Package: passwd Version: 1:4.5-1.1 Severity: normal Tags: patch Dear Maintainer(s):
The included patch helps the "pwck" command to function more helpfully on Debian by having it recognize the convention of using "/nonexistent" for the home directory of a user who intentionally does not have a home directory. This will allow "pwck" to properly succeed when some users have this string as their home directory. It will prevent a false failure and false error messages such as these: user 'lp': directory '/nonexistent' does not exist user 'news': directory '/nonexistent' does not exist user 'uucp': directory '/nonexistent' does not exist ... user 'www-data': directory '/nonexistent' does not exist user '_apt': directory '/nonexistent' does not exist user 'nobody': directory '/nonexistent' does not exist pwck: no changes The patch has already been accepted upstream. See the link below to the GitHub pull request for more discussion... https://github.com/shadow-maint/shadow/pull/251 The patch follows here: --- a/README +++ b/README @@ -69,6 +69,7 @@ Guy Maor <m...@debian.org> Hrvoje Dogan <hdo...@bjesomar.srce.hr> Jakub Hrozek <jhro...@redhat.com> Janos Farkas <che...@bankinf.banki.hu> +Jason Franklin <jason.frank...@quoininc.com> Jay Soffian <j...@lw.net> Jesse Thilo <jesse.th...@pobox.com> Joey Hess <j...@kite.ml.org> --- a/etc/login.defs +++ b/etc/login.defs @@ -295,7 +295,7 @@ CHFN_AUTH yes # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. # For backward compatibility, "yes" = "rwh" and "no" = "frwh". -# +# CHFN_RESTRICT rwh # @@ -383,6 +383,14 @@ CHFN_RESTRICT rwh DEFAULT_HOME yes # +# The pwck(8) utility emits a warning for any system account with a home +# directory that does not exist. Some system accounts intentionally do +# not have a home directory. Such accounts may have this string as +# their home directory in /etc/passwd to avoid a spurious warning. +# +NONEXISTENT /nonexistent + +# # If this file exists and is readable, login environment will be # read from it. Every line should be in the form name=value. # --- a/lib/getdef.c +++ b/lib/getdef.c @@ -105,6 +105,7 @@ static struct itemdef def_table[] = { {"MAIL_FILE", NULL}, {"MAX_MEMBERS_PER_GROUP", NULL}, {"MD5_CRYPT_ENAB", NULL}, + {"NONEXISTENT", NULL}, {"PASS_MAX_DAYS", NULL}, {"PASS_MIN_DAYS", NULL}, {"PASS_WARN_AGE", NULL}, --- a/man/Makefile.am +++ b/man/Makefile.am @@ -152,6 +152,7 @@ login_defs_v = \ MD5_CRYPT_ENAB.xml \ MOTD_FILE.xml \ NOLOGINS_FILE.xml \ + NONEXISTENT.xml \ OBSCURE_CHECKS_ENAB.xml \ PASS_ALWAYS_WARN.xml \ PASS_CHANGE_TRIES.xml \ --- a/man/login.defs.5.xml +++ b/man/login.defs.5.xml @@ -67,6 +67,7 @@ <!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml"> <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml"> <!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml"> +<!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml"> <!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml"> <!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml"> <!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml"> @@ -203,6 +204,7 @@ &MD5_CRYPT_ENAB; &MOTD_FILE; &NOLOGINS_FILE; + &NONEXISTENT; &OBSCURE_CHECKS_ENAB; &PASS_ALWAYS_WARN; &PASS_CHANGE_TRIES; --- /dev/null +++ b/man/login.defs.d/NONEXISTENT.xml @@ -0,0 +1,41 @@ +<!-- + Copyright (c) 1991 - 1993, Julianne Frances Haugh + Copyright (c) 1991 - 1993, Chip Rosenthal + Copyright (c) 2007 - 2009, Nicolas François + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the copyright holders or contributors may not be used to + endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +--> +<varlistentry> + <term><option>NONEXISTENT</option> (string)</term> + <listitem> + <para> + If a system account intentionally does not have a home directory + that exists, this string can be provided in the /etc/passwd + entry for the account to indicate this. The result is that pwck + will not emit a spurious warning for this account. + </para> + </listitem> +</varlistentry> --- a/man/pwck.8.xml +++ b/man/pwck.8.xml @@ -30,6 +30,7 @@ --> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ +<!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml"> <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml"> <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml"> <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml"> @@ -266,6 +267,7 @@ tool: </para> <variablelist> + &NONEXISTENT; &PASS_MAX_DAYS; &PASS_MIN_DAYS; &PASS_WARN_AGE; --- a/src/pwck.c +++ b/src/pwck.c @@ -527,12 +527,16 @@ static void check_pw_file (int *errors, * Make sure the home directory exists */ if (!quiet && (access (pwd->pw_dir, F_OK) != 0)) { + const char *nonexistent = getdef_str("NONEXISTENT"); + /* - * Home directory doesn't exist, give a warning + * Home directory does not exist, give a warning (unless intentional) */ - printf (_("user '%s': directory '%s' does not exist\n"), - pwd->pw_name, pwd->pw_dir); - *errors += 1; + if (NULL == nonexistent || strcmp (pwd->pw_dir, nonexistent) != 0) { + printf (_("user '%s': directory '%s' does not exist\n"), + pwd->pw_name, pwd->pw_dir); + *errors += 1; + } } } Thanks for considering this modification! Best wishes, Jason Franklin <jason.frank...@quoininc.com> -- System Information: Debian Release: 10.3 APT prefers stable-updates APT policy: (990, 'stable-updates'), (500, 'stable'), (100, 'unstable'), (10, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.5.0-0.bpo.2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages passwd depends on: ii libaudit1 1:2.8.4-3 ii libc6 2.28-10 ii libpam-modules 1.3.1-5 ii libpam0g 1.3.1-5 ii libselinux1 2.8-1+b1 ii libsemanage1 2.8-2 passwd recommends no packages. passwd suggests no packages. -- no debconf information
