On Mon, Aug 22, 2016 at 10:47:51AM +0200, Vincent Legoll wrote: > Hello, > > > IIUC it happens because the home directory is created only when a user > > is added, and is not changed when the user is modified. See (gnu build > > activation) module: > > > > - 'add-user' runs "useradd" with "-d" option to create home dir > > Maybe the nobody user should be special cased, not to run useradd with > -d, the non existent directory, should really not exist for nobody. This is a > (very small ?) security enhancement, I think...
My Debian system uses '/nonexistent' for the nobody user's passwd entry, but the directory does not actually exist. > If this is the way to go, I can have a shot at it... > > > - 'modify-user' runs "usermod" without "-d" (and without "--move-home") > > > > So the home of nobody was not changed for us to '/nonexistent' when the > > nobody user was changed. > > > > As for me, I wouldn't like to have this directory, and I think it > > shouldn't be created (if it is not really needed for nobody user). > > Ditto. I don't fully understand the implications of the change, but it seems like a worthwhile thing to try doing. At least you might learn something while implementing it :) I'll let more experienced people decide if it's the right thing to do.
