Debian Bug report logs -
#1000478
dh-sysuser: User removal is never invoked (and the implementation is buggy)
Reported by: Andrea Bolognani <eof@kiyuko.org>
Date: Tue, 23 Nov 2021 21:09:02 UTC
Severity: important
Found in version dh-sysuser/1.3.5.1
Fixed in version dh-sysuser/1.3.6+really1.4.0
Done: Lorenzo Puliti <plorenzo@disroot.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, eof@kiyuko.org, Lorenzo Puliti <plorenzo@disroot.org>:
Bug#1000478; Package dh-sysuser.
(Tue, 23 Nov 2021 21:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Andrea Bolognani <eof@kiyuko.org>:
New Bug report received and forwarded. Copy sent to eof@kiyuko.org, Lorenzo Puliti <plorenzo@disroot.org>.
(Tue, 23 Nov 2021 21:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: dh-sysuser
Version: 1.3.5.1
Severity: important
X-Debbugs-CC: eof@kiyuko.org
Contrary to intention, users created by dh-sysuser are not actually
deleted when the package is purged.
Using the libvirt-dbus package, which I maintain, as an example:
$ grep libvirtdbus /etc/passwd /etc/group
$ sudo apt-get install -y libvirt-dbus
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
libvirt-dbus
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/61.2 kB of archives.
After this operation, 337 kB of additional disk space will be used.
Selecting previously unselected package libvirt-dbus.
(Reading database ... 226040 files and directories currently installed.)
Preparing to unpack .../libvirt-dbus_1.4.0-2_amd64.deb ...
Unpacking libvirt-dbus (1.4.0-2) ...
Setting up libvirt-dbus (1.4.0-2) ...
Processing triggers for dbus (1.12.20-3) ...
Processing triggers for man-db (2.9.4-2) ...
$ grep libvirtdbus /etc/passwd /etc/group
/etc/passwd:libvirtdbus:x:998:998:Created by dh-sysuser for libvirt-dbus:/nonexistent:/usr/sbin/nologin
/etc/group:libvirtdbus:x:998:
$ sudo apt-get remove --purge -y libvirt-dbus
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
libvirt-dbus*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 337 kB disk space will be freed.
(Reading database ... 226061 files and directories currently installed.)
Removing libvirt-dbus (1.4.0-2) ...
Processing triggers for dbus (1.12.20-3) ...
Processing triggers for man-db (2.9.4-2) ...
$ grep libvirtdbus /etc/passwd /etc/group
/etc/passwd:libvirtdbus:x:998:998:Created by dh-sysuser for libvirt-dbus:/nonexistent:/usr/sbin/nologin
/etc/group:libvirtdbus:x:998:
$
Looking at the code for sysuser-helper, the reason for this behavior
is pretty obvious:
command="${1}" ; shift
case "${command}" in
prerm)
case ${1:-} in
purge|abort-install)
rmdir --ignore-fail-on-non-empty "${CONF_HOME}"
if ! [ -d "${CONF_HOME}" ] ; then
if ! userdel --force "${CONF_USERNAME}" ; then
echo >&2 "warning: failed to remove ${CONF_USERNAME}. Proceeding anyway."
fi
fi
esac
esac
So users are deleted when sysuser-helper is called from prerm and the
operation is purge or abort-install. But deb-prerm(5) lists all
possible ways in which prerm can be invoked, and neither of the above
can happen. The result is that users created via dh-sysuser are never
deleted.
Additionally, the call to rmdir needs to be guarded by a check for
the /nonexistent scenario, just like the use of --create-home is for
the postinst part, because it will result in a script failure
otherwise:
$ sudo rmdir --ignore-fail-on-non-empty /nonexistent
rmdir: failed to remove '/nonexistent': No such file or directory
$ echo $?
1
$
--
Andrea Bolognani <eof@kiyuko.org>
Resistance is futile, you will be garbage collected.
[signature.asc (application/pgp-signature, inline)]
Message sent on
to Andrea Bolognani <eof@kiyuko.org>:
Bug#1000478.
(Sat, 27 Nov 2021 13:45:05 GMT) (full text, mbox, link).
Message #8 received at 1000478-submitter@bugs.debian.org (full text, mbox, reply):
Control: tag -1 pending
Hello,
Bug #1000478 in dh-sysuser reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian/dh-sysuser/-/commit/c8a427f813af3be9d922d1228370827dbe4839eb
------------------------------------------------------------------------
Fix user removal on purge
Move the snippet where the user is removed on purge from
prerm to postrm, where purge is actually performed by dpkg.
Thanks to Andrea Bolognani <eof@kiyuko.org>
Closes: #1000478
------------------------------------------------------------------------
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/1000478
Added tag(s) pending.
Request was from Lorenzo Puliti <noreply@salsa.debian.org>
to 1000478-submitter@bugs.debian.org.
(Sat, 27 Nov 2021 13:45:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Lorenzo Puliti <plorenzo@disroot.org>:
Bug#1000478; Package dh-sysuser.
(Sat, 27 Nov 2021 14:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Lorenzo <plorenzo@disroot.org>:
Extra info received and forwarded to list. Copy sent to Lorenzo Puliti <plorenzo@disroot.org>.
(Sat, 27 Nov 2021 14:03:05 GMT) (full text, mbox, link).
Message #15 received at 1000478@bugs.debian.org (full text, mbox, reply):
On Tue, 23 Nov 2021 21:59:18 +0100
Andrea Bolognani <eof@kiyuko.org> wrote:
Hi Andrea,
>
> Looking at the code for sysuser-helper, the reason for this behavior
> is pretty obvious:
>
> command="${1}" ; shift
> case "${command}" in
> prerm)
> case ${1:-} in
> purge|abort-install)
> rmdir --ignore-fail-on-non-empty "${CONF_HOME}"
> if ! [ -d "${CONF_HOME}" ] ; then
> if ! userdel --force "${CONF_USERNAME}" ; then
> echo >&2 "warning: failed to remove ${CONF_USERNAME}.
> Proceeding anyway." fi
> fi
> esac
> esac
>
> So users are deleted when sysuser-helper is called from prerm and the
> operation is purge or abort-install. But deb-prerm(5) lists all
> possible ways in which prerm can be invoked, and neither of the above
> can happen. The result is that users created via dh-sysuser are never
> deleted.
>
> Additionally, the call to rmdir needs to be guarded by a check for
> the /nonexistent scenario, just like the use of --create-home is for
> the postinst part, because it will result in a script failure
> otherwise:
>
> $ sudo rmdir --ignore-fail-on-non-empty /nonexistent
> rmdir: failed to remove '/nonexistent': No such file or directory
> $ echo $?
> 1
> $
>
Thank you for taking time to debug this :)
I'll fix it in the next version, for now it's here
https://salsa.debian.org/debian/dh-sysuser/-/tree/next
Unfortunately I had to move the purge logic in postrm so to actually fix
this bug you'll need to rebuild your package with
dh-sysuser >= 1.3.6+really1.4.0.. sorry for that.
Lorenzo
Reply sent
to Lorenzo Puliti <plorenzo@disroot.org>:
You have taken responsibility.
(Thu, 02 Dec 2021 17:06:06 GMT) (full text, mbox, link).
Notification sent
to Andrea Bolognani <eof@kiyuko.org>:
Bug acknowledged by developer.
(Thu, 02 Dec 2021 17:06:06 GMT) (full text, mbox, link).
Message #20 received at 1000478-close@bugs.debian.org (full text, mbox, reply):
Source: dh-sysuser
Source-Version: 1.3.6+really1.4.0
Done: Lorenzo Puliti <plorenzo@disroot.org>
We believe that the bug you reported is fixed in the latest version of
dh-sysuser, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1000478@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lorenzo Puliti <plorenzo@disroot.org> (supplier of updated dh-sysuser package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 24 Nov 2021 19:50:21 +0100
Source: dh-sysuser
Architecture: source
Version: 1.3.6+really1.4.0
Distribution: unstable
Urgency: medium
Maintainer: Lorenzo Puliti <plorenzo@disroot.org>
Changed-By: Lorenzo Puliti <plorenzo@disroot.org>
Closes: 1000478
Changes:
dh-sysuser (1.3.6+really1.4.0) unstable; urgency=medium
.
* Bump Standards-Version to 4.6.0 (no changes required)
* Update copyright year to 2021
* Do not attempt to remove nonexistent home as it will
cause postrm script failure
+ thanks to Andrea Bolognani <eof@kiyuko.org>
* Fix user removal on purge (Closes: #1000478);
the purge logic was wrongly placed in prerm, but
purge is only performed in postrm
+ thanks to Andrea Bolognani <eof@kiyuko.org>
* Run sysuser-helper in postrm only if it's installed;
we need this check now because sysuser-helper
may be not installed at postrm stage
* Keep sysuser-helper backward-compatible with
packages builded with dh-sysuser <=1.3.5.1
* Relax constrains on future versions of sysuser-helper:
the 'strictly minor' constrain over the next minor version
makes upgrades problematic and is the reason for
the '+really1.4.0' in this version. It makes more sense to
impose such constrain on the next major (non-backward
compatible) bump althought it's not clear if it will be of
any help smoothing a transition.
* Add sysuser-helper autopkgtest
Checksums-Sha1:
c49a1ce76de029581ba07fa2eef1725f4f29118e 1742 dh-sysuser_1.3.6+really1.4.0.dsc
0159b5fb2bdcead75845004bef1a9a34fb37dcb8 7160 dh-sysuser_1.3.6+really1.4.0.tar.xz
a964199d421d85dd955c0982a10150da2858e157 5505 dh-sysuser_1.3.6+really1.4.0_source.buildinfo
Checksums-Sha256:
57158f9ab1e119e50ba70cc69843871da543dea7a2bfe21eb9100af4469991a3 1742 dh-sysuser_1.3.6+really1.4.0.dsc
ba30d6cd1fc5dd0e721fddaf9c683fa439ee36fcf0c65bd3a5ae692fea32c2a6 7160 dh-sysuser_1.3.6+really1.4.0.tar.xz
abd8857ff9925c1c1503e304df65493a1839d885cf99553603a4ed64d8165f83 5505 dh-sysuser_1.3.6+really1.4.0_source.buildinfo
Files:
dc1e3646a54c116b966f629ed4d21e34 1742 admin optional dh-sysuser_1.3.6+really1.4.0.dsc
8680dccfac528013522d6e593a642b5b 7160 admin optional dh-sysuser_1.3.6+really1.4.0.tar.xz
006ad17886b31ec8ba733ff679c1297b 5505 admin optional dh-sysuser_1.3.6+really1.4.0_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAmGo9zYACgkQweDZLphv
fH4ISBAAwOxJOWQdW4pHcc6rqxuugY+nTq9/nyeDo+3KemBVILgyDO2fmkZeKt4k
jgPgnyUjQDM+V6MpxJDddu5CGqC9VZ7+aHiz4fX04bA6QPBkx9VKYmUp+6q4UrJs
CP7Fb0c+MgWtI0beuvJbcYG/xwgW1FCITWXh6ykRVax39Yrd1oT9KrgX76sME46V
P8nuPU6v5zlEy/vSUq10fwjtZVfW8/2ETTR4xFG11fV8kVpGL5fPwnozxj+/SfQk
hSQnGJ2pcb2qYVOc33760hTpltp2kFvTGVeOZrpH3xJ2sRqd19yC/uM3D09CPJ+o
ys+/xqvuV7X1fa7lI2QDDzUoqyFjsoHsa65Wkc1ExiFk7QeTTTv4YiVRuRnx9OAl
b2yPt1t1q9KYXqi5V09N16yqbfcRcaUhD9bcOz4JmfgoU4Od7a8YZ/i+jCbllQG5
JGvR92GW9Na58Z9N6rqGl8ufX+I3mXSSMSvO2sa3/FkRhYXYZui15mFw1VqAQaOi
uj492OGoGYdzlfUe7VuYd5fHLd3OPwaXOnKdQOy5nJSmMHFL5oOTmRMLQZkQShZ3
e9bX40+Ho9cbh86KdZAKiKgwP8MDfNawND+BT+CwD3naipIgoMaZZl1WB6jnKW5h
6agAEytU4eHC6Nfxw6B7ooXMfB5wohXOZoLn1hZwN9dYVd/V79Y=
=4Xar
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 06 Jan 2022 07:28:07 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Mon Sep 19 17:51:42 2022;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.