[Pkg-shadow-devel] Bug#906278: marked as done (passwd: Debian has 3 default values for login shells for newly created user accounts)

[Debian Bug Tracking System]

Your message dated Wed, 8 Jan 2025 14:17:14 +0100
with message-id <z3562vwzs1nvd...@per.namespace.at>
and subject line Re: Bug#906278: passwd: Debian has 3 default values for login 
shells for newly created user accounts
has caused the Debian Bug report #906278,
regarding passwd: Debian has 3 default values for login shells for newly 
created user accounts
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
906278: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906278
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: passwd
Version: 1:4.4-4.1
Severity: normal

Dear Maintainer,

Debian has 3 default values for login shells for newly created user accounts. 
There should be only one, and one that does not lead to weird behavior.

These are the three variants:

1) /bin/bash
2) /bin/sh
3) '' (the empty string)

Option 1) is the result when the new user account is created with the program 
`adduser`.

Option 2) is a possible result according to the documentation of `useradd`, but 
it is not actually possible.

Option 3) is the result when the new user account is created with the program 
`useradd`.



Related bugs:

* #892098 "passwd: useradd in Jessie creates user with empty string as shell"
  Issue #892098 is discussed here as well, but in a larger context.

* #897028 "passwd: typo in comment in file /etc/default/useradd"
  Issue #897028 would be fixed by implementing suggested fix 3) detailed below.



The relevant information and documentation excerpts:



useradd is part of package `passwd`.

Documentation for the option `--shell` from the `useradd` man page:

~~
The name of the user's login shell. The default is to leave this field blank, 
which causes the system to select the default login shell specified by the 
SHELL variable in /etc/default/useradd, or an empty string by default.
~~

Relevant snippet from `/etc/default/useradd`:

~~
# The SHELL variable specifies the default login shell on your
# system.
# Similar to DHSELL in adduser. However, we use "sh" here because
# useradd is a low level utility and should be as general
# as possible
SHELL=/bin/sh
~~



adduser is part of package `adduser`.

Documentation for the option `--shell` from the `adduser` man page:

~~
Use SHELL as the user's login shell, rather than the default specified by the 
configuration file.
~~

>From the `adduser.conf` man page:

~~
DSHELL The login shell to be used for all new users.  Defaults to /bin/bash.
~~



Suggested fixes (mostly independent of each other):



1) Update the section quoted above from the useradd man page, since it's 
logically impossible for a default value to be "A or B" (where A is "the SHELL 
variable in /etc/default/useradd" and B is "an empty string").

2) Never user the empty string as the default shell. This causes weird problems 
for any login shell process of a user whose login shell is the empty string.

3) Have just one configuration file where the default shell is defined. Good 
places for this include: `/etc/default/useradd` or `/etc/adduser.conf`. Update 
the man pages `useradd`, `adduser`, `adduser.conf` and the comments in 
`/etc/default/useradd` and `/etc/adduser.conf` to document this behavior.


-- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-7-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages passwd depends on:
ii  libaudit1       1:2.6.7-2
ii  libc6           2.24-11+deb9u3
ii  libpam-modules  1.1.8-3.6
ii  libpam0g        1.1.8-3.6
ii  libselinux1     2.6-3+b3
ii  libsemanage1    2.6-2

passwd recommends no packages.

passwd suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

On Thu, Aug 16, 2018 at 03:38:49PM +0200, Damiano Boppart wrote:
> Debian has 3 default values for login shells for newly created user accounts. 
> There should be only one, and one that does not lead to weird behavior.
> 
> These are the three variants:
> 
> 1) /bin/bash
> 2) /bin/sh
> 3) '' (the empty string)
> 
> Option 1) is the result when the new user account is created with the program 
> `adduser`.
> 
> Option 2) is a possible result according to the documentation of `useradd`, 
> but it is not actually possible.
> 
> Option 3) is the result when the new user account is created with the program 
> `useradd`.

This got fixed in the past.

1 + 2 being different is explained in the comment of
/etc/default/useradd, and IMO should stay like this.

>From my PoV there is no "bug" remaining here, so I'll close the
report.

Thanks,
Chris

--- End Message ---

_______________________________________________
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel