Package: util-linux Version: 2.20.1-5 I'm reporting this bug against util-linux, which seems to be the source package for the affected packages related to the libuuid user:
* libuuid1 * uuid-runtime Both of these packages manage the "libuuid" user. However, neither one of the sets a shell for the user. From the postinst scripts for both: $ grep useradd /var/lib/dpkg/info/libuuid1\:amd64.postinst useradd -d /var/lib/libuuid -K UID_MIN=$FIRST_SYSTEM_UID -K UID_MAX=$LAST_SYSTEM_UID -g libuuid libuuid $ grep useradd /var/lib/dpkg/info/uuid-runtime.postinst useradd -d /var/lib/libuuid -K UID_MIN=1 -K UID_MAX=499 -g libuuid libuuid These postinst scripts should have a "-s /usr/sbin/nologin" (or /bin/false), because this is clearly a "system" user - the home directory is in /var/lib, and the UID/GID are set to a low range. It would also be nice if the package included documentation that indicates why this user is needed, and what purpose this directory serves. I tried reading the util-linux source, but I couldn't find a definitive answer to this. I don't have a Debian system at the moment. I found this bug on Ubuntu, and reported it on launchpad, but I wanted to make sure that a similar bug was opened in Debian for tracking. Launchpad bug link for reference is: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1454897 Thank you -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
