Bug 80242 - useradd overwrites files in existing home directory
Summary: useradd overwrites files in existing home directory
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: shadow-utils
Version: 9
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2002-12-23 07:55 UTC by Alexandre Oliva
Modified: 2007-04-18 16:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-08-08 11:53:20 UTC

Attachments (Terms of Use)

Description Alexandre Oliva 2002-12-23 07:55:36 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021218

Description of problem:
Even if a home directory already exists, containing files that are not derived
from (earlier) skeleton files, useradd will overwrite them.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Create a home directory for a user by hand
2.Create a .bash_profile in it, with arbitrary contents
3.Run useradd without -M to create an account for the user

Actual Results:  The hand-created .bash_profile is overwritten.

Expected Results:  I understand -m is the default because of login.defs, but I'd
find it safer if it did not overwrite files that already existed.  Perhaps we
should have markers in skeleton files that useradd could recognize and use as an
indication that it is ok to overwrite those files, or replace the marked part of
the file?  Of course this wouldn't work for existing skeleton files, but I'd
rather not update a file that should be updated than overwrite a precious file
because of the absence of a command-line option.

Additional info:

Comment 1 Eido Inoue 2004-10-27 19:11:05 UTC
On the other hand, not wiping out previous data could be a security
concern and our a hassle (obsolete bash_profile preventing login with
a newer system)

Comment 2 Alexandre Oliva 2004-10-27 20:00:27 UTC
So wouldn't it be better if it failed noisily if it finds a file it
would like to replace, offering command-line options to replace files
or to leave them alone?  Accidentally replacing user files without
notice is not exactly something nice to do.

Comment 3 Peter Vrabec 2005-08-08 11:53:20 UTC
fixed since shadow-utils-4.0.7-10.FC4

Note You need to log in before you can comment on or make changes to this bug.