Re: Question on the use of "/nonexistent"

[Russ Allbery]

Jason Franklin  writes:

> I suppose a note in the documentation could clarify things for users who
> may not be aware of these other usage scenarios.

Yeah, that occurred to me after sending my message and indeed would be a
great idea.  That may be the right way to close this bug (with a
documentation patch).

-- 
Russ Allbery (r...@debian.org)  

Re: Question on the use of "/nonexistent"

[Jason Franklin]

On Sat, 2021-12-18 at 19:22 +0100, Bill Allombert wrote:
> This seems to be a misunderstanding of the purpose of --no-create-home.
> This option does not say that the user does not have a home directory,
> but that it should not be created by adduser, and instead will be create
> later by some other procedure, for example by setting pam_mkhomedir
> to create it on first login, or by mounting a NFS filesystem on /home,
> etc.
> 
> In this bug report, users used --no-create-home but failed to create the
> home directory themselves.
> It seems that what they wanted to do was '--home /nonexistent'

Agreed.  I see the difference now.

I suppose I had thought that the discussion on this report happened
before the usage of /nonexistent was standard.

> I would suggest you add an option --no-homedir that do '--home /nonexistent'
> or whatever is appropriate and close this bug.

This is an interesting idea.  It would at least provide a distinction
for the intended result and it would guide people toward complying with
Debian Policy in the case that a user is not supposed to have a home
directory.

-- 
Jason Franklin

Re: Question on the use of "/nonexistent"

[Jason Franklin]

On Sat, 2021-12-18 at 10:16 -0800, Russ Allbery wrote:
> The documentation says simply:
> 
>--no-create-home
>   Do not create the home directory, even if it doesn't exist.
> 
> Passing --no-create-home therefore does not *change* the home directory,
> and should not change the home directory, since that would defeat its
> entire purpose.  The home directory is still set the same as before,
> including any defaults.  adduser just doesn't try to create it or check if
> it exists, because this should be handled external to adduser.
> 
> If a user should have a nonexistent home directory, --home /nonexistent
> should be passed to adduser.

I follow you.  This is an important distinction.

I suppose a note in the documentation could clarify things for users who
may not be aware of these other usage scenarios.

Thanks!

-- 
Jason Franklin

Re: Question on the use of "/nonexistent"

[Bill Allombert]

On Sat, Dec 18, 2021 at 12:51:56PM -0500, Jason Franklin wrote:
> Greetings:
> 
> I am a developer who is new to making contributions to Debian.  Most of
> my work so far has been focused on making improvements to the "adduser"
> package.  Of course, bug triage is one of the first things on which I am
> trying to show progress.
> 
> On the relevant BTS page, I came across this bug:
> 
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=152195
> 
> A summary of this bug is below...
> 
>   # adduser --system --no-create-home foo
>   # getent passwd foo
>   foo:x:130:65534::/home/foo:/usr/sbin/nologin
> 
> As you can see, "/home/foo" is named as the new user's home directory,
> but that directory is not created due to the "--no-create-home" option.
> 
> This was reported many years ago and was given the "wontfix" tag.  I
> believe this should be reversed since Debian policy now has this to
> say...
> 
>   
> https://www.debian.org/doc/debian-policy/ch-opersys.html#non-existent-home-directories
> 
> I hope to see that, whenever possible, the "adduser" tools conform to
> Debian Policy when managing the addition and removal of users and
> groups.

This seems to be a misunderstanding of the purpose of --no-create-home.
This option does not say that the user does not have a home directory,
but that it should not be created by adduser, and instead will be create
later by some other procedure, for example by setting pam_mkhomedir
to create it on first login, or by mounting a NFS filesystem on /home,
etc.

In this bug report, users used --no-create-home but failed to create the
home directory themselves.
It seems that what they wanted to do was '--home /nonexistent'

I would suggest you add an option --no-homedir that do '--home /nonexistent'
or whatever is appropriate and close this bug.
Or you can close this bug without adding a new option. It mostly have
hostorical value now.

Cheers,
Bill.

Re: Question on the use of "/nonexistent"

[Russ Allbery]

Jason Franklin  writes:

> I am a developer who is new to making contributions to Debian.  Most of
> my work so far has been focused on making improvements to the "adduser"
> package.  Of course, bug triage is one of the first things on which I am
> trying to show progress.

> On the relevant BTS page, I came across this bug:

>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=152195

> A summary of this bug is below...

>   # adduser --system --no-create-home foo
>   # getent passwd foo
>   foo:x:130:65534::/home/foo:/usr/sbin/nologin

> As you can see, "/home/foo" is named as the new user's home directory,
> but that directory is not created due to the "--no-create-home" option.

> This was reported many years ago and was given the "wontfix" tag.

I don't think this is a bug at all and should just be closed.  I believe
people are misunderstanding what --no-create-home means.

The point of the --no-create-home option is that the administrator wants
to handle the home directory creation themselves rather than have adduser
do it.  This is common when /home comes from a shared network file system,
for example, where adduser will likely not have permissions to create the
home directory.  It can also come up in other situations, such as
automounted home directories.

The documentation says simply:

   --no-create-home
  Do not create the home directory, even if it doesn't exist.

Passing --no-create-home therefore does not *change* the home directory,
and should not change the home directory, since that would defeat its
entire purpose.  The home directory is still set the same as before,
including any defaults.  adduser just doesn't try to create it or check if
it exists, because this should be handled external to adduser.

If a user should have a nonexistent home directory, --home /nonexistent
should be passed to adduser.

-- 
Russ Allbery (r...@debian.org)  

Question on the use of "/nonexistent"

[Jason Franklin]

Greetings:

I am a developer who is new to making contributions to Debian.  Most of
my work so far has been focused on making improvements to the "adduser"
package.  Of course, bug triage is one of the first things on which I am
trying to show progress.

On the relevant BTS page, I came across this bug:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=152195

A summary of this bug is below...

  # adduser --system --no-create-home foo
  # getent passwd foo
  foo:x:130:65534::/home/foo:/usr/sbin/nologin

As you can see, "/home/foo" is named as the new user's home directory,
but that directory is not created due to the "--no-create-home" option.

This was reported many years ago and was given the "wontfix" tag.  I
believe this should be reversed since Debian policy now has this to
say...

  
https://www.debian.org/doc/debian-policy/ch-opersys.html#non-existent-home-directories

I hope to see that, whenever possible, the "adduser" tools conform to
Debian Policy when managing the addition and removal of users and
groups.

So, my question is: Should "/nonexistent" be listed in /etc/passwd when
the "adduser" command creates a new user without a home directory?  If
so, I can confirm that bug and eventually get to work on it. :)

The Debian Policy wording is a bit confusing here...

  The canonical non-existent home directory is /nonexistent. Users
  who should not have a home directory should have their home
  directory set to this value.

As you see, it says "Users who should not..." rather than "Users who do
not...", which has a different meaning to me.  Is "/nonexistent" for
users who should never have a home directory or for users who currently
do not have a home directory but may have one in the future?

Any clarity that can be provided on this last point will be a great help
to me.

Thanks in advance!

-- 
Jason Franklin