Public bug reported: Before trying to delete a user, userdel checks if the user exists. The problem is that this check is done using getpwnam(), which will query all nss sources from /etc/nsswitch.conf.
If a system has, for example, LDAP enabled, and userdel is called with the name of a user that only exists in LDAP, it will pass that check, and userdel will proceed and try to delete that user, which will obviously fail. That might not sound like a big deal, but it is. As part of the checks it runs before deleting an user, it checks if there is any running process owned by that user. This means that it will do a getpwnam() call for each running process. On a busy machine, that can be thousands, and each one will trigger an LDAP lookup. Oops. Upstream fixed this in commit https://github.com/shadow- maint/shadow/commit/2c57c399bf0d2f06dc8a8fed244ec80667a671f1 Focal and later have this upstream version and are not affected. ** Affects: shadow (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: shadow (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: shadow (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: shadow (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1950370 Title: [bionic] userdel doesn't check for local users Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Bionic: New Bug description: Before trying to delete a user, userdel checks if the user exists. The problem is that this check is done using getpwnam(), which will query all nss sources from /etc/nsswitch.conf. If a system has, for example, LDAP enabled, and userdel is called with the name of a user that only exists in LDAP, it will pass that check, and userdel will proceed and try to delete that user, which will obviously fail. That might not sound like a big deal, but it is. As part of the checks it runs before deleting an user, it checks if there is any running process owned by that user. This means that it will do a getpwnam() call for each running process. On a busy machine, that can be thousands, and each one will trigger an LDAP lookup. Oops. Upstream fixed this in commit https://github.com/shadow- maint/shadow/commit/2c57c399bf0d2f06dc8a8fed244ec80667a671f1 Focal and later have this upstream version and are not affected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1950370/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp