957283 – libuser doesn't enforce UMASK value from /etc/login.defs => luseradd force 700 permissions

Bug 957283 - libuser doesn't enforce UMASK value from /etc/login.defs => luseradd force 700 permissions

Summary: libuser doesn't enforce UMASK value from /etc/login.defs => luseradd force 70...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libuser
Sub Component:
Version:	rawhide
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Miloslav Trmač
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-04-26 20:28 UTC by Thierry Vignaud
Modified:	2013-04-30 11:45 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-04-29 22:03:44 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Thierry Vignaud 2013-04-26 20:28:11 UTC

Description of problem:
libuser doesn't read back the UMASK value from /etc/login.defs, only some values.
This mean it doesn't enforce system settings/policy.
Instead ladduser just force 0700 with current session umask applied.
lu_homedir_populate() should drop the 'mode' argument and just uses 777 + umask value from /etc/login.defs

This affects libuser users as those do not create consistent user homedirs regarding other tools (eg: adduser, useradd).
See eg: https://bugs.mageia.org/show_bug.cgi?id=618

Version-Release number of selected component (if applicable):
0.59

How reproducible:
always

Steps to Reproduce:
1. adduser foo
2. luseradd bar
3. compare their rights:
drwx------ 5 bar bar 4096 janv. 14 06:27 /home/bar/
drwxr-xr-x 5 foo foo 4096 avril 26 22:20 /home/foo/

Actual results:
Different permissions (0700 vs 0755)

Expected results:
Same permissions, whatever is the system policy (in /etc/login.defs)

Additional info:

Comment 1 Miloslav Trmač 2013-04-29 22:03:44 UTC

Thanks for your report.

libuser.conf(5) explicitly documents that UMASK is ignored, and likewise lu_homedir_populate() documentation explicitly says that the mode argument is used, so we can't just drop it or ignore it.


Looking at a higher level, libuser's Python bindings and luseradd don't explicitly document what mode is used for the home directory, however changing it might make previously tested scripts and code vulnerable, so that's not that attractive either.


Finally, https://bugs.mageia.org/show_bug.cgi?id=618 seems to revolve around userdrake ; the 0700 value is actually hardcoded in userdrake, see http://svnweb.mageia.org/soft/userdrake2/trunk/USER/USER.xs?revision=7992&view=markup line 116.  If UMASK support were to be added, it would have to be there.


(The lu_homedir_populate() interface and frends admittedly isn't that great -  there really should be a single "create user" call that does everything.  However, there are some plans for a new user account management library so I'm at this point not too eager to add a new set of APIs to libuser.)

Closing this as libuser can't fix the userdrake hard-coded value, changing existing interfaces is undesirable, and as described above, adding new interfaces is not currently planned.

Comment 2 Thierry Vignaud 2013-04-30 08:33:09 UTC

It is hardcoded there because it previous maintainer borrowed code from luseradd.
The same issue exists for all libuser users (whether userdrake or luseradd): users created through them do not match users created by useradd.

What would be this new user account management library?

Comment 3 Miloslav Trmač 2013-04-30 11:45:19 UTC

The new library is in early planning stages, no code is expected for at least a year yet.

Note You need to log in before you can comment on or make changes to this bug.