Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#78690 - [shadow] enable footgun protection for userdel -r
Attached to Project:
Arch Linux
Opened by Henry Francisco (fuhd) - Friday, 02 June 2023, 21:30 GMT
Last edited by David Runge (dvzrv) - Sunday, 17 September 2023, 22:02 GMT
Opened by Henry Francisco (fuhd) - Friday, 02 June 2023, 21:30 GMT
Last edited by David Runge (dvzrv) - Sunday, 17 September 2023, 22:02 GMT
|
DetailsDescription: I know this is hilarious, embarrassing and I deserve the Darwin Awards, however it's dangerous for userdel -r to not do sanity check on home address of the user, especially when it's a system user (uid < 1000).
Currently system users for services is automatically created on install through /usr/share/libalpm/hooks/20-systemd-sysusers.hook (shipped with systemd). It invokes systemd-sysusers (systemd utility), which by default sets the home directory of the new user to / if not provided (https://man.archlinux.org/man/sysusers.d.5) The bundled /usr/lib/sysusers.d/libvirt.conf with libvirt (generated in PKGBUILD) does not specify the home path for this user. Therefore its home in /etc/passwd would be / When I executed userdel -r libvirt-qemu, the commands doesn't exit for a few seconds. Then it exit with errors complaining resource is busy for /. Then I realise that all the files in my /home/user is gone except for ~/Desktop. The rest of file system seems intact, I don't understand why (I use a partition for / and another for /home). Additional info: * package version(s) shadow 4.13-2 libvirt 1:9.4.0-1 * config and/or log files etc. * link to upstream bug report, if any This is hilarious. I'm not sure if it should count as an upstream bug. Steps to reproduce: 1. pacman -S libvirt 2. ### DONT DO THIS ### userdel -r libvirt-qemu |
This task depends upon
Closed by David Runge (dvzrv)
Sunday, 17 September 2023, 22:02 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in https://gitlab.archlinux.org/archlinux/p ackaging/packages/shadow/-/commit/ce86aa d47726454f6f9861b597ac9f2ab3a09606
Will be part of upcoming package update.
Sunday, 17 September 2023, 22:02 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in https://gitlab.archlinux.org/archlinux/p ackaging/packages/shadow/-/commit/ce86aa d47726454f6f9861b597ac9f2ab3a09606
Will be part of upcoming package update.
https://github.com/shadow-maint/shadow/blob/4.13/src/userdel.c#L1241
It looks to me as if this can not be enabled so easily (without further patches).