[Adduser-devel] Bug#352225: adduser: severe problem in existing_user_ok()

Henrique de Moraes Holschuh hmh at debian.org
Fri Feb 10 14:54:04 UTC 2006 

Package: adduser
Version: 3.82
Severity: grave
Justification: renders package unusable

Severity is set to grave because it breaks one of the two core
functionalities of adduser, and one that is used by most postinst scripts
that use adduser, to boot.

Adduser is failing to correctly deal with a pre-existing system user when
asked to update it (with no modifications, even!).  This is caused by a bug
in existing_user_ok.

How to reproduce:

Excerpt of /etc/adduser.conf:
# FIRST_SYSTEM_UID to LAST_SYSTEM_UID inclusive is the range for UIDs
# for dynamically allocated administrative and system accounts.
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999

# FIRST_UID to LAST_UID inclusive is the range of UIDs of dynamically
# allocated user accounts.
FIRST_UID=1000
LAST_UID=29999

# The USERGROUPS variable can be either "yes" or "no".  If "yes" each
# created user will be given their own group to use as a default, and
# their home directories will be g+s.  If "no", each created user will
# be placed in the group whose gid is USERS_GID (see below).
USERGROUPS=yes

Description of the bug:

# getent passwd hplip
hplip:x:125:7:HPLIP system user,,,:/var/run/hplip:/bin/false

# getent group lp
lp:x:7:lp

# adduser --system --ingroup lp --home /var/run/hplip --gecos 'HPLIP system user' --shell /bin/false --disabled-password hplip ; echo $?
adduser: Warning: The home dir you specified already exists.
The user `hplip' already exists with a different uid. Aborting
1

The bug is in routine existing_user_ok.  It must not return 2 if $new_uid is
undefined.  In that case, only 0 and 1 are valid results.

I miss a third return value, "3" for users which exist but are not in the
system range (which is a valid result independent of $new_uid being defined
or not).  It is useful to generate a printf (gtx("The user `%s' already
exists as a non-system user. Aborting\n"), $new_name) error message.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15.2-debian2+bluesmoke+lm85
Locale: LANG=pt_BR.ISO-8859-1, LC_CTYPE=pt_BR.ISO-8859-1 (charmap=ISO-8859-1)

Versions of packages adduser depends on:
ii  debconf [debconf-2.0]         1.4.70     Debian configuration management sy
ii  passwd                        1:4.0.14-5 change and administer password and
ii  perl-base                     5.8.8-1    The Pathologically Eclectic Rubbis

adduser recommends no packages.

-- debconf information:
* adduser/homedir-permission: true

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

More information about the Adduser-devel mailing list