[Pkg-shadow-devel] [Git][debian/adduser][debian/latest] 2 commits: rewrite assert_user_has_home_directory to also check ownership

Marc Haber (@zugschlus) gitlab at salsa.debian.org
Wed Jun 17 20:03:35 BST 2026 


Marc Haber pushed to branch debian/latest at Debian / adduser


Commits:
fb832fb9 by Marc Haber at 2026-06-17T15:27:42+02:00
rewrite assert_user_has_home_directory to also check ownership

Git-Dch: ignore

- - - - -
db1ba3c5 by Marc Haber at 2026-06-17T15:28:19+02:00
implement adduser --force-home

Thanks: Jeff Hanson
Closes: #472820

- - - - -


6 changed files:

- AdduserCreateHomedir.pm
- adduser
- debian/tests/f/adduser_system.t
- debian/tests/f/skel.t
- debian/tests/lib/AdduserTestsCommon.pm
- doc/adduser.8


Changes:

=====================================
AdduserCreateHomedir.pm
=====================================
@@ -29,15 +29,17 @@ sub create_homedir {
     my $new_uid = $params{uid};
     my $primary_gid = $params{gid};
     my $copy_skeleton = $params{copy_skeleton};
+    my $force_home = $params{force_home};
     my $system_user = $params{system_user};
     my $no_create_home = $params{no_create_home};
     my $encrypt_home = $params{encrypt_home};
     my $config = $params{config};
 
-    log_trace("create_homedir(home_dir=%s, new_uid=%s, primary_gid=%s, copy_skeleton=%s, system_user=%s, no_create_home=%s", $home_dir, $new_uid, $primary_gid, $copy_skeleton, $system_user, $no_create_home);
+    log_trace("create_homedir(home_dir=%s, new_uid=%s, primary_gid=%s, copy_skeleton=%s, force_home=%s, system_user=%s, no_create_home=%s", $home_dir, $new_uid, $primary_gid, $copy_skeleton, $force_home, $system_user, $no_create_home);
 
     my $ecryptfs_setup_private;
     if (defined($encrypt_home)) {
+        log_trace("encrypt_home is set");
         $ecryptfs_setup_private = &which('ecryptfs-setup-private', 1);
         unless (defined $ecryptfs_setup_private) {
             log_fatal("encrypt_home set but ecryptfs-setup-private not found. Package missing?");
@@ -56,17 +58,26 @@ sub create_homedir {
     }
 
     if (-e $home_dir) {
-        if (!$system_user) {
+        log_trace("home_dir %s does already exist", $home_dir);
+        if (!$system_user && !$force_home) {
             log_warn(mtx("The home directory `%s' already exists. Not touching this directory."), $home_dir);
             my @homedir_stat = stat($home_dir);
             if (($homedir_stat[4] != $new_uid) || ($homedir_stat[5] != $primary_gid)) {
                 log_warn(mtx("Warning: The home directory `%s' does not belong to the user you are currently creating."), $home_dir);
             }
+            return 0;
         }
-        return 0;
     }
 
-    log_info(mtx("Creating home directory `%s' ..."), $home_dir);
+    if( $force_home ) {
+        log_info(mtx("Forcing home directory `%s' to new user as requested ..."), $home_dir);
+    } else {
+        log_info(mtx("Creating home directory `%s' ..."), $home_dir);
+        mktree($home_dir) or do {
+            log_err(gtx("Couldn't create home directory `%s': %s."), $home_dir, $!);
+            return RET_INVALID_HOME_DIRECTORY;
+        };
+    }
 
     mktree($home_dir) or do {
         log_err(gtx("Couldn't create home directory `%s': %s."), $home_dir, $!);


=====================================
adduser
=====================================
@@ -128,6 +128,7 @@ our $new_lastgid = undef;
 our $new_lastuid = undef;
 our $new_uid = undef;
 our $no_create_home = undef;
+our $force_home = undef;
 our $no_copy_skel = undef;
 our $special_home = undef;
 our $special_shell = undef;
@@ -176,6 +177,7 @@ GetOptions(
     'firstgid=i' => \$new_firstgid,
     'firstuid=i' => \$new_firstuid,
     'force-badname' => sub { $name_check_level = 1 unless $name_check_level },
+    'force-home' => \$force_home,
     'gecos:s' => \$comment_tainted,
     'gid=i' => \$gid_option,
     'group' => \$found_group_opt,
@@ -728,6 +730,7 @@ if ($action eq "addsysuser") {
         uid => $new_uid,
         gid => $gid_option,
         copy_skeleton => 0,
+        force_home => 0,
         system_user => 1,
         no_create_home => $no_create_home,
         encrypt_home => $encrypt_home,
@@ -977,6 +980,7 @@ if ($action eq "adduser") {
         uid => $new_uid,
         gid => $primary_gid,
         copy_skeleton => $no_copy_skel ? 0 : 1,
+        force_home => $force_home ? 1 : 0,
         system_user => 0,
         no_create_home => $no_create_home,
         encrypt_home => $encrypt_home,


