Greetings: I have been helping Marc Haber with some of the issues in adduser, so I suppose it is appropriate for me to chime in here.
Thanks so much for the report and for the investigative work so far! Here are my thoughts... The "good" chroot has version 1:4.8.1-2 of passwd, and the "bad" chroot has version 1:4.11.1+dfsg1-1 of passwd. The changes between these two versions were substantial. > Quoting Bálint Réczey (2022-02-10 22:46:50) > > Apparently useradd correctly guessed system user ranges in the past, > > but this is not something to rely on. I do not think "useradd" ever attempted to guess whether a UID being added was in the system user range. Instead, it looks like hardcoded settings in the source code changed between the two versions above. To see this, you may reference the upstream shadow repository... Commit: https://github.com/shadow-maint/shadow/commit/bbf4b79bc49fd1826eb41f6629669ef0b647267b The key part of that change was this: - static const char *def_create_mail_spool = "no"; + static const char *def_create_mail_spool = "yes"; The "adduser" command never set the "-r" option previously, but the default in the upstream source was to not create the mail spool directories. Thus, this problem never surfaced. > the recent upload of shadow 1:4.11.1+dfsg1-1 made above patch necessary as > otherwise useradd will create empty directories in /var/mail and > /var/spool/mail for the system users _apt, systemd-network and > systemd-resolve. > This in turn breaks the testsuite of my package mmdebstrap. I think setting the "-r" option is the right approach, but we need to make sure that the new option doesn't do anything else that we do not expect for it to do. I can see that it does more than just omit creating the mail spool by default. The "passwd" package could be patched temporarily to undo the change from "no" to "yes" above. That would put us back at the old behavior for the time being. This patch could be removed in the not-to-far future, as I am committed to helping with supporting adduser and with fixing bugs new and old, including this one. :) Looking forward to hearing what Marc and others think on this one. Thanks! -- Jason Franklin
