Package: passwd
Version: 1:4.4-4.1
Severity: normal

Dear Maintainer,

Debian has 3 default values for login shells for newly created user accounts. 
There should be only one, and one that does not lead to weird behavior.

These are the three variants:

1) /bin/bash
2) /bin/sh
3) '' (the empty string)

Option 1) is the result when the new user account is created with the program 
`adduser`.

Option 2) is a possible result according to the documentation of `useradd`, but 
it is not actually possible.

Option 3) is the result when the new user account is created with the program 
`useradd`.



Related bugs:

* #892098 "passwd: useradd in Jessie creates user with empty string as shell"
  Issue #892098 is discussed here as well, but in a larger context.

* #897028 "passwd: typo in comment in file /etc/default/useradd"
  Issue #897028 would be fixed by implementing suggested fix 3) detailed below.



The relevant information and documentation excerpts:



useradd is part of package `passwd`.

Documentation for the option `--shell` from the `useradd` man page:

~~
The name of the user's login shell. The default is to leave this field blank, 
which causes the system to select the default login shell specified by the 
SHELL variable in /etc/default/useradd, or an empty string by default.
~~

Relevant snippet from `/etc/default/useradd`:

~~
# The SHELL variable specifies the default login shell on your
# system.
# Similar to DHSELL in adduser. However, we use "sh" here because
# useradd is a low level utility and should be as general
# as possible
SHELL=/bin/sh
~~



adduser is part of package `adduser`.

Documentation for the option `--shell` from the `adduser` man page:

~~
Use SHELL as the user's login shell, rather than the default specified by the 
configuration file.
~~

>From the `adduser.conf` man page:

~~
DSHELL The login shell to be used for all new users.  Defaults to /bin/bash.
~~



Suggested fixes (mostly independent of each other):



1) Update the section quoted above from the useradd man page, since it's 
logically impossible for a default value to be "A or B" (where A is "the SHELL 
variable in /etc/default/useradd" and B is "an empty string").

2) Never user the empty string as the default shell. This causes weird problems 
for any login shell process of a user whose login shell is the empty string.

3) Have just one configuration file where the default shell is defined. Good 
places for this include: `/etc/default/useradd` or `/etc/adduser.conf`. Update 
the man pages `useradd`, `adduser`, `adduser.conf` and the comments in 
`/etc/default/useradd` and `/etc/adduser.conf` to document this behavior.


-- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-7-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages passwd depends on:
ii  libaudit1       1:2.6.7-2
ii  libc6           2.24-11+deb9u3
ii  libpam-modules  1.1.8-3.6
ii  libpam0g        1.1.8-3.6
ii  libselinux1     2.6-3+b3
ii  libsemanage1    2.6-2

passwd recommends no packages.

passwd suggests no packages.

-- no debconf information

Reply via email to