89591 – useradd home creation defaults dangerous and confusing

Bug 89591 - useradd home creation defaults dangerous and confusing

Summary: useradd home creation defaults dangerous and confusing

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	shadow-utils
Sub Component:
Version:	9
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Peter Vrabec
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	158574 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-04-24 18:28 UTC by ldd
Modified:	2007-04-18 16:53 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2005-08-08 11:53:32 UTC
Embargoed:

Attachments	(Terms of Use)

Description ldd 2003-04-24 18:28:08 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212

Description of problem:
useradd by default creates a new user directory and populates it with the files
from /etc/skel.  If the directory already exists, it is not created anew but the
files from /etc/skel are still copied.

This behavior is dangerous and the documentation does nothing to indicate that
this is the default behavior.


Version-Release number of selected component (if applicable):
shadow-utils-4.0.3-6

How reproducible:
Always

Steps to Reproduce:
1. Create /home/foo manually.
2. Create a fake /home/foo/.bashrc.
3. Execute: useradd -d /home/foo foo.    


Actual Results:  .bashrc is overwritten.

Expected Results:  .bashrc should not be overwritten.

Additional info:

Suggested solutions, in order of decreasing preference:

1. If a skel file already exists in the new home, don't overwrite it.

2. If the home already exists, don't copy the skel files.

3. Backup any skel files that are going to be overwritten.

4. Change the behavior back to the original default of useradd which is to not
overwrite.

The documentation is also not quite clear.  Here is what man has to say:

-m     The  userâs home directory will be created if it does not exist.
       The files contained in skeleton_dir will be copied to  the  home
       directory  if  the  -k  option is used, otherwise the files con-
       tained in /etc/skel will be used instead.  Any directories  con-
       tained  in  skeleton_dir  or  /etc/skel  will  be created in the
       userâs home directory as well.  The -k option is only  valid  in
       conjunction  with  the  -m option.  The default is to not create
       the directory and to not copy any files.

It doesn't make it clear that the file copying happens whether or not a new home
directory is actually created.  The fact that the copying happens whether or not
the home already exists should be made explicit.  Also it says the default is
not to create the directory but it should also mention that /etc/login.defs can
override this default behavior.  (And login.defs should get proper documentation
too.)  This is what bit me: I read the above and thought useradd would not
attempt to create the directory (or copy any files) since there was no
indication that /etc/login.defs would override that behavior.

Comment 1 Peter Vrabec 2005-08-01 12:54:45 UTC

*** Bug 158574 has been marked as a duplicate of this bug. ***

Comment 2 Peter Vrabec 2005-08-08 11:53:32 UTC

fixed since shadow-utils-4.0.7-10.FC4

Note You need to log in before you can comment on or make changes to this bug.