Your message dated Mon, 31 Jan 2022 11:35:41 +0000
with message-id <[email protected]>
and subject line Bug#960318: fixed in shadow 1:4.11.1+dfsg1-1
has caused the Debian Bug report #960318,
regarding passwd: pwck does not recognize meaning of "/nonexistent" home
directory
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
960318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960318
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: passwd
Version: 1:4.5-1.1
Severity: normal
Tags: patch
Dear Maintainer(s):
The included patch helps the "pwck" command to function more helpfully
on Debian by having it recognize the convention of using "/nonexistent"
for the home directory of a user who intentionally does not have a home
directory.
This will allow "pwck" to properly succeed when some users have this
string as their home directory. It will prevent a false failure and
false error messages such as these:
user 'lp': directory '/nonexistent' does not exist
user 'news': directory '/nonexistent' does not exist
user 'uucp': directory '/nonexistent' does not exist
...
user 'www-data': directory '/nonexistent' does not exist
user '_apt': directory '/nonexistent' does not exist
user 'nobody': directory '/nonexistent' does not exist
pwck: no changes
The patch has already been accepted upstream. See the link below to the
GitHub pull request for more discussion...
https://github.com/shadow-maint/shadow/pull/251
The patch follows here:
--- a/README
+++ b/README
@@ -69,6 +69,7 @@ Guy Maor <[email protected]>
Hrvoje Dogan <[email protected]>
Jakub Hrozek <[email protected]>
Janos Farkas <[email protected]>
+Jason Franklin <[email protected]>
Jay Soffian <[email protected]>
Jesse Thilo <[email protected]>
Joey Hess <[email protected]>
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -295,7 +295,7 @@ CHFN_AUTH yes
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-#
+#
CHFN_RESTRICT rwh
#
@@ -383,6 +383,14 @@ CHFN_RESTRICT rwh
DEFAULT_HOME yes
#
+# The pwck(8) utility emits a warning for any system account with a home
+# directory that does not exist. Some system accounts intentionally do
+# not have a home directory. Such accounts may have this string as
+# their home directory in /etc/passwd to avoid a spurious warning.
+#
+NONEXISTENT /nonexistent
+
+#
# If this file exists and is readable, login environment will be
# read from it. Every line should be in the form name=value.
#
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -105,6 +105,7 @@ static struct itemdef def_table[] = {
{"MAIL_FILE", NULL},
{"MAX_MEMBERS_PER_GROUP", NULL},
{"MD5_CRYPT_ENAB", NULL},
+ {"NONEXISTENT", NULL},
{"PASS_MAX_DAYS", NULL},
{"PASS_MIN_DAYS", NULL},
{"PASS_WARN_AGE", NULL},
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -152,6 +152,7 @@ login_defs_v = \
MD5_CRYPT_ENAB.xml \
MOTD_FILE.xml \
NOLOGINS_FILE.xml \
+ NONEXISTENT.xml \
OBSCURE_CHECKS_ENAB.xml \
PASS_ALWAYS_WARN.xml \
PASS_CHANGE_TRIES.xml \
--- a/man/login.defs.5.xml
+++ b/man/login.defs.5.xml
@@ -67,6 +67,7 @@
<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+<!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
@@ -203,6 +204,7 @@
&MD5_CRYPT_ENAB;
&MOTD_FILE;
&NOLOGINS_FILE;
+ &NONEXISTENT;
&OBSCURE_CHECKS_ENAB;
&PASS_ALWAYS_WARN;
&PASS_CHANGE_TRIES;
--- /dev/null
+++ b/man/login.defs.d/NONEXISTENT.xml
@@ -0,0 +1,41 @@
+<!--
+ Copyright (c) 1991 - 1993, Julianne Frances Haugh
+ Copyright (c) 1991 - 1993, Chip Rosenthal
+ Copyright (c) 2007 - 2009, Nicolas François
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the copyright holders or contributors may not be used to
+ endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<varlistentry>
+ <term><option>NONEXISTENT</option> (string)</term>
+ <listitem>
+ <para>
+ If a system account intentionally does not have a home directory
+ that exists, this string can be provided in the /etc/passwd
+ entry for the account to indicate this. The result is that pwck
+ will not emit a spurious warning for this account.
+ </para>
+ </listitem>
+</varlistentry>
--- a/man/pwck.8.xml
+++ b/man/pwck.8.xml
@@ -30,6 +30,7 @@
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [
+<!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
@@ -266,6 +267,7 @@
tool:
</para>
<variablelist>
+ &NONEXISTENT;
&PASS_MAX_DAYS;
&PASS_MIN_DAYS;
&PASS_WARN_AGE;
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -527,12 +527,16 @@ static void check_pw_file (int *errors,
* Make sure the home directory exists
*/
if (!quiet && (access (pwd->pw_dir, F_OK) != 0)) {
+ const char *nonexistent =
getdef_str("NONEXISTENT");
+
/*
- * Home directory doesn't exist, give a warning
+ * Home directory does not exist, give a
warning (unless intentional)
*/
- printf (_("user '%s': directory '%s' does not
exist\n"),
- pwd->pw_name, pwd->pw_dir);
- *errors += 1;
+ if (NULL == nonexistent || strcmp (pwd->pw_dir,
nonexistent) != 0) {
+ printf (_("user '%s': directory '%s'
does not exist\n"),
+ pwd->pw_name,
pwd->pw_dir);
+ *errors += 1;
+ }
}
}
Thanks for considering this modification!
Best wishes,
Jason Franklin <[email protected]>
-- System Information:
Debian Release: 10.3
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (500, 'stable'), (100, 'unstable'), (10,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.5.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages passwd depends on:
ii libaudit1 1:2.8.4-3
ii libc6 2.28-10
ii libpam-modules 1.3.1-5
ii libpam0g 1.3.1-5
ii libselinux1 2.8-1+b1
ii libsemanage1 2.8-2
passwd recommends no packages.
passwd suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: shadow
Source-Version: 1:4.11.1+dfsg1-1
Done: Balint Reczey <[email protected]>
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 31 Jan 2022 10:33:28 +0100
Source: shadow
Built-For-Profiles: noudeb
Architecture: source
Version: 1:4.11.1+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Shadow package maintainers
<[email protected]>
Changed-By: Balint Reczey <[email protected]>
Closes: 960318 960637 991914
Changes:
shadow (1:4.11.1+dfsg1-1) unstable; urgency=medium
.
* debian/NEWS: Fix version and release of latest entry
.
shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium
.
* login: Don't list su command as shipped (Closes: #960637)
* Install nologin /usr/sbin without patching makefiles
* debian/copyright: Fully rewrite the file based on upstream license update
and exclude contrib/atudel from upstream tarball
* debian/watch: Repack upstream tarball with +dfsg1 suffix
* debian/upstream/signing-key.asc: Update upstream signing key
* New upstream version 4.11.1+dfsg1
* Refresh patches
* Set NONEXISTENT to /nonexistent in shipped login.defs (Closes: #960318)
* Enable newly added yescrypt support
* Include YESCRYPT options in shipped login.defs (Closes: #991914)
* debian/rules: Stop using --disable-shared to build shared libraries
* Ship the libsubid4 and libsubid-dev packages and ship getsubids in uidmap
* debian/rules: Drop obsolete variable setting
* debian/login.lintian-overrides: Drop unused override
* debian/control: Make the Vcs-Browser URL canonical
* debian/login.defs: List new GRANT_AUX_GROUP_SUBIDS option in shipped
login.defs
* debian/NEWS: Mention new login behaviour regarding empty password field.
Also set PREVENT_NO_AUTH in shipped login.defs accordingly.
* debian/tests: Cherry-pick part of autopkgtest from Ubuntu.
Thanks to Michael Vogt for the more extensive suite in Ubuntu
* debian/login.defs: Set default subuid and subgid ranges
Checksums-Sha1:
623d3dfc92b5969b67df8b5ae660982dff8101da 2416 shadow_4.11.1+dfsg1-1.dsc
18a7289398e0e668a99f2144f5bb3fa83234aa12 77032
shadow_4.11.1+dfsg1-1.debian.tar.xz
5be6bcc81d762e2d087a50fa5072774cc5d22a39 9882
shadow_4.11.1+dfsg1-1_source.buildinfo
Checksums-Sha256:
f6a8d87656c7b6d51a4988846714c46179f7ffe9fd32bf1d2eabcd49b5365338 2416
shadow_4.11.1+dfsg1-1.dsc
fd87c76f31ee41a03b0faf9916ce606069de8f7ec5c54fde487a525b3f12850b 77032
shadow_4.11.1+dfsg1-1.debian.tar.xz
035a1a6a7d61902d4c795495f1962ffa8e6fc6ca4798fde962ef72dfb7fd1679 9882
shadow_4.11.1+dfsg1-1_source.buildinfo
Files:
3321c1b9ec6a6fa19cf8fda985081aa8 2416 admin required shadow_4.11.1+dfsg1-1.dsc
e7d41763c2e43ed7f69393ec98a4a7ac 77032 admin required
shadow_4.11.1+dfsg1-1.debian.tar.xz
8f2bfd0785318fa988d69421b410b475 9882 admin required
shadow_4.11.1+dfsg1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEI/PvTgXX55rLQUfDg6KBkWslS0UFAmH3w4sACgkQg6KBkWsl
S0X1+hAAw+K1Vse6lJoecFC3I+gTvNu7x5Cg2p8WGYyQWAEf0hNgBzSQ03F2cBME
XAQDepv0ojWbrNLQlUkwcnQyZ0TO+GI5Y3E8Xf9IMRUMgoWaeNqZslVdkhjXBaEz
tEDKAIljwfWlwnnhstMfBcEkq94RKMe/Vfi8WbR94ZUliwqnKe2W2NAgSRzMjPPP
2mQE1IUaYFHcHrx6cqJRZtQMETnmH4V5lkyTxNATFK/4DBSnprDpW+01SCH4gqhC
MdUQPtAgbCF+tQSh7WQJDVDpj+ZSb8S7ix9zX1q9MmZ/WMgouperD+tgk2j1ghUR
hud14w7Tyb+PBU9mt2YbePH6tZMtd8RGRrCYnDZCigeYBY3yVyRrw0bv3PMSYl7c
/YLLMYgcMgzPta37Q351jGWRXbDHL62oZTAs66dNF7UtnYX2o0qJGfIeCrgb2fQ8
ORlvPbqjcm9R1p+Qw5Fg5LcawMW9Wp7f+hrFBE9IGKko+Y2OfDeBGwZkS0XTuj2g
vRKCI5aVcRkdK8bxi+Ob45f4fuCdTlskNiAOYYHIZnhGhGYdcnaafLef/E/D6VSx
PVgMi5nq7aw3S385S/jE8loTfIDBlciXCLBXGYgLjVj6pAvX0UiiHcSlqOJqE0GW
kzDGkWaN8s7oK/Uh7PsXxVP9lleiy/UqiWXQj++7Z99/cX4daGs=
=6Yn+
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-shadow-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
