Bug 80242 - useradd overwrites files in existing home directory
useradd overwrites files in existing home directory
Product: Red Hat Linux
Classification: Retired
Component: shadow-utils (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Peter Vrabec
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2002-12-23 02:55 EST by Alexandre Oliva
Modified: 2007-04-18 12:49 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-08 07:53:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alexandre Oliva 2002-12-23 02:55:36 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021218

Description of problem:
Even if a home directory already exists, containing files that are not derived
from (earlier) skeleton files, useradd will overwrite them.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Create a home directory for a user by hand
2.Create a .bash_profile in it, with arbitrary contents
3.Run useradd without -M to create an account for the user

Actual Results:  The hand-created .bash_profile is overwritten.

Expected Results:  I understand -m is the default because of login.defs, but I'd
find it safer if it did not overwrite files that already existed.  Perhaps we
should have markers in skeleton files that useradd could recognize and use as an
indication that it is ok to overwrite those files, or replace the marked part of
the file?  Of course this wouldn't work for existing skeleton files, but I'd
rather not update a file that should be updated than overwrite a precious file
because of the absence of a command-line option.

Additional info:
Comment 1 Eido Inoue 2004-10-27 15:11:05 EDT
On the other hand, not wiping out previous data could be a security
concern and our a hassle (obsolete bash_profile preventing login with
a newer system)
Comment 2 Alexandre Oliva 2004-10-27 16:00:27 EDT
So wouldn't it be better if it failed noisily if it finds a file it
would like to replace, offering command-line options to replace files
or to leave them alone?  Accidentally replacing user files without
notice is not exactly something nice to do.
Comment 3 Peter Vrabec 2005-08-08 07:53:20 EDT
fixed since shadow-utils-4.0.7-10.FC4

Note You need to log in before you can comment on or make changes to this bug.