber
2004-Sep-15 16:04 UTC
Bug#271829: [Adduser-devel] Bug#271829: adduser deleted _all_ files on my disk from a ''dpkg --purge command''
severity #271829 wishlist thanks On Wed, Sep 15, 2004 at 04:38:20PM +0200, Ernst Kloppenburg wrote:> recently _all_ files on my disk were deleted by issuing a ''dpkg > --purge command''. > > A few days ago I did ''dpkg --purge amavisd-new''. The package had > already been deinstalled a long time ago (it was the version > 20021227p2-5). Now I also wanted to get rid of the remaining config > files. > > Instead I ended up with _all_ files on _all_ mounted partitions > deleted, except symlinks. > > I now found out the reason: the postrm script calls ''deluser > --remove-home amavis''. And the home directory of the amavis user was set to > ''/'' in /etc/passwd on my system, I do not know why.This is probably an issue with the amavis-package.> My conclusion would be that either > - deluser should check that ''home'' is reasonableDefine "reasonable".> or > - deluser should always be called with the ''--home'' option in package > removal scriptsThat is an issue with other packages. Or do you suggest that adduser won''t remove any home dir without --home being explicitly given? What exactly is the fix you''re suggesting without breaking existing packages? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things." Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29
Debian Bug Tracking System
2004-Sep-15 16:18 UTC
Processed: Re: [Adduser-devel] Bug#271829: adduser deleted _all_ files on my disk from a ''dpkg --purge command''
Processing commands for control@bugs.debian.org:> severity #271829 wishlistBug#271829: adduser deleted _all_ files on my disk from a ''dpkg --purge command'' Severity set to `wishlist''.> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Ernst Kloppenburg
2004-Sep-15 21:12 UTC
Bug#271829: [Adduser-devel] Bug#271829: adduser deleted _all_ files on my disk from a ''dpkg --purge command''
On Wed, Sep 15, 2004 at 18:04:40 +0200, Marc Haber wrote:> > On Wed, Sep 15, 2004 at 04:38:20PM +0200, Ernst Kloppenburg wrote: > >[...]> > My conclusion would be that either > > - deluser should check that ''home'' is reasonable > > Define "reasonable". >I suggest that deluser refuses to ''rm -rf /'' which is definitely not reasonable. If somebody types ''rm -rf /'' himself, he made a decision. But with adduser this can happen by accident. This risk is not neglectable and not limited to my amavis-experience. For example, on my current sarge/sid system the command ''deluser --remove-home telnetd'' would again delete everything. And I definitely did not change the telnetd home in passwd myself. Therefore I do think something needs to be done about this to take this risk out of debian. And I also think this is more important than ''severity wishlist''.> > or > > - deluser should always be called with the ''--home'' option in package > > removal scripts > > That is an issue with other packages. Or do you suggest that adduser > won''t remove any home dir without --home being explicitly given? > > What exactly is the fix you''re suggesting without breaking existing > packages?I tried to suggest an alternative fix in case changing adduser would not be considered. This fix would be to require package scripts not to use ''deluser'' without specifying ''--home''. This suggestion of course does not apply to adduser, but to the packaging policies. But making deluser itself refuse to delete ''/'' would of course be much easier and more effective. Ernst -- Ernst Kloppenburg Stuttgart, Germany
Marc Haber
2005-Feb-05 15:00 UTC
[Adduser-devel] Bug#271829: adduser deleted _all_ files on my disk from a ''dpkg --purge command''
On Wed, Sep 15, 2004 at 04:38:20PM +0200, Ernst Kloppenburg wrote:> My conclusion would be that either > - deluser should check that ''home'' is reasonable > or > - deluser should always be called with the ''--home'' option in package > removal scriptsDeluser now has a list of important directories where no deletion takes place even if --remove-home was set. The corresponding package will be in experimental after next dinstall run. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Debian Bug Tracking System
2005-May-06 12:33 UTC
[Adduser-devel] Bug#271829: marked as done (adduser deleted _all_ files on my disk from a ''dpkg --purge command'')
Your message dated Fri, 6 May 2005 14:21:10 +0200 with message-id <20050506122110.GA17295@lefler.int.l21.ma.zugschlus.de> and subject line Closing bugs has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 15 Sep 2004 14:38:26 +0000>From ernst.kloppenburg@gmx.de Wed Sep 15 07:38:26 2004Return-path: <ernst.kloppenburg@gmx.de> Received: from mail.gmx.de (mail.gmx.net) [213.165.64.20] by spohr.debian.org with smtp (Exim 3.35 1 (Debian)) id 1C7avR-00083T-00; Wed, 15 Sep 2004 07:38:25 -0700 Received: (qmail 12464 invoked by uid 65534); 15 Sep 2004 14:37:53 -0000 Received: from host-212-9-163-74.dial.netic.de (EHLO rechner4) (212.9.163.74) by mail.gmx.net (mp004) with SMTP; 15 Sep 2004 16:37:53 +0200 X-Authenticated: #1154334 Received: from ernst by rechner4 with local (Exim 3.36 #1 (Debian)) id 1C7avM-0001PZ-00; Wed, 15 Sep 2004 16:38:20 +0200 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Ernst Kloppenburg <ernst.kloppenburg@gmx.de> To: Debian Bug Tracking System <submit@bugs.debian.org> Subject: adduser deleted _all_ files on my disk from a ''dpkg --purge command'' X-Mailer: reportbug 2.60 Date: Wed, 15 Sep 2004 16:38:20 +0200 Message-Id: <E1C7avM-0001PZ-00@rechner4> Sender: Ernst Kloppenburg <ernst@rechner4.zuhause.de> Delivered-To: submit@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: adduser Version: 3.53 Severity: important Hello, recently _all_ files on my disk were deleted by issuing a ''dpkg --purge command''. A few days ago I did ''dpkg --purge amavisd-new''. The package had already been deinstalled a long time ago (it was the version 20021227p2-5). Now I also wanted to get rid of the remaining config files. Instead I ended up with _all_ files on _all_ mounted partitions deleted, except symlinks. I now found out the reason: the postrm script calls ''deluser --remove-home amavis''. And the home directory of the amavis user was set to ''/'' in /etc/passwd on my system, I do not know why. My conclusion would be that either - deluser should check that ''home'' is reasonable or - deluser should always be called with the ''--home'' option in package removal scripts Therefore this bug maybe does not refer to the package but to policy. E. Kloppenburg -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, ''unstable''), (500, ''testing'') Architecture: i386 (i686) Kernel: Linux 2.6.5-1-k7 Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro Versions of packages adduser depends on: ii debconf 1.4.25 Debian configuration management sy ii passwd 1:4.0.3-28.3 Change and administer password and ii perl-base 5.8.4-2 The Pathologically Eclectic Rubbis -- debconf information excluded --------------------------------------- Received: (at 271829-done) by bugs.debian.org; 6 May 2005 12:22:10 +0000>From mh+debian-packages@zugschlus.de Fri May 06 05:22:10 2005Return-path: <mh+debian-packages@zugschlus.de> Received: from 5301d.unt0.torres.l21.ma.zugschlus.de (torres.int.l21.ma.zugschlus.de) [217.151.83.1] (Debian-exim) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DU1qM-0003FP-00; Fri, 06 May 2005 05:22:10 -0700 Received: from lefler.int.l21.ma.zugschlus.de ([192.168.130.38]) by torres.int.l21.ma.zugschlus.de with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1DU1pQ-0002Pk-2p; Fri, 06 May 2005 14:21:12 +0200 Received: from mh by lefler.int.l21.ma.zugschlus.de with local (Exim 4.50) id 1DU1pP-0004fU-0I; Fri, 06 May 2005 14:21:11 +0200 Date: Fri, 6 May 2005 14:21:10 +0200 From: Marc Haber <mh+debian-packages@zugschlus.de> To: 293559-done@bugs.debian.org, 283110-done@bugs.debian.org, 287535-done@bugs.debian.org, 268841-done@bugs.debian.org, 268837-done@bugs.debian.org, 286227-done@bugs.debian.org, 268402-done@bugs.debian.org, 278937-done@bugs.debian.org, 270266-done@bugs.debian.org, 279659-done@bugs.debian.org, 273010-done@bugs.debian.org, 271142-done@bugs.debian.org, 271829-done@bugs.debian.org, 231809-done@bugs.debian.org Cc: Marc Haber <mh+debian-packages@zugschlus.de> Subject: Closing bugs Message-ID: <20050506122110.GA17295@lefler.int.l21.ma.zugschlus.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i Delivered-To: 271829-done@bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 7 These bugs have been tagged as fixed-in-experimental, and are now being closed completely. That should have happened long ago. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835