=====================================
debian/tests/f/adduser_system.t
=====================================
@@ -263,7 +263,7 @@ assert_command_success(
 assert_user_exists('aust');
 assert_user_is_system('aust');
 assert_path_does_not_exist($homedir);
-assert_user_has_home_directory('aust', $homedir);
+assert_user_set_home_directory('aust', $homedir);
 assert_command_success(
     '/usr/sbin/deluser',
     '--stdoutmsglevel=error', '--stderrmsglevel=error',


=====================================
debian/tests/f/skel.t
=====================================
@@ -30,6 +30,23 @@ assert_user_has_home_directory($name,"/home/$name");
 assert_path_is_a_directory("/home/$name");
 assert_user_home_directory_content($name, "/home/$name", $homedir_contents);
 
+$name="ausskelforcehome";
+mkdir("/home/$name", 0777);
+assert_path_is_a_directory("/home/$name");
+# root:root 777
+assert_user_does_not_exist($name);
+assert_command_success(
+    '/usr/sbin/adduser',
+    '--stdoutmsglevel=error', '--stderrmsglevel=error',
+    '--comment','""',
+    '--force-home',
+    '--disabled-password',
+    $name
+);
+assert_user_exists($name);
+assert_user_has_home_directory($name,"/home/$name");
+assert_path_is_a_directory("/home/$name");
+assert_user_home_directory_content($name, "/home/$name", $homedir_contents);
 # done_testing(); done in END
 
 # vim: tabstop=4 shiftwidth=4 expandtab


=====================================
debian/tests/lib/AdduserTestsCommon.pm
=====================================
@@ -25,6 +25,7 @@ our @EXPORT = qw(
     assert_command_match_output
     initialize_home_directory_tests
     cleanup_home_directory_tests
+    assert_user_set_home_directory
     assert_user_has_home_directory
     assert_user_home_directory_empty
     assert_user_home_directory_content
@@ -288,9 +289,40 @@ sub initialize_home_directory_tests {
     return $skel_contents;
 }
 
+sub assert_user_set_home_directory {
+    my ($user, $home) = @_;
+
+    my @pw = egetpwnam($user);
+    my ($uid, $gid, $pw_home) = @pw[2, 3, 7];
+
+    is($pw_home, $home,
+       "user has home directory: ~$user is $home");
+}
+
 sub assert_user_has_home_directory {
     my ($user, $home) = @_;
-    is((egetpwnam($user))[7], $home, "user has home directory: ~$user is $home");
+
+    my @pw = egetpwnam($user);
+    my ($uid, $gid, $pw_home) = @pw[2, 3, 7];
+
+    is($pw_home, $home,
+       "user has home directory: ~$user is $home");
+
+    if ($home eq '/nonexistent') {
+        ok(1, "home directory is /nonexistent");
+        return;
+    }
+
+    ok(-d $home,
+       "home directory exists: $home");
+
+    my @st = stat($home);
+
+    is($st[4], $uid,
+       "home directory owner UID matches $user");
+
+    is($st[5], $gid,
+       "home directory group GID matches $user");
 }
 
 sub assert_user_home_directory_empty {


=====================================
doc/adduser.8
=====================================
@@ -29,6 +29,7 @@ adduser, addgroup \- add or manipulate users or groups
 .OP \-\-encrypt\-home
 .OP \-\-firstgid id
 .OP \-\-firstuid id
+.OP \-\-force-home
 .OP \-\-gid id
 .OP \-\-home dir
 .OP \-\-ingroup group
@@ -468,6 +469,16 @@ that some other mechanism will be responsible
 for initializing the new user's home directory.
 Valid modes: \fBadduser\fP, \fBadduser \-\-system\fP.
 .TP
+.B \-\-force\-home
+Assume the home directory does already exist
+and has been taken care of by the local administrator.
+\fIchown\fP the directory to the newly created user and
+populate it with the files from \fI\%/etc/skel\fP
+without double checking.
+This allows to put new home directories on an
+md, lvm, or dm-crypt device.
+Valid modes: \fBadduser\fP.
+.TP
 .B \-\-no\-copy\-skel
 Do not populate the home directory for the new user with
 files from \fI\%/etc/skel\fP.  If the home directory is



View it on GitLab: https://salsa.debian.org/debian/adduser/-/compare/0c448b73356981c212ad901377e227aa1e0bc59e...db1ba3c5be6999d81a87d74dc52cf6fc7b4880e7

-- 
View it on GitLab: https://salsa.debian.org/debian/adduser/-/compare/0c448b73356981c212ad901377e227aa1e0bc59e...db1ba3c5be6999d81a87d74dc52cf6fc7b4880e7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20260617/bf5c9c7e/attachment-0001.htm>

More information about the Pkg-shadow-devel mailing list