Red Hat Bugzilla – Bug 80242
useradd overwrites files in existing home directory
Last modified: 2007-04-18 12:49:14 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021218
Description of problem:
Even if a home directory already exists, containing files that are not derived
from (earlier) skeleton files, useradd will overwrite them.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Create a home directory for a user by hand
2.Create a .bash_profile in it, with arbitrary contents
3.Run useradd without -M to create an account for the user
Actual Results: The hand-created .bash_profile is overwritten.
Expected Results: I understand -m is the default because of login.defs, but I'd
find it safer if it did not overwrite files that already existed. Perhaps we
should have markers in skeleton files that useradd could recognize and use as an
indication that it is ok to overwrite those files, or replace the marked part of
the file? Of course this wouldn't work for existing skeleton files, but I'd
rather not update a file that should be updated than overwrite a precious file
because of the absence of a command-line option.
On the other hand, not wiping out previous data could be a security
concern and our a hassle (obsolete bash_profile preventing login with
a newer system)
So wouldn't it be better if it failed noisily if it finds a file it
would like to replace, offering command-line options to replace files
or to leave them alone? Accidentally replacing user files without
notice is not exactly something nice to do.
fixed since shadow-utils-4.0.7-10.FC4