[Pkg-shadow-devel] Bug#960318: passwd: pwck does not recognize meaning of "/nonexistent" home directory
Jason Franklin
jason.franklin at quoininc.com
Mon May 11 19:42:13 BST 2020
Package: passwd
Version: 1:4.5-1.1
Severity: normal
Tags: patch
Dear Maintainer(s):
The included patch helps the "pwck" command to function more helpfully
on Debian by having it recognize the convention of using "/nonexistent"
for the home directory of a user who intentionally does not have a home
directory.
This will allow "pwck" to properly succeed when some users have this
string as their home directory. It will prevent a false failure and
false error messages such as these:
user 'lp': directory '/nonexistent' does not exist
user 'news': directory '/nonexistent' does not exist
user 'uucp': directory '/nonexistent' does not exist
...
user 'www-data': directory '/nonexistent' does not exist
user '_apt': directory '/nonexistent' does not exist
user 'nobody': directory '/nonexistent' does not exist
pwck: no changes
The patch has already been accepted upstream. See the link below to the
GitHub pull request for more discussion...
https://github.com/shadow-maint/shadow/pull/251
The patch follows here:
--- a/README
+++ b/README
@@ -69,6 +69,7 @@ Guy Maor <maor at debian.org>
Hrvoje Dogan <hdogan at bjesomar.srce.hr>
Jakub Hrozek <jhrozek at redhat.com>
Janos Farkas <chexum at bankinf.banki.hu>
+Jason Franklin <jason.franklin at quoininc.com>
Jay Soffian <jay at lw.net>
Jesse Thilo <Jesse.Thilo at pobox.com>
Joey Hess <joey at kite.ml.org>
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -295,7 +295,7 @@ CHFN_AUTH yes
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-#
+#
CHFN_RESTRICT rwh
#
@@ -383,6 +383,14 @@ CHFN_RESTRICT rwh
DEFAULT_HOME yes
#
+# The pwck(8) utility emits a warning for any system account with a home
+# directory that does not exist. Some system accounts intentionally do
+# not have a home directory. Such accounts may have this string as
+# their home directory in /etc/passwd to avoid a spurious warning.
+#
+NONEXISTENT /nonexistent
+
+#
# If this file exists and is readable, login environment will be
# read from it. Every line should be in the form name=value.
#
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -105,6 +105,7 @@ static struct itemdef def_table[] = {
{"MAIL_FILE", NULL},
{"MAX_MEMBERS_PER_GROUP", NULL},
{"MD5_CRYPT_ENAB", NULL},
+ {"NONEXISTENT", NULL},
{"PASS_MAX_DAYS", NULL},
{"PASS_MIN_DAYS", NULL},
{"PASS_WARN_AGE", NULL},
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -152,6 +152,7 @@ login_defs_v = \
MD5_CRYPT_ENAB.xml \
MOTD_FILE.xml \
NOLOGINS_FILE.xml \
+ NONEXISTENT.xml \
OBSCURE_CHECKS_ENAB.xml \
PASS_ALWAYS_WARN.xml \
PASS_CHANGE_TRIES.xml \
--- a/man/login.defs.5.xml
+++ b/man/login.defs.5.xml
@@ -67,6 +67,7 @@
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+<!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
@@ -203,6 +204,7 @@
&MD5_CRYPT_ENAB;
&MOTD_FILE;
&NOLOGINS_FILE;
+ &NONEXISTENT;
&OBSCURE_CHECKS_ENAB;
&PASS_ALWAYS_WARN;
&PASS_CHANGE_TRIES;
--- /dev/null
+++ b/man/login.defs.d/NONEXISTENT.xml
@@ -0,0 +1,41 @@
+<!--
+ Copyright (c) 1991 - 1993, Julianne Frances Haugh
+ Copyright (c) 1991 - 1993, Chip Rosenthal
+ Copyright (c) 2007 - 2009, Nicolas François
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the copyright holders or contributors may not be used to
+ endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<varlistentry>
+ <term><option>NONEXISTENT</option> (string)</term>
+ <listitem>
+ <para>
+ If a system account intentionally does not have a home directory
+ that exists, this string can be provided in the /etc/passwd
+ entry for the account to indicate this. The result is that pwck
+ will not emit a spurious warning for this account.
+ </para>
+ </listitem>
+</varlistentry>
--- a/man/pwck.8.xml
+++ b/man/pwck.8.xml
@@ -30,6 +30,7 @@
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
@@ -266,6 +267,7 @@
tool:
</para>
<variablelist>
+ &NONEXISTENT;
&PASS_MAX_DAYS;
&PASS_MIN_DAYS;
&PASS_WARN_AGE;
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -527,12 +527,16 @@ static void check_pw_file (int *errors,
* Make sure the home directory exists
*/
if (!quiet && (access (pwd->pw_dir, F_OK) != 0)) {
+ const char *nonexistent = getdef_str("NONEXISTENT");
+
/*
- * Home directory doesn't exist, give a warning
+ * Home directory does not exist, give a warning (unless intentional)
*/
- printf (_("user '%s': directory '%s' does not exist\n"),
- pwd->pw_name, pwd->pw_dir);
- *errors += 1;
+ if (NULL == nonexistent || strcmp (pwd->pw_dir, nonexistent) != 0) {
+ printf (_("user '%s': directory '%s' does not exist\n"),
+ pwd->pw_name, pwd->pw_dir);
+ *errors += 1;
+ }
}
}
Thanks for considering this modification!
Best wishes,
Jason Franklin <jason.franklin at quoininc.com>
-- System Information:
Debian Release: 10.3
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (500, 'stable'), (100, 'unstable'), (10, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.5.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages passwd depends on:
ii libaudit1 1:2.8.4-3
ii libc6 2.28-10
ii libpam-modules 1.3.1-5
ii libpam0g 1.3.1-5
ii libselinux1 2.8-1+b1
ii libsemanage1 2.8-2
passwd recommends no packages.
passwd suggests no packages.
-- no debconf information
More information about the Pkg-shadow-devel
mailing list