From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.15) Gecko/20080702 Fedora/2.0.0.15-1.fc8 Firefox/2.0.0.15 Description of problem: lnewusers doesn't check the input line if it contains too many ':' characters Version-Release number of selected component (if applicable): libuser-0.56.6-2 How reproducible: Always Steps to Reproduce: 1. lnewusers 2. write following string, press enter, press CTRL+D testuser:password:543:543:test:user:/home/testuser:/bin/bash 3. you should see an error message like this: Error creating home directory for testuser: couldn't determine security context for `user': No such file or directory 4. grep testuser /etc/passwd testuser:x:543:543:test:user:/home/testuser:/bin/bash:/bin/bash Actual Results: lnewusers accepts line with too many ':' characters Expected Results: lnewusers rejects line with too many ':' characters Additional info:
RHTS test for this bug is available (/CoreOS/libuser/Regression/bz454892-lnewusers-corrupt-etc-passwd ).
Thanks for your report. I believe this is actually correct behavior: libc's getpwent() doesn't reject pw_shell values that contain ':', only the first 6 ':' characters serve as field separators. It's somewhat counter-intuitive, but it is in principle possible that somebody's shell path contains a ':', and lnewusers should not reject lines that come from a working /etc/passwd.