[Pkg-shadow-devel] Bug#635679: useradd and groupadd fail if /etc/passwd and /etc/group are symlinks

Nicolas François nicolas.francois at centraliens.net
Fri Jul 29 09:52:52 UTC 2011


On Thu, Jul 28, 2011 at 06:20:21AM +0000, Adam M. Costello wrote:
> Until revision 3095 in the upstream svn, useradd and groupadd worked
> just fine if /etc/passwd and /etc/group were symlinks.  That revision
> added the O_NOFOLLOW flag to open() in lib/commonio.c, and now those
> tools fail to open /etc/passwd and /etc/group if they are symlinks.  I
> don't use those tools myself, but Debian package installation scripts
> seem to use them.  Can we go back to allowing symlinks?  My system
> for managing my three Debian installations is based on keeping all my
> customizations in a separate directory, with symlinks from /etc/.

How did shadow behave before this change?

I think that it could read successfully the files, but then it probably
destroyed the links every time a change was committed.

I would expect the same behavior from PAM when passwords are changed.

Maybe under those conditions it's better to explicitly not support such
setup and fail.

Best Regards,

More information about the Pkg-shadow-devel mailing